Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > New Mac malware somehow gets past Gatekeeper

New Mac malware somehow gets past Gatekeeper
Thread Tools
Moderator
Join Date: Aug 2001
Location: Location: Location:
Status: Offline
Reply With Quote
Mar 12, 2013, 11:41 AM
 
Ars Technica reports on the recent malware outbreak at Apple, Facebook, Twitter, etc.
OMG!!! We did it!!!!
     
Addicted to MacNN
Join Date: Aug 2006
Location: God's Country
Status: Offline
Reply With Quote
Mar 12, 2013, 12:23 PM
 
Been saying this for years - security through obscurity is only going to work for so long before OS X starts being targeted by malware and virus developers.
     
Addicted to MacNN
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Mar 12, 2013, 12:47 PM
 
I never bought into that argument. For years Mac users were typically less careful, less IT savvy and far more wealthy than Windows users. They would have made easy marks for someone 10 years ago, but no-one ever seemed to figure that out. Or maybe exploiting them really was easier said than done.
I have plenty of more important things to do, if only I could bring myself to do them....
     
Junior Member
Join Date: May 2001
Location: Collinsville, IL, USA
Status: Offline
Reply With Quote
Mar 12, 2013, 03:11 PM
 
Originally Posted by shifuimam View Post
Been saying this for years - security through obscurity is only going to work for so long before OS X starts being targeted by malware and virus developers.
Baloney
     
Mac Enthusiast
Join Date: Nov 2005
Location: New York City
Status: Offline
Reply With Quote
Mar 12, 2013, 03:20 PM
 
Originally Posted by lkrupp View Post
Baloney
I agree.
Mac Pro 3.2x8 - 48GB - EVGA GTX 680 - Apple Remote - Dell 3007WFP-HC
MacBook 2GHz - C2D - 6GB - GMA X3100
Mac mini 2.33GHz C2D - 4GB - GMA950 - 2 Drobos - SS4200 (unRAID)
iPhone 5 + iPhone 4 S⃣
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Mar 12, 2013, 06:49 PM
 
Originally Posted by shifuimam View Post
Been saying this for years - security through obscurity is only going to work for so long before OS X starts being targeted by malware and virus developers.
Security through obscurity never works in the long run, but Apple has never shipped an OS so fundamentally insecure as some of the older Windows versions. XP Home shipped with network ports open by default and the only possible user configuration working at full System privileges (as in more powerful than even the administrator account on Windows usually). I'm not talking about bugs - MS has them, everyone has them, and with a few flagrant exceptions (early versions of ASP, for instance) they were never worse than anyone else - but the fundamental OS design was hilariously broken from a security standpoint. They've really cleaned up their game recently, though.

Apple's design isn't so bad these days, but their weakness is their short support cycles. They need to keep releasing updates for included software when bugs are found upstream - that's usually where the malware sneaks in.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Fresh-Faced Recruit
Join Date: Feb 2006
Location: Canada
Status: Offline
Reply With Quote
Mar 13, 2013, 11:24 AM
 
The problem was with Java, not Mac OS X itself which is how it got past Gatekeeper. "Gatekeeper does not apply to command-line tools like java, javac, javah and so on. When you install the JDK nothing extra needs to be done if you plan to use it to run a server, Maven, or any similar tool."
I do find it somewhat amusing that this particular vulnerability targeted the more techy people (developers & IT people are the most likely to have Java installed & enabled).
With Apple not including Java by default since Lion, and with updates for 10.6 disabling the earlier version, this has improved security for this exact problem.

In theory if Oracle worked with the OS companies, the next Java could be in a Sandbox. While this would impact some programs, most wouldn't be impacted by a sandbox, and it would drastically increase security (as has been seen by sandboxing web browser plugins - possible to work around, but requires much more effort)

Of course, the security issues mentioned above are mostly true with Windows as well, on its own, there aren't too many holes in Win7/Win8 either, it tends to be through a 3rd party plugin/system (and requiring user interaction - at the least going to an infected site, although when Mac OS X kicks up a username & password request, it does cause most people to think for a second, with windows it is just a Continue or Cancel button - far easier to get in the habit of just hitting Continue)
     
Fresh-Faced Recruit
Join Date: Feb 2006
Location: Canada
Status: Offline
Reply With Quote
Mar 13, 2013, 11:32 AM
 
Originally Posted by P View Post
<...>
Apple's design isn't so bad these days, but their weakness is their short support cycles. They need to keep releasing updates for included software when bugs are found upstream - that's usually where the malware sneaks in.
They are still updating security for 2 previous OS versions - including their own Java 6 (which right now works out to about 3.5 years, typically it is closer to 5 years which is about how long hardware is supported as well - since about '98/'99. It doesn't look like 10.9 will be out nearly as quickly as 10.8 was, so 10.6 updates will likely continue until around the same average)

They do tend to have some delays with security updates, but I do expect this to improve under Tim Cook as time goes on (Jobs always kept a smaller development team going from project to project, while these "stars" may continue to be primary development, I expect that there will be more teams setup to maintain projects)
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Mar 13, 2013, 02:26 PM
 
Apple only updated their own Java 6 after having been hacked - very publicly so. We don't know if they will keep supporting SL - there has indeed been one non-Java update to SL after the ML release, but one datapoint does not make a trend. Leopard got a single update after the release of Lion, but that was a trivial update to disable out-of-date browser plugins without fixing the known upstream bugs that were already fixed in SL.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Addicted to MacNN
Join Date: Aug 2006
Location: God's Country
Status: Offline
Reply With Quote
Mar 16, 2013, 12:10 PM
 
Originally Posted by P View Post
Security through obscurity never works in the long run, but Apple has never shipped an OS so fundamentally insecure as some of the older Windows versions...but the fundamental OS design was hilariously broken from a security standpoint. They've really cleaned up their game recently, though.

Apple's design isn't so bad these days, but their weakness is their short support cycles. They need to keep releasing updates for included software when bugs are found upstream - that's usually where the malware sneaks in.
I definitely agree. Windows was laughably insecure for a long time. On the other hand, it taught enterprise IT professionals early and often to be on the lookout for things and be aware of what kind of malicious software was out there.

One of the problems with OS X is that a lot of users do believe that their computer is immune to malware simply because "Macs don't get viruses". When I still worked at Apple, one of my customers was shocked to find out that a particularly nasty bit of malware (Conduit, IIRC) had overtaken his machine, and it took nearly an hour to find all the parts and remove it from his system.

Complacency in IT security helps nobody.

Originally Posted by P View Post
Apple only updated their own Java 6 after having been hacked - very publicly so. We don't know if they will keep supporting SL - there has indeed been one non-Java update to SL after the ML release, but one datapoint does not make a trend. Leopard got a single update after the release of Lion, but that was a trivial update to disable out-of-date browser plugins without fixing the known upstream bugs that were already fixed in SL.
This DRIVES ME CRAZY. I hate, hate, hate that Apple had godlike control over Java for their OSes for so many years. I need JRE 6 on PowerPC, but they dropped it. I'd like to update Java on my old Macs running various versions of Classic, but I can't even download the versions that were officially available, because they were only released through Apple.

Not to mention that things like security updates end up missing from older versions of OS X simply because Apple has dropped support. JRE 6 and 7 are still fully supported on Windows XP, which was released a month after OS X 10.1. Meanwhile you're completely SOL if you have PPC or are running SL (possibly).
     
Addicted to MacNN
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Mar 16, 2013, 07:01 PM
 
Out of interest, what are you doing that needs JRE 6 on PPC?
I have plenty of more important things to do, if only I could bring myself to do them....
     
Addicted to MacNN
Join Date: Aug 2006
Location: God's Country
Status: Offline
Reply With Quote
Mar 16, 2013, 08:47 PM
 
I can't even remember now. There was some Java application I wanted to get working on one of my old Macs, I think. I can't remember for the life of me what it was, though.
     
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Mar 19, 2013, 07:38 AM
 
Security is a balance between safety and convenience. Apple manages it well, compared to everybody else. But adding things like Java to the mix (convenience) requires a compromise of safety.

I concur that obscurity is a bad security tool, but Apple doesn't use his as much (intentionally) as Microsoft does (intentionally or otherwise) through their rats' nest of interdependent libraries.

But Mac users DO tend to be smug about how "safe" OS X is, and thus pretty insecure themselves.

Computer security is not an OS, not a tool kit, and not a bunch of buzz words. It is a combination of the OS, programming practices, AND users taking reasonable precautions. Leave any one of those out, and the system's security level plummets.

Glenn -----OTR/L, MOT, Tx
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Mar 19, 2013, 10:48 AM
 
It's not just Java. Apple includes a bunch of libraries that stem from open source projects, and then link them to everything. zlib is one such example - a simple compression library that is included in several frameworks. Now and then there are security holes found in such libraries - zlib in particular seems to have had more than its fair share - and Apple needs to update their OS to include the latest version. If Apple updates a single framework for the same bug in 10.6 and 10.7 and includes a reference to the CVE for a bug in zlib, that makes it quite obvious that a) zlib is included in that framework, and in all likelihood always has been, and b) a specific bug in zlib is in all likelihood exploitable in OS X, using a method described in that CVE. It's basically a manual for how to exploit 10.5 and earlier. That's what bugs me. It shouldn't be so hard to make such updates available for earlier versions as well - or at least make it clear that OSes older than so-and-so are not be considered secure anymore.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 08:03 PM.
All contents of these forums © 1995-2014 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2014, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2