Have an account? Log in to leave your comments!
journal: mac
Mac Security: End the insanity. Now.
So there I was, doing my regular rounds of the tech sites out there when I stumbled on this gem (via MacDailyNews). “Developers Struggle to Defend Macs From ‘Zero Day’ Attacks”. Hmm. Apparently “Mac users are facing an onslaught of security threats” and “experts affiliated with the SANS Institute indicated that there has in recent weeks been a “surge” in attacks on the Apple (Nasdaq: AAPL) OS X platform.” Okay, I have no hard numbers to refute such claims so I won’t bother retorting this claim, dubious as it may be. What really got me going was this lovely tidbit:
Part of the problem lies in the Web browser that many Mac users rely upon—Internet Explorer.
Internet Explorer for Mac. The browser that Microsoft took out back and shot in 2003 and whose life support was pulled in January. The browser that hasn’t shipped on a new Mac in over a year. Yeah, that Internet Explorer that hasn’t been updated since 2002, and is known for being well behind the curve. The browser that well less than 1% of visitors to Deep Thought use (granted our readers are more technically savvy, but I haven’t seen a copy of IE for Mac in the wild for quite some time).
Wow. That’s....wow.
Rumors of OS X’s horrendous security have spiked as of late. and true to form, some less scrupulous members of the media got a whiff of a sensationalist story and ran with it. And then companies like MacAffee and Symantec start talking about the sad state of Mac security, as if they don’t have an agenda to push (hmm...).
I’ll be among the first to admit that no operating system is completely impervious. As long as human beings write code, there will be flaws. It’s imperfect code written by imperfect beings. And I’m sure there are things Apple could be doing better on the security front. And users should be vigilant because you never know; anything can happen. However, I strongly feel, as many Mac users do, that these alleged “threats” are way overblown.
Pundits like to point to several factors when discussing Mac security and how Macs are supposedly wearing a giant bullseye including Apple’s increasing market share, Apple’s switch to Intel processors, and Boot Camp.
The “Market Share” argument
An article from CNN states that “Apple’s iconic status, growing market share and adoption of the same microprocessors used in machines running Windows are making Macs a bigger target, some experts warn.” If you look at Apple’s market share, Apple has seen some growth. But if you look closely at the numbers, compared to the industry as a whole, Apple’s market share is still a tiny fragment of the pie. Apple’s growth is minimal compared to the size of the industry as a whole. And while I expect Apple to continue to see growth in sales and market share, it would be unreasonable to think that, unless some miracle occurs, Apple’s market share will ever grow beyond 8-10% or so (which to many Apple watchers like myself would be an impressive accomplishment). At that point, yes, the Mac will become a limited target of malware, but it will never become anywhere near the target that Microsoft Windows is. Remember that throughout its entire lifespan, the total number of Mac viruses is below 100.
The Intel Switch
This seems to be a popular one. The same CNN article linked to above says, “With new Macs running the same processor that powers Windows-based machines, far more people will know how to exploit weaknesses in Apple machines than in the past, when they ran on the PowerPC chips made by IBM Corp. and Motorola Corp. spinoff Freescale Semiconductor Inc.” I only have on thing to say: show me how the thousands of viruses that affect Windows leverage any hardware-level flaws. Everything I’ve seen exploits issues in the operating system itself.
Boot Camp
Yes, running Windows on your Mac opens your Mac up to the world of Windows viruses, but none of those viruses will upset your OS X install. For Mac users, Boot Camp will not make OS X any more susceptible to viruses. Remember also that Windows can not read or write to Mac-formatted disks.
The bottom line
I think my biggest problems with articles such as the one MacNewsWorld posted is it shows a certain lack of professionalism, especially through an apparent lack of research (the Internet Explorer comment). And the sensationalized nature of the topic makes it sound like the threat to OS X is much greater than it actually is, which makes articles such as this come across more like so-called “trolling for hits”. The sky is falling, indeed. Writers, pundits, security experts, and the like should end the scare tactics and FUD and instead take a different route; one that encourages users to be prepared for a malware outbreak and to take some common sense steps to protect themselves (don’t open email attachments from people you don’t know, don’t visit suspicious web sites, don’t download every system performance enhancer or smiley pack or browser toolbar you see advertised, etc...) without resorting to scare tactics. It can be done, guys. Do it.
UPDATE:That certainly didn’t take long! Our friends at Apple Matters posted a useful article entitled ”Top 8 OS X Safety Tips,” which, needless to say, highlights eight ways to secure OS X. Nice job, guys!
 |
18 | 2510 |
| Nick | comments | views |
thinkback
Journalism is now about sensationalism and getting as many hits as possible on your Web site.
Cable news is now simply car chases/weather/court tv. It’s all sensationalism.
You even see it in hard news articles on MacCentral about the PS3. “Oh my God, it’s $600 and who can afford that? and who is really going to pay that? and, oh yeah, there’s a $499 version, but it may not play BlueRay movies so it sucks but we don’t really know, and I heard someone didn’t like the mock-up of the prototype of the controllers!”
The Intel chips argument is hilarious and really does make whoever wrote the article look like an idiot. Either that, or it’s a huge conspiracy. Hmmm.
It’s funny how some people believe completely different operating systems are equally secure with the same number of customers. I mean, Jesus, just take the same operating system, Windows, and turn off some features and you have a much more secure operating system. But noooooo, OS X and Windows are equally secure with the same number of customers. Bah.
| May. 10, 2006 | ||
| 3:08 pm |
I crushed that article into the ground with a LONG email showing webstats of how LITTLE IE/Mac is used. This letter—sent both to the editor and as a talkback post—also spoke of security facets that mac OS has advantages in. Admittedly, it was a long post, but the amount of factual information in it versus the total pack of LIES this website actually PAID someone to do should have prompted an objective editor to run it. Unfortunately, I had forgotten to also dispute the point about RootKits on Macs. Sending it as a separate post, that is the ONLY post put up by the editor.
Unbelievable, both in that site running this article, as well as their draconic —lilly-livered—feedback policy: PROTECT THINE OWN ASS.
The security problems always is in the software. Microsoft’s Windows doesn’t have any equivalent function to sudo AND is more or less forcing its users to do their daily chore as admins which is the same as root in *nix (e.g. OS X and Linux).
If you’d ask a Linux guy about the wisdom to do your daily work always as root and he’d probably laugh, loudly. 
Another problem lies in Windows’ ActiveX which makes it possible to even update the OS through IE!!! Stupid, stupid, stupid Microsoft! As if they actually wanted that their naive customers to get problems (and pay a fortune to support technicians).
Etc., etc.
It’s just Windows which has these stupid flaws, just Windows, not Mac OS X, not Linux, not Solaris, not.....
| May. 11, 2006 | |
| 9:26 am |
Internet Explorer?
http://www.pcmag.com/article2/0,1895,195299 5,00.asp
I think it can now be safely said, in hindsight, that Microsoft’s entry into the browser business and its subsequent linking of the browser into the Windows operating system looks to be the worst decision—and perhaps the biggest, most costly gaffe—the company ever made. I call it the Great Microsoft Blunder.
| May. 11, 2006 | ||
| 9:39 am |
The security problems always is in the software. Microsoft’s Windows doesn’t have any equivalent function to sudo AND is more or less forcing its users to do their daily chore as admins which is the same as root in *nix (e.g. OS X and Linux).
Yeah exactly. If you’re the main/first account, you can do anything, and anything else can do anything, too. If you’re a secondary admin or a regular user, you can’t do anything you don’t have permission to do, not even by authenticating as an administrator. I hate it when I try to do something on a Windows computer on which I know the main admin’s name and password, but it just says that I don’t have permission and I can’t do anything about it.
| May. 11, 2006 | |
| Arden | 12:32 pm |
I bet they’d fix the lion-share of their security problems if, a big IF, they implement something like sudo. Not a Q&D;hack but something working exactly like in *nixes.
Fun reading: 
http://news.com.com/2060-10789_3-0.html
Spyware soared in the first quarter this year - infecting an estimated 87 percent of consumers’ PCs, according to security firm Webroot, which released its State of Spyware report Tuesday.
That’s quiet a pop from the previous two quarters, when spyware had infected an estimated 72 percent of consumer PCs, according to Gerhard Eschelbeck, Webroot chief technology officer.Webroot’s CTO pointed to three things that drove the rapid rise of spyware in the first quarter. Topping the list was the flurry of IE flaws in the quarter that didn’t have a patch available at the time they were disclosed. Greater sophistication of rootkits and a resurgence in building blocks to make phishing Trojan horses also added fuel to the fire for spyware.
And don’t expect things to improve anytime soon. Eschelbeck estimates the infection rate for PCs will be in the 85 percent and 90 percent range for the rest of the year.
|
| May. 11, 2006 | |
| 1:19 pm |
Yeah exactly. If you’re the main/first account, you can do anything, and anything else can do anything, too. If you’re a secondary admin or a regular user, you can’t do anything you don’t have permission to do, not even by authenticating as an administrator. I hate it when I try to do something on a Windows computer on which I know the main admin’s name and password, but it just says that I don’t have permission and I can’t do anything about it
Right click, Run As.
| May. 13, 2006 | |
| Liam | 8:15 pm |
Right click, Run As.
I was gonna post that but didn’t wanna kill the vibe in the room. LOL!
You don’t understand.
If you run as a limited user then fine, you’ll probably be better protected but once you run one application as an admin it will have total power.
In *nixes applications ask for permission when required, total power is not assumed unless an application is executed by root from the terminal.
So they will not have more rights than necessity dictates (dictated by the user manually). A much more secure solution as reality the last 15 years or so has shown.
|
| May. 14, 2006 | |
| 6:15 am |
IE pretty much tops the browsers visiting my site followed by Mozilla Firefox. Safari gets under 1%.
I believe that there is a majority that is happy with using IE because they don’t visit a lot of sites. Most businesses and schools fall into this category and they have their security worked out before their PCs are used (and during of course).
There is the second group of users that do visit a lot of sites and wants more out of their browsers (I switched to Firefox because of tabs). They tend to play around with technology, codes/hacks to maximise their PC potentials.
Which of these groups are more likely to play with viruses or perhap attack other computers?
Or course it would be the second group. They are actively involved with installing and trying every new thing under the sun. They are the ones pushing the OS (Windows) to the max. They are the ones to discover holes in a heavily used OS.
Having said that, it is neither the fault of the software and hardware platforms that causes security concerns, it is the users using the most popular softwares in the world.
Apple should still concern themselves with such issues because Unix/BSD is responsible for having some of the most dangerous viruses on a computer. Exposing these weaknesses on a dual-booting system will create the kind of problems anyone would have when sharing OSes on a PC. PCs/Unix terminals CAN access Macs through network programs or holes in software. What people do when they find a hole is their discretion, who knows if their intention is good or not?
In addition, if iTunes can find out what you listen to on your computer and send that information back to Apple headquarters, then expect everything else on your PC to be scrutinized. In this case, perhaps people should be afraid of not what other people can do to them, but of what Apple might do.
Have you been dreaming again Informer? 
I’d not just like to know the URL to your site, but I’d also like to see you back up what you say with trustworthy references for example. (Should be entertaining at least to see you try)
|
| May. 15, 2006 | |
| 1:14 pm |
Since Dell installs spyware on every computer they sell, I’m guessing informer isn’t big on Dell anymore.
| May. 15, 2006 | ||
| 2:02 pm |
There is no reason for me to lie about my site, however it is a personal site for friends and families, it has nothing to do with computers/OSes/etc. Its funny how you ask me that Mikael, you’re not exactly a model of accountability.
I don’t own a Dell computer, but on like any new computers I set up my own desktop and existing software that I have. No big deal. However, the Dell monitors rocks!
So, informer, from here on out, when you do a cost comparison between a Mac and Dell, make sure you don’t include any of the software on that Dell since you are wiping the hard drive. Also, make sure you add the price of Windows and all that software you use to the price of that Dell.
| May. 15, 2006 | ||
| 7:50 pm |
In any case, this is another contradiction on your part, informer.
You bash Apple for what you are implying is spyware (iTunes option that informs you have like-minded music that is available, if you have the option turned on—and yes, I know they were idiots and made it default when it first came out) and yet you don’t care that Dell purposely installs spyware that adversely affects the performance of your Dell PC and the only way to get around it is to buy your own copy of Windows and wipe the hard drive and install that.
Don’t you see a contradiction there?
| May. 15, 2006 | ||
| 7:53 pm |
1.
I just went to that web site and can not believe it… at a Mac site yet. Does MS pay their bills? or the folks at McAfee?