[SMacTech]

Originally posted by ism:
OK reading this is interesting, how would any of you recommend moving from an admin account to a normal user account?

Uncheck the "allow user to administer this computer" check button in the Security tab for that user.

[ism]

Originally posted by SMacTech:
Uncheck the "allow user to administer this computer" check button in the Security tab for that user.

Can't do that in 10.2 (forgot to mention that one) if it's the first default (admin) account. I was hoping for that. Unless it is that easy and I'm doing something wrong.

I could just create a new normal account and copy my whole home directory over, but this is going to leave me with a new user name for my normal account. But perhaps I can sort all that out later through netinfo?

[Richard Edgar]

What backup script is this?

Any backup script which is going to back up the whole filesystem - or even all of the home directories. To do that, they have to run as root.... and that means that the backup script acquires the power to delete any file on the system.... not to mention open ports, change the login program.....

[Person Man]

Originally posted by utidjian:
Don't run it on your employers system. There is nothing illegal about a regular user running "nidump passwd . >passes.txt" and sending that file to your own laptop for grinding. At least Apple doesn't seem to think so.

hehe, I'd like to see someone actually do this. You still couldn't tell your employer what you've done (How many non-admin jobs allow you access to the password file on all users that use a system?). You'd still get in trouble if you tried to tell them what you did.

[Person Man]

Originally posted by qyn:
OK, I'm apologize to all involved parties, but the example of the 4-year-old is kind of ridiculous. Is this how we reason about security?

No, I brought up that example to show that a "one-size-fits-all-strong-security-all-the-time" security model is not the "only" way to approach computer security, especially not for the average home user.

Having a computer force a rigid set of security parameters is only going to annoy most people who don't generally care about the mechanics behind security. A 4 year old who uses a computer only for games and never surfs the internet does not need a strong password.

Mac OS X, in its out of the box state, is generally more secure than Windows XP in its out of the box state, if you take the standpoint of which system services are on by default, and looking at the user model. It is true, however, that Apple's utilization of the Unix permissions model may not be what today's fully-qualified Unix System Administrator uses. It's more of a compromise between security and convenience, even if heavily weigted towards convenience.

The beauty of it is that the end user gets to decide just how secure they want to be. For some people, running as an "Administrator" user (as defined by Apple) is more convenient than running as a "regular" user, and are willing to accept the increased security risks involved. For other people, they can configure their system to be more secure, and don't mind the loss of convenience.

Still, as I have said above, Apple can still allow the same flexibility, while at the same time, giving suggestions at setup time to allow people (who might otherwise not know how to do it) to be more secure than they would have been without the suggestions. This is why I say the system shouldn't FORCE people to take certain security precautions, because there will always be usage situations where the forced option doesn't make sense and therefore becomes more of an inconvenience (i.e. the inconvenience outweighs the security benefit-- this is HIGHLY subjective, what may not be an inconvenience to you may be a show-stopper to someone else).

Along the lines of making suggestions, perhaps the operating system should ask (during setup) what type of operating environment the computer is in (home, school, business), how many users there will be, what type of information will be on the system, etc, and then configure the system's security recommendations based on that information. Regardless, the system should ask if you want to follow the recommendations, and even give warnings about disregarding them, but the user should ultimately be allowed to decide to shoot themselves in the foot if that's what they really want to do.

[Person Man]

Originally posted by ism:
Can't do that in 10.2 (forgot to mention that one) if it's the first default (admin) account. I was hoping for that. Unless it is that easy and I'm doing something wrong.

I could just create a new normal account and copy my whole home directory over, but this is going to leave me with a new user name for my normal account. But perhaps I can sort all that out later through netinfo?

No, just create another account and set it to be an Administrator (OS X lets you have multiple administrator accounts), and then go to your original account and uncheck the "Allow this user to administer this computer" box. It should let you do it then. You have to have at least one Administrator at all times.

[Person Man]

The admin user is still a user where the consequences of their actions can affect all users of that system. That person should not be logged in as that user all the time they are just using the system.

Yes, but again, look at your typical "home" setup (assuming only one computer in the family). One or two accounts for the parents (either or both set up as Administrators), and one or more regular accounts for each child (at least, this is how I would set it up). So, it doesn't really matter what the consequences would be.

How do my parents use the computer? One account, as administrator. That's how it was in Mac OS 9, and that's how they want it for OS X. My father doesn't use the computer for anything except reading his Greek news websites and organizing his music in iTunes. My mother uses it for everything. Neither of them cares about having their files or documents separate from each other, nor would they keep secrets from each other on the computer. Neither of them cares if the other screws up the computer or even deletes the other's files by mistake, because they have a son (me) who set it to back up their files overnight automatically, and who can log in remotely to fix any "major" problems. The administrator account still protects them from deleting a file needed by the system to boot.

[utidjian]

Originally posted by Richard Edgar:
Any backup script which is going to back up the whole filesystem - or even all of the home directories. To do that, they have to run as root.... and that means that the backup script acquires the power to delete any file on the system.... not to mention open ports, change the login program.....

Again I ask... what backup script is this? Do you have a particular example in mind? For a backup script to work it has to be able to read the files and/or filesystem it is backing up (duh). It is certainly not a requirement that it be able to delete any file or filesystem. On a Unix system, in order to be able to read all files within a filesystem (such as home) it will have to run with root privileges. The filesystem that is being backed up can even be mounted read-only.

Why would one even make backup script that will "open ports" or "change a login program" ?

[Love Calm Quiet]

Looks like we may get a chance to EXPERIENCE the possibilities, according to today's MacNN:
"Intego warns of Trojan Horse for OS X, offers update
Intego today said it released an updated virus definitions for Intego VirusBarrier to protect Mac users against the first Trojan horse that affects Mac OS X. This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files: "The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X. Intego says the malicious application can delete files, propogate itself by sending a message to other users, and also infect other MP3, JPEG, GIF or QuickTime files..."

[osiris]

Originally posted by Love Calm Quiet:
Looks like we may get a chance to EXPERIENCE the possibilities, according to today's MacNN:
"Intego warns of Trojan Horse for OS X, offers update
Intego today said it released an updated virus definitions for Intego VirusBarrier to protect Mac users against the first Trojan horse that affects Mac OS X. This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files: "The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X. Intego says the malicious application can delete files, propogate itself by sending a message to other users, and also infect other MP3, JPEG, GIF or QuickTime files..."

Saw the report on MacNN (not attacking you Love Calm Quiet)

I hope this is a bogus report, which I think it is. How is an MP3 file going to change itself into an application, or access self-executable code, from the contents of the MP3 itself? How does one activate this beast - playing in iTunes, or doubleclicking?

If the MP3Concept is merely a script that looks like an mp3, and the user double clicks it, then I could see the potential threat. Maybe an Applescript... or a compiled else -ware, not really a virus. It makes no sense, unless someone has been reading this forum and got a goofy idea... but...


Until I see, I won't believe it. I can't seem to find any other reports anywhere, not even the above quote from Intego.

[Millennium]

Originally posted by Person Man:
No, I brought up that example to show that a "one-size-fits-all-strong-security-all-the-time" security model is not the "only" way to approach computer security, especially not for the average home user.

And your example fails.

One-size-fits-all may not be the only answer. Strong-security-all-the-time, on the other hand, is the only answer. Nothing else will stop hacks.

Having a computer force a rigid set of security parameters is only going to annoy most people who don't generally care about the mechanics behind security. A 4 year old who uses a computer only for games and never surfs the internet does not need a strong password.

Yes, she does, because she is not the only user on her machine.

The beauty of it is that the end user gets to decide just how secure they want to be.

This is the problem with it, not the beauty of it. If you don't have intimate knowledge of computer security, then you have no business defining the security of your machine -no, not even your own personal machine- because you will screw up.

The idea that convenience should ever trump security where computers are concerned is one of the four great lies upon which Microsoft's success is built. You propagate that lie.

For some people, running as an "Administrator" user (as defined by Apple) is more convenient than running as a "regular" user, and are willing to accept the increased security risks involved.

Your example fails, because an Administrator-class user is necessary for the machine to work properly. Even if it's not being used, it's still there, and as long as the account exists, it doesn't have to be logged in to be hacked. There is no real difference between a user which is logged in and a user which isn't.

OK, I take that back; there is a very slight added risk, because of the possibility of fake password dialogs in the current incarnation of OSX. This is why Apple needs to implement the requirement of a non-maskable key before the password can be input (similar to how Windows XP requires you to press Ctrl-Alt-Delete before putting your password, except the user should not be able to turn this off). This would allow for Administrator-class users to demonstrate no increased risk over any other kind of user.

Forced security can be a nuisance, however it is very much a necessity. Time and time again, users have proven that they will not do it by themselves, and this has had disastrous consequences.

...but the user should ultimately be allowed to decide to shoot themselves in the foot if that's what they really want to do.

Not when security is concerned, they shouldn't, because their decision affects more than just themselves. A hacked box is nothing more than a jumping-off point to do even more Bad Stuff, and it is never in the interest of the user to increase his risk and those of everyone around him.

[Person Man]

Originally posted by Millennium:
And your example fails.

<snip>

I guess we'll just have to agree to disagree on this issue, then.

Besides, I doubt Apple will ever force strong security on people anyway. But, hopefully even you would agree that making a suggestion on how to choose a strong password will help some people to do so.

[qyn]

Originally posted by osiris:
I hope this is a bogus report, which I think it is. How is an MP3 file going to change itself into an application, or access self-executable code, from the contents of the MP3 itself? How does one activate this beast - playing in iTunes, or doubleclicking?

Until I see, I won't believe it. I can't seem to find any other reports anywhere, not even the above quote from Intego.

My thoughts exactly. And google turned up no other references. Anyone have any idea how this thing is supposed to execute?

[Red Wolf]

Originally posted by qyn:
My thoughts exactly. And google turned up no other references. Anyone have any idea how this thing is supposed to execute?

There have been virus that disguised themselves has MP3 files in the past on Windows and Linux.

According to MacMinute's article the virus code is in the ID3 tag of an MP3. The hidden code is an application. When you double click on the MP3 it launches the application and then it plays the music to make you think everything is okay.

If this report came out 7 days ago I would have laughed, but MacMinute and MacNN don't even carry strongly supported rumors until something has been officially revealed to the press. Granted this is based on a press report from Intego and it probably sounds worst than it is but OS X has been virus free for over three years... if this isn't it something else will eventually hit.

[Person Man]

Originally posted by qyn:
My thoughts exactly. And google turned up no other references. Anyone have any idea how this thing is supposed to execute?

Ok. here's the deal, as far as I have been able to tell:

The file is apparently composed of two parts: a resource fork and a data fork. The data fork is composed of an actual MP3 file, but also apparently a CFM application is tucked into one of the ID3 tags, and the code is "physically" positioned in the file in the way an application is supposed to look to the operating system. It has the extension .mp3 (not .mp3.app-- apparently even OS X would NOT hide the .app part of a "double extension")

Back before OS X, all files had a creator and filetype metadata associated with it. OS X still recognizes this. If the filetype (stored in the directory info for the file) is "APPL" the operating system recognizes it as an application. This file has that attribute set. OS X looks to the filename extension only if the filetype metadata attribute is empty or missing. The CFM application depends on information in the resource fork as well, so if the resource fork is missing, the application will not run.

Not having seen the file myself, I would be willing to bet that the MP3 icon is stored in the resource fork of the file (OS X looks for a resource fork or externally stored custom icon first, and if one is not found, uses the filetype metadata to determine file type and if that is missing or empty falls back on the file name extension to display the icon).

The file would HAVE to have it's own icon in the resource fork, otherwise OS X will see the APPL filetype metadata and display the "generic application" icon instead of the MP3 icon (because of the order in which the operating system looks for information).

The trojan takes advantage of the way OS X is set up in determining what a file is. And OS X is set up that way in order to be more backwards compatible. Perhaps the filetype and creator metadata will go away in a future version of the OS. Who knows?

Hope this makes sense.

[piracy]

Originally posted by qyn:
My thoughts exactly. And google turned up no other references. Anyone have any idea how this thing is supposed to execute?

To reiterate what I said in another thread:

This is basically a little Classic/Carbon oversight catching up with us.

The file extension is not hidden: the full name of the file is "filename.mp3". The Mac OS X Finder uses the file extension information to judge how it is displayed to the user, i.e., with the standard mp3 icon, appearing as a normal mp3 file. However, the CFM metadata speaks differently: the file has a type of APPL, identifying it as an application. The launch behavior (i.e., what happens when it's double clicked) trumps the display behavior (i.e,, a normal mp3). This is essentially nothing more than a CFM application with an mp3 extension and Finder icon. (It's actually a little more...it can be a valid mp3, but with a PowerPC code fragment embedded in the ID3 section - which is executed by the OS).

A minor update in how the OS displays and handles these special-case items - items with APPL types, but inappropriate extensions such as mp3, jpg, etc - can easily solve this predicament.

-----

Additionally, moving this file by any means without special consideration of the resource fork (.sit, .bin) will render the file useless.

It is easily identified as an application; the Finder's Get Info and the preview both identify it as an application. The problem is that simply sitting on your desktop, it looks like a normal mp3...and a user may double click it, executing the trojan's payload. A proof of concept of this trojan is here: http://www.scoop.se/~blgl/virus.mp3.sit

A simple reworking of how the OS handles this will fix the problem.

I want to be clear: due to the way Mac OS X currently displays items according to file extension, there is a conflict between how the file appears to the user (as an mp3 in name and icon appearance), when in acuality it is an application with type APPL. This is indeed an oversight, but doesn't represent some type of major flaw. Like any other potential issue, this will be fixed.

Bottom line: this is not "ironic", nor does it represent any serious security problem with OS X. It is merely an issue that needs to be resolved, as Apple has done conscientiously with security issues. Mac OS X is a fundamentally more secure OS for a variety of reasons, and it is NOT because of low market share or installed base - it is because of fundamentally different design philosophies in the architecture and configuration of the OS. But issues can and will arise with OS X now and again, and they will be resolved.

[Richard Edgar]

Again I ask... what backup script is this? Do you have a particular example in mind? For a backup script to work it has to be able to read the files and/or filesystem it is backing up (duh). It is certainly not a requirement that it be able to delete any file or filesystem. On a Unix system, in order to be able to read all files within a filesystem (such as home) it will have to run with root privileges. The filesystem that is being backed up can even be mounted read-only.

Why would one even make backup script that will "open ports" or "change a login program" ?

Despite touting it, you really don't seem to grasp the concept of 'least priviledge' do you? No, I don't know of any back up scripts that go around deleting files and opening ports, but that's irrelevant. As you say yourself the back up script has to run with root priviledges. That means that it has the power to delete files at will (plus all the other nastiness I mentioned) which it does not require for its task. As for mounting the filesystem 'read only' .... that's utterly laughable. The script is root. It can unmount it, and remount it as read/write if it chooses. Nothing can stop it. This means that if the back up system can be compromised, the whole machine is compromised. Hardly 'least priviledge.' There is no way in which a decent back up script under Unix can respect the principles of 'least priviledge' - the security model is not sophisticated enough.

[ism]

Originally posted by Person Man:
No, just create another account and set it to be an Administrator (OS X lets you have multiple administrator accounts), and then go to your original account and uncheck the "Allow this user to administer this computer" box. It should let you do it then. You have to have at least one Administrator at all times.

Been trying to reply for ages, for some reason it won't let me. This worked a treat. Ta! Create new admin account, login under it, uncheck admin access from old one. I had assumed you could uncheck your own admin access once a new admin account existed, but I guess that makes no sense. A few issues with BBEDIT requesting serial numbers again, but everything else is fine.

[utidjian]

Originally posted by Richard Edgar:
Despite touting it, you really don't seem to grasp the concept of 'least priviledge' do you?

Hmmmm....

No, I don't know of any back up scripts that go around deleting files and opening ports, but that's irrelevant.

Then why did you bring it up?

As you say yourself the back up script has to run with root priviledges.

Actually, it is a very common practice for the backup script to NOT have root privileges on the machine being backed up.

That means that it has the power to delete files at will (plus all the other nastiness I mentioned) which it does not require for its task.

But somehow this is "irrelevant", right?

As for mounting the filesystem 'read only' .... that's utterly laughable. The script is root. It can unmount it, and remount it as read/write if it chooses. Nothing can stop it. This means that if the back up system can be compromised, the whole machine is compromised. Hardly 'least priviledge.' There is no way in which a decent back up script under Unix can respect the principles of 'least priviledge' - the security model is not sophisticated enough.

Indeed...

* The backup script can be running on a remote backup machine and the volume that is being backed up is exported to the backup machine read-only. There is no way that the script on the backup machine can do anything to the machine being backed up (other than making the disk(s) rather busy.) This is a very common practice BTW. Unix systems have been doing this for decades. The backup script can try to mount the volume to be backed up any way it chooses... the best it can do is mount it read-only and back it up... the worst it can do is fail to mount it at all.

* Ever heard of SELinux from the NSA? See: http://www.nsa.gov/selinux/ for more info. SELinux specifically addresses security from the standpoint of 'least privilege'. Red Hat has a community supported distribution of Linux called Fedora Core. Currently Fedora Core 2 test 2 is using SELinux. This will eventually become the next version of Red Hat Enterprise Linux.

* Ever heard of User Mode Linux? See: http://usermodelinux.org/ and http://user-mode-linux.sourceforge.net/ for more info. An instance of User Mode Linux can back up the 'host' system without the possibility of compromising the 'host'... all on one machine.

It is quite likely there are other examples that I haven't heard of yet of proper use of 'least privilege' for Unix and Unix-like systems.

Laugh it up.

[Richard Edgar]

The backup script can be running on a remote backup machine and the volume that is being backed up is exported to the backup machine read-only. There is no way that the script on the backup machine can do anything to the machine being backed up (other than making the disk(s) rather busy.) This is a very common practice BTW. Unix systems have been doing this for decades. The backup script can try to mount the volume to be backed up any way it chooses... the best it can do is mount it read-only and back it up... the worst it can do is fail to mount it at all

So it takes a completely separate machine? Wonderful. 'Doing this for decades' looks rather like an admission that it has long been known that a single Unix machine can't do this sort of thing properly. You know what? OS9 (and earlier) can be worked like that too. As can any other OS which can provide access to a serial port. So does that give them 'least priviledge' (in this regard at least)?

Put blunty, the security model in Unix isn't terribly good. It is extremely simplistic, and provides the least possible to enable a reasonable multi-user operating system. However after three decades of Getting Things Wrong, people have finally managed to work out how to bludgeon said system into being vaguely secure. I do sometimes wonder if people shouldn't give Windows a similar chance.

[RayX]

Originally posted by Richard Edgar:
I do sometimes wonder if people shouldn't give Windows a similar chance.

Lets not kid ourselfs.

[Millennium]

Originally posted by Person Man:
I guess we'll just have to agree to disagree on this issue, then.

Besides, I doubt Apple will ever force strong security on people anyway. But, hopefully even you would agree that making a suggestion on how to choose a strong password will help some people to do so.

Yes.

I also think that the weakest of the weak passwords should be flatly rejected. Things like single letters, sequences of the same letter, sequences of consecutive letters or digits, or the longname or shortname of the user, and the word "password". Even just rejecting those five simple criteria would force a surprisingly large proportion of users to increase the strength of their passwords, while not causing any undue burden. Everybody benefits.

[SMacTech]

Originally posted by Richard Edgar:
However after three decades of Getting Things Wrong, people have finally managed to work out how to bludgeon said system into being vaguely secure. I do sometimes wonder if people shouldn't give Windows a similar chance.

I have to deal with that chance everyday as a sys admin of ~ 100 Win XP computers, and two at home. My wife and kid both use XP, and within the last month I have had to do a system restore on both. I so love coming back to my Mac after giving Windows its chance.

[shortcipher]

I agree that computers need to be very secure, and it is also true that people dont like having to remember obscure passwords (although I do have one), I have the same issue with my car, I dont want other people to be able to get into it and drive away, but Ill be damned if I want to have to type in a password to get into it, Id much rather use a key, without which the car just wont work (what with engine immobilisers etc).

Now I dont doubt that there are ways of circumventing these devices, nor do I doubt that they could be improved, but having a physical key feels a lot more secure than using my pets name as a password, and I dont have to think about it, I just have to not lose the key...

Remembering passwords is a very unfriendly thing for people to have to do, PIN numbers are bad enough, and people have trouble remembering just 1 of those, so the idea of having to remember many obscure passwords for the various computing devices in your life is absurd, and is why lots of people use the same password for everything. But how many people have trouble owning lots of keys?

Now dont flame me, I know physical keys are impractical for all sorts of reasons, but think about it, is there a better way than passwords?

[Millennium]

Originally posted by Richard Edgar:
So it takes a completely separate machine? Wonderful.

Um, isn't the requirement of a separate machine the nature of online backups? To back up to the same machine is almost useless, because it does not take machine failure into account. All it can do is save you from the corruption of individual files. This does happen, of course, but it is worthless in the face of almost any other system.

Put blunty, the security model in Unix isn't terribly good.

There are better security models, to be sure. Everyone knows that. There was a stab taken at implementing a better security standard over Unix some years ago, called POSIX capabilities. You can still find drafts of the standard; it was, for some reason, never finished.

However, to say that it's not a good security model is going a little too far. It can be made to just about everything that other models do, though sometimes it is more difficult to do this than it ought to be.

I do sometimes wonder if people shouldn't give Windows a similar chance.

The problem with Windows is not the security model; indeed, the security model could be quite good, if Microsoft cared to use it. As it stands, it provides worse than nothing in the way of security, because it can be disabled (and worse still, most of it is disabled by default). The problem with Windows is the mantra of convenience over security, which one of the four chief lies on which Microsoft's business model is built.

[qyn]

Originally posted by Millennium:

I also think that the weakest of the weak passwords should be flatly rejected. Things like single letters, sequences of the same letter, sequences of consecutive letters or digits, or the longname or shortname of the user, and the word "password".

For all the attention paid to the strength (or lack thereof) of passwords, I wonder if this is really the place to focus?

Things like l0phtcrack will easily crack all dictionary-based passwords, as well as |337 5p34|< variations. So the weakest of weak passwords (eg "password") is just as weak as "p@55w0rd" which is just as weak as "br1tn3y5p3@rs!" or whatever, and both of the latter will meet most standards for strong passwords. Really secure passwords become too hard to remember.

But more importantly, does anybody know how many attacks succeed because of weak passwords? My guess is that it's not that many, especially in a world of VBScript and packet sniffing (FTP, I'm looking at you) and buffer overflows. That's just a guess though. Does anybody have the facts?

[Brass]

Originally posted by Millennium:
Yes.

I also think that the weakest of the weak passwords should be flatly rejected. Things like single letters, sequences of the same letter, sequences of consecutive letters or digits, or the longname or shortname of the user, and the word "password". Even just rejecting those five simple criteria would force a surprisingly large proportion of users to increase the strength of their passwords, while not causing any undue burden. Everybody benefits.

NO, then I couldn't have my "Visitor" account with no password at all. Which is specifically there to allow anyone to use my computer any time they want. Yes, I WANT anyone to be able to use this account without any password.

Yes, I do care about security, but this is not an ideal world we live in, and sometimes compromises are necessary to make life bearable.

[Brass]

Originally posted by Millennium:
Um, isn't the requirement of a separate machine the nature of online backups? To back up to the same machine is almost useless, because it does not take machine failure into account. All it can do is save you from the corruption of individual files. This does happen, of course, but it is worthless in the face of almost any other system.

A separate server is not required for backups. An external tape drive (or even disk drive) is all that's required (especially in a home environment - why would you buy another server just for backups?).

However, your point still stands in that to implement secure backups, the backup process need not run as root. The file systems to be backed up could easily be presented to the backup process in a read/only manner ON THE SAME MACHINE.

Having said that, though, most popular comprehensive backup applications do run as root, even when backing up to a remote server (eg, Legato Networker, Retrospect).

[Love Calm Quiet]

How about worm vulnerability (like Sasser)? I'm pretty casual about connecting to internet when visiting Kinkos or some windows-based office where they've got an extra ethernet cable from their network dangling around.

Is the OS X built-in firewall enough to protect me? How vulnerable would novice users be that have never bothered to turn the firewall on (to getting a LAN- or Internet-based worm -- of the type (but designed for Mac) that people are saying infect windows systems withinn minutes of unprotected internet connection?

[Graymalkin]

Originally posted by Love Calm Quiet:
How about worm vulnerability (like Sasser)? I'm pretty casual about connecting to internet when visiting Kinkos or some windows-based office where they've got an extra ethernet cable from their network dangling around.

Is the OS X built-in firewall enough to protect me? How vulnerable would novice users be that have never bothered to turn the firewall on (to getting a LAN- or Internet-based worm -- of the type (but designed for Mac) that people are saying infect windows systems withinn minutes of unprotected internet connection?

Sasser and MSBlast and their ilk all exploit bugs in services Windows runs by default. Instead of adopting a sane security policy, Microsoft decided to listen for connections to systems services from all addresses. All they would have to do is limit connections to 127.0.0.1 (localhost) and three quarters of their vulnerabilities would cease to be. By default OSX doesn't run any such services that any yahoo can connect to.

If I don't have any services checked in the Sharing pref pane I can run:

Code:
sudo nmap -sS -p 1-30000 mycomputer

and find no open ports. A worm like Sasser even with my firewall disabled wouldn't find anything to connect to in order to exploit it. A Sasser-ish worm is going to find a network of Macs to be a very dull place to be. Out of the box OSX is simply more secure on a network than a Windows XP system. I wouldn't put an unprotected XP system on an open link to the internet for anything. I don't mind so much having OSX connected even without the firewall enabled.

[kampl]

Out of the box with all the patches installed maybe. Anyone recall the OpenSSH vulnerabilities that came out not that long ago? Granted that is not a service enabled by default but one that is used by many regularly.

I'm a part of the school that thinks no platform is completely secure, but I do believe that Mac OS X is one of the more secure by default platforms out there.

Sure, Windows is secure usually when all patches are installed, however the track record is poor at best. I mean that when a 0day shows up it is usually very close to the announce date and the patch may or may not be out.

I can't recall off the top of my head but there was a vulnerability recently that was announced and fixed by MS six months after it was discovered. It was not publicly disclosed so who knew at the time that they could have been "rooted" as it were in the MS world? With six months as a lag time for patching, how many people reamed others who had no idea that there was a problem in the first place?

That of course brings up the disclosure timing and forum debate.

[macross]

Originally posted by Love Calm Quiet:
Sometimes I worry if complacency among the Mac community (re: security, viruses, etc) is some day going to hurt millions of Mac members simultaneously.

Maybe we're lucky to be such a small and unattractive target (so far) for virus writers. But I wonder if Apple isn't missing a HUGE marketing opportunity to promote the SAFETY of OSX for businesses.

Take a peek at the Reuters story ( http://reuters.com/newsArticle.jhtml...toryID=4688569 ) on how badly Euro businesses are hurt ( 20% shut down by viruses ! -- 30-50% in Italy & France ! ). Shouldn't Apple be out there advertising: "Tired of being infected, robbed, and extorted by virus writers? - Switch to OS X ! "

Or do you think that would egg on the virus writers to start hitting on us? Your thoughts?

No, because that line is weak. Common sense will tell you that there are barely any viruses in teh mac community because there are barley any mac users. Look at the market, how many people uses wintel machines compared to Macs. And there you ahve your answer. Besides, in teh business environemnt, most things aren't geared towards Mac

[Link]

macross: you are actually entirely wrong there. For illustration, and I back this with netcraft's web server statistics.. the majority of the servers on the internet are running a unix based OS, while the majority of server exploits out are for windows servers. Odd huh?

Believe me, no company could come close to microsoft's problems if they TRIED.

[qyn]

Originally posted by macross:
Common sense will tell you that there are barely any viruses in teh mac community because there are barley any mac users.

This sentiment has been debated extensively in this thread. Regardless of whether you believe that to be true (which I don't), it's most definitely not a mere matter of "common sense".

Personally, I think the beginning and end of this discussion is what kampl said:

I'm a part of the school that thinks no platform is completely secure, but I do believe that Mac OS X is one of the more secure by default platforms out there.

Beyond that, it's all speculation.