toggle

AAPL Stock: 562.29 ( -3.03 )

MacNN News

Mac OS X inherently secure, hackers not interested

updated 08:35 am EDT, Mon October 24, 2005

Mac OS X inherently secure

Successful assaults by on the Mac operating system are rare as it has better security and attackers are less keen, says Stephen Wildstrom of BusinessWeek. "There is endless debate among security experts about whether the paucity of successful assaults on Apple's OS X is attributable to better security or attackers' lack of interest in an operating system whose share of the market is in single digits. I think it's some of both." Wildstrom says one reason Mac OS X offers inherently better security is that it was designed with relatively little concern for compatibility with earlier versions, while Windows is full of compromises so that it works with older and less secure operating systems. Wildstrom also points out that "the ablest writers of viruses, spyware, and worms, are motivated more by profit than glory, and Windows, with 90%-plus of the market, is where the money is."

by MacNN Staff

(20)

TAGS :

troubleshooting

Share the Article

Facebook Twitter Delious Slash Dot Digg

toggle

Comments

telem
Fresh-Faced Recruit

Joined: Dec 1999

0

10/24, 09:07am | report spam | close Reply |
Where is the money?

How do hackers profit from their success?

TomMcIn
Fresh-Faced Recruit

Joined: Dec 2001

0

10/24, 09:08am | report spam | close Reply |
Hacking OSX

While the glory from hacking millions of sloppy Windows systems is one thing, the glory from breaking into a secure OSX system would be worth a lot more points. Anybody can stroll down the street, few climb Mount Everest, and then only with a huge support team.

Tom

eswinson
Fresh-Faced Recruit

Joined: Jul 2002

0

10/24, 09:26am | report spam | close Reply |
This is BS

The real reason we see a lack of virii and worms for the mac is that there are not the ready made script generators for the mass "hackers" to use nor do most of them even have access to a mac to create a script generator to begin with. The responsible approach to security apple has taken as well as the quick release of security patches when holes are identified have prevented a proliferation of malware on the platform.

Funny nobody ever said OpenVMS was unhackable becuse of its small marketshare. They say it is is unhackable becuase nobody was able to hack it.

The Irony here is that Windows NT was derived from VMS... go figure.

Jonas Maebe
Fresh-Faced Recruit

Joined: Jan 2002

0

10/24, 09:31am | report spam | close Reply |
Re: Where is the money?

It's not hackers, but crackers and virus writers. And they profit by renting out botnets (large networks of zombie PC's gotten under control with the help of spyware or viruses, rented e.g. to spammers for their use), capturing credit card info using installed key loggers, extortion by threatening with denial-of-service attacks using their botnets etc.

And although I agree Mac OS X is inherently a bit more secure than Windows, it probably wouldn't be that difficult to have a wide spreading virus on the Mac.

The reason is that I do not think it is difficult to trick most people into entering their admin password in a fake authentication dialog box (e.g. thrown up by a fake installer package), and after a program gets admin privileges it can do pretty much anything it wants.

User gullibility/stupidity is extremely hard to protect against, and is for a large part independent of the underlying OS.

eldarkus
Fresh-Faced Recruit

Joined: Feb 2004

0

10/24, 09:33am | report spam | close Reply |
re: money

Lots of money to be made.. threating to release company info, hacking banks and transfering money, pop-ups via hacking.. I'm sure there are more.

Not that i'm defending this crappy, re-hashed article at all. Tom is correct. there would be much more notariaty in hacking OSX than windows from a personal achievement standpoint..

eldarkus
Fresh-Faced Recruit

Joined: Feb 2004

0

10/24, 09:35am | report spam | close Reply |
to Jonas

"User gullibility/stupidity is extremely hard to protect against, and is for a large part independent of the underlying OS."

But since that is the case with every single OS, then it is a moot point. It levels the playing field so all you have left is the security within the OS.

Jonas Maebe
Fresh-Faced Recruit

Joined: Jan 2002

0

10/24, 10:11am | report spam | close Reply |
Re: to Jonas

"But since that is the case with every single OS, then it is a moot point. It levels the playing field so all you have left is the security within the OS."

It's not a moot point at all, it simply means that the security within the OS is simply irrelevant a lot of cases. All these people inadvertently installing spyware on their Windows machines could do it just the same on Mac OS X.

nat
Junior Member

Joined: Mar 2002

0

10/24, 10:26am | report spam | close Reply |
and before..

someone posts the "mac's don't have the market share" arguement on why they aren't attacked more often...

http://www.theregister.co.uk/2003/12/16/windowsstyle_security_hell_stalks_mac/

eldarkus
Fresh-Faced Recruit

Joined: Feb 2004

0

10/24, 10:33am | report spam | close Reply |
Re: to Jonas

youre talking user security over computer security. 2 different arguements... My point still stands. If it's irrelevant as you say, then why bother discussing OS security at all? lol

there are differences in the way Win and OSX gives privledges to the user. But since the user security is the same across the board, you have to focus on the OS security!

Jonas Maebe
Fresh-Faced Recruit

Joined: Jan 2002

0

10/24, 11:02am | report spam | close Reply |
Re: to Jonas

"you're talking user security over computer security. 2 different arguements..."

I'm saying that "user security" in many cases completely overrules the whole "computer security" thing.

"My point still stands. If it's irrelevant as you say, then why bother discussing OS security at all?"

I never said it was irrelevant, I said it was irrelevant in a lot of case. As in "most problems with spyware and many problems with viruses on windows have nothing to do at all with OS security, and would happen in exactly the same way under Mac OS X with those same users".

"There are differences in the way Win and OSX gives privledges to the user. But since the user security is the same across the board, you have to focus on the OS security!"

No, because then you create an unrealistic and false sense of security.

eldarkus
Fresh-Faced Recruit

Joined: Feb 2004

0

10/24, 11:48am | report spam | close Reply |
Re: to Jonas 17

So I have to assume you have no idea how a virus works under Windows. This is not a user issue.. it's the way the system was designed and the config of the OS when it was shipped.

Read the article nat posted and get back to me. Maybe then you'll understand that most viruses for windows are from Windows flaws in security.. and NOT the fault of the user, as you say.

So here's the question you should ask yourself. If you hooked up a Windwos box and a Mac box up to the net and did not let anyone touch the machines (thereby, eliminating the user part of this lame discussion) which would be more prone to attacks and why?

I.P. Freely
Fresh-Faced Recruit

Joined: May 2003

0

10/24, 12:04pm | report spam | close Reply |
pointless argument

If there are no know virus for the Mac, that means just that no know virus.

I don't care why there aren't any virus for the Macs. That is inconsequential.

If the argument is that Mac's are tougher to crack. Fine, more power to me.

If your argument is that NO ONE writes virus for the Mac. How is that a bad thing?

Jonas Maebe
Fresh-Faced Recruit

Joined: Jan 2002

0

10/24, 12:05pm | report spam | close Reply |
Re: to Jonas

"So I have to assume you have no idea how a virus works under Windows. This is not a user issue.. it's the way the system was designed and the config of the OS when it was shipped. "

It makes no sense to talk about how "a" virus works under Windows, as there are various ways. A number of them exploit buffer overflows in various network-related software, but on the other hand a very large number depends on users opening one attachment or another.

"Read the article nat posted and get back to me. Maybe then you'll understand that most viruses for windows are from Windows flaws in security.. and NOT the fault of the user, as you say. "

Please stop misquoting me, I never said most of them are due to user fault. I said a lot of them are. I don't know whether it's most of them or not, but I do know it's a very significant amount (based on e.g. the number of emails with virus attachments that are stopped by the virus scanners on our mailservers).

"So here's the question you should ask yourself. If you hooked up a Windwos box and a Mac box up to the net and did not let anyone touch the machines (thereby, eliminating the user part of this lame discussion) which would be more prone to attacks and why?"

The "lame part of the discussion" is my whole point. I never contested that Mac OS X' security architecture is superior to Windows'.

I simply said that it does not in any way make us Mac users somehow immune to the virus and spyware problems, and that in fact a lot of virus (and spyware etc) problems cannot be prevented by OS security (at least not the way it is implemented today, but some alternatives -like requiring all programs that run to be approved by some central authority- would have even worse overall effects).

Last post from me in this thread.

eldarkus
Fresh-Faced Recruit

Joined: Feb 2004

0

10/24, 12:45pm | report spam | close Reply |
to Jonas

So a user opening an e-mail with a virus is the users fault? HAHAHAHA! It has NOTHING to do with Outlook and the way it executes code when you open the e-mail? wake up and smell what you're shovelling, bro!!

"Please stop misquoting me, I never said most of them are due to user fault. I said a lot of them are"

And I said "MOST", which would be the equilivant to "A lot of"! I have yet to misquote you, so please stop misquoting me!

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

10/24, 01:21pm | report spam | close Reply |
Re: to Jonas

So a user opening an e-mail with a virus is the users fault? HAHAHAHA! It has NOTHING to do with Outlook and the way it executes code when you open the e-mail? wake up and smell what you're shovelling, bro!!

No, it has nothing to do with that. First off, most email viruses are attachments that need to be launched. Only a few are the "Read the mail, you're screwed" kind.

So then its left up to the mail program and how it warns about viruses. Unfortunately its gotten so bad that they either (a) warn you that any email attachment might contain a virus, so beware! (which is really annoying), or (b) Don't let you open attachments at all (Outlook started doing this, preventing users from even seeing, let alone opening, various types of files).

Now, why do mail programs go through all these annoyances? Is it because the OS is inheritently insecure, or is it because users can't be trusted to not open a file titled "Anna K.jpg" even though they've been told 500 times NOT to open the file???

As for the crux of the argument, the requirement for an administrator password to install software only applies to admin software. Software can be installed locally without any authentication, thus still causing the user to be compromised.

But I agree that one of the many reasons for the lack of OS X viruses is that the marketshare is small. Trying to get a virus to propogate is only as successful as finding enough susceptible carriers to pass it on to before its discovered. Do you think the Avian flu would be such a big story if only 4% of the population could even catch it. It would have difficulty spreading for it would be hard to find carriers. But, I know, its just a pretend reason. Its apple, so it must be because the OS is secure, nothing else could come into play.

Oh, and I found it hillarious that the first poster talked about how great Apple was for patching their holes quickly. Yet when MS releases security fixes, its always "Haha, look at MS, trying to patch the leaking dam!". And since no one really knows what holes are in OS X, we really don't know if they're patching them or not. We only know about the ones we know about. Second, quick is not a word I would use with Apple's security updates. Also, Apple only patches holes in older OS's at their convenience. MS has spelled out how long they will support their OSs with patches.

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

10/24, 01:27pm | report spam | close Reply |
Everest analogy

While the glory from hacking millions of sloppy Windows systems is one thing, the glory from breaking into a secure OSX system would be worth a lot more points. Anybody can stroll down the street, few climb Mount Everest, and then only with a huge support team.

Wow, you make it sound like anyone can crack Windows. Sure, but that's because people have all laid the groundwork. No one's doing it from scratch. Someone finds a buffer overflow, they grab some pre-made code, call the overflowed function, and off they go. The Windows virus writers already had the support team out, building the escalator to the top. Now all you got to do is jump on and ride to the peak. Sooner or later a group is going to do the same with OS X. (Of course, with interfaces that are inconsistent and sometimes klutzy, spinning beachballs in the finder for doing even simple things, installers that have deleted whole hard drives, or have screwed up permissions on directories, etc, that the Mac already has a virus maker, and its Apple! But, it doesn't get better, because NAV only makes things worse!).

rwahrens@verizon.net
Fresh-Faced Recruit

Joined: Oct 2005

0

10/24, 01:59pm | report spam | close Reply |
re: testudo

Sorry, I hate to rain on your parade, but whether Mac users are just as dumb as Windows users matters not at all. Since there are no viruses that run under the Mac OS, whether a Mac user is dumb enough to click on the wrong place doesn't matter - it won't run anyway! It doesn't make any difference how or whether the mail program warns about viruses or not. Mac based anti-virus programs scan for and delete viruses in email not because they are dangerous to the resident system, but so the current user won't infect his future mail recipients by sending on an email containing a virus! (and, yes, it's the anti-virus program, NOT the mail program, that scans and warns about viruses. Outlook only does this if it's got an anti-virus program installed and intigrated with it!)

No, the Mac OS does NOT require passwords only for "system level" programs! Try installing any program and it'll ask for a password!

Security in inherent in the OS. It has to be because to depend on the user for security is letting the fox guard the henhouse!

nat
Junior Member

Joined: Mar 2002

0

10/24, 02:13pm | report spam | close Reply |
my my

testudo, really, i posted a link solely for you folks that insist on this pathetic market share arguement and you STILL put it forward. tsk tsk. too busy to read it were you?

rwahrens@verizon.net
Fresh-Faced Recruit

Joined: Oct 2005

0

10/24, 02:49pm | report spam | close Reply |
re: my my

Pitiful, aren't they?

But then, again, it would shatter their self-image, wouldn't it?

Todd Madson
Mac Elite

Joined: Apr 2000

0

10/24, 02:53pm | report spam | close Reply |
The Law

The law is beginning to get in on the whole botnet extortion ploy. My hope is that the average Joe will recognize them for what they are: criminal extortionists some of them involved with organized crime. It's just another area for criminals to be involved with and it's easy money for them. Luckily with the takedown of a big botnet organizer recently we'll start seeing big arrests for more of this nonsense. Part of it is, people need to secure their systems and some of them won't be bothered learning how. As long as their are people who treat their computers like VCRs (set it and forget it) there will be those who exploit them.

Show More Comments

Login Here

toggle

Network Headlines

05/25	Sotheby to auction Jobs Atari memo,...
05/25	Apple hiring new chip engineers for...
05/25	Third-gen iPad coming to Philippines...
05/25	Apple to integrate Baidu search into...
05/24	Apple submits surprise optical stylus...

Show All

05/25	Sotheby to auction Jobs Atari memo,...
05/25	Apple to integrate Baidu search into...
05/25	Google picks up webOS Enyo team, Open...
05/24	Apple submits surprise optical stylus...
05/24	Yahoo releases Axis 'visual search'...

Show All

05/25	Sotheby to auction Jobs Atari memo,...
05/23	Google launches redesigned Search app...
05/22	Leaked next-gen iPod touch part hints...
05/22	Hulu Plus updates with iPad Retina...
05/22	TiVo Stream to push TV to iPhones,...

Show All

03/02	Save $330 on refurb. 15.4-inch, 2.4GHz...
03/01	Pre-owned 8GB iPod touch 2G, drops...
02/29	$150 off Nikon Coolpix S80 Compact...
02/28	Plantronics BackBeat 903 Bluetooth...
02/27	Refurb. Seagate 1.5TB GoFlex Portable...

Show All

toggle

Mac OS X inherently secure, hackers not interested

updated 08:35 am EDT, Mon October 24, 2005

Mac OS X inherently secure

Where is the money?

Hacking OSX

This is BS

Re: Where is the money?

re: money

to Jonas

Re: to Jonas

and before..

Re: to Jonas

Re: to Jonas

Re: to Jonas 17

pointless argument

Re: to Jonas

to Jonas

Re: to Jonas

Everest analogy

re: testudo

my my

re: my my

The Law

Login Here

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

10 Most Read

10 Most Discussed

MacNN Marketplace

Mac OS X inherently secure, hackers not interested

updated 08:35 am EDT, Mon October 24, 2005

Mac OS X inherently secure

Related Articles

Recent Articles

Where is the money?

Hacking OSX

This is BS

Re: Where is the money?

re: money

to Jonas

Re: to Jonas

and before..

Re: to Jonas

Re: to Jonas

Re: to Jonas 17

pointless argument

Re: to Jonas

to Jonas

Re: to Jonas

Everest analogy

re: testudo

my my

re: my my

The Law

Login Here

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

10 Most Read

10 Most Discussed

MacNN Marketplace