What lurks in the dark?

Mac users ‘still lax on security’ – news.bbc.co.uk – The BBC is right for once, this is very informative article about the true level of security on Macs.

Kevin Finisterre caused ripples in the Mac community when he started a website in January revealing a different bug in Apple systems each day of the month.

While some observers dismissed the survey, Apple recently issued a patch to plug holes outlined by Finisterre.

Many of the problems highlighted by Finisterre are security holes in applications, which are not related to viruses.

Finisterre said: “Try calling any Apple store and ask any sales rep what you would do with regard to security, ask if there is anything you should have to worry about?
“They will happily reinforce the feeling of ‘Security on a Mac? What? Me worry?’.”

He said that Apple had in the past not been open to dialogue about security matters, but things were changing for the better.

It’s good to see that Apple is finally addressing its security issues, following the example set by Microsoft ( ;) ) in this regard, with an increased focus in offering a more secure computing experience. Now if only the Police agencies around the world would start to hunt down spammers, I would be a happier person.



  1. Mac Guy says:

    When it comes to security out of the box, I’d still take a Mac over a PC any day of the week and twice on Sunday.

  2. Jerk-Face says:

    2. “When it comes to security out of the box…”

    I’d take a boxed PC over an unboxed Mac any day of the week. But that’s just me.

  3. paddler says:

    Get a broadband NAT router between you and the internet and practice some common sense when surfing and you will be fine no matter which you use.

    If you are into downloading illegal software, music or Russian porn then you should definitely be doing it on a Mac (the graphics on the Mac are great for porn!)

  4. Mac Guy says:

    Yep… labias and flabias… and stuff I didn’t even KNOW about! All that looks better on a Mac.

    Thanks, Dave Chappelle.

  5. jccalhoun says:

    It is funny how it was supposed to be the month of Apple bugs but a lot of those bugs were in crossplatform apps like VLC and iTunes.

  6. Jeff says:

    Deleted for violation of posting rules

  7. Scott Gant says:

    Honestly, it’s been over 10 years since I’ve seen a virus…and ironically it was on a Mac running OS 8. The big one that infected Syquest disks.

    If you know what you’re doing…on any OS…you’re ahead of the game.

    But on the Mac it also has “security through obscurity” and I’m totally fine with that.

  8. DieFundie says:

    I reiterate the previous comments. The MOAB was a joke. Almost all of the “vulnerabilities” were in 3rd party programs, and most of those vulnerabilities would not manifest if you’re behind a NAT router. I think the timing of MOAB is suspect w.r.t. Vista’s release. Bill even mentioned MOAB in recent interviews to knock Apple off their pedestal. I wouldn’t be surprised to hear the whole thing was orchestrated by M$.

  9. Lauren the Ghoti says:

    M. Gasparrini has apparently failed to note the numerous 3rd party reports which despite all the projection, wishful thinking and FUD, still have the count of Mac spyware, adware, virii, worms, Trojans, botnet zombies, spam relays, spyware hosts, and worm propagators at zero. Millions of computers, 6 years+, and what? An endless procession of “coud be”s and “possibly”s – but anything real? Zip. Nada. 0.

    Pfffft.

    “This could happen… that is possible… in theory, the other thing…” yadda, yadda, yadda.

    In theory, I could win the Lotto jackpot, be hit by lightning, or find out I’m the lost-lost heir of King Zorg. The prospects are just as good.

    And before another Win fanboi in denial pops out with the old standby, don’t try selling anyone with half a brain the bullshit idea that no malware author is interested in being the very first to actually loose an OS X virus on the world. What a crock. They are busting their evil little asses to get the worldwide notoriety and cred that such a feat would instantly award them with. As if they give a flying fuck about market share. Ya. Gotta have a room-temperature IQ to believe such buncombe and hogwash. 🙂

  10. TK says:

    “But Mac experts have pointed out that none of the exploits have ever successfully been used to hijack an Apple computer.”

    Until that changes, its all FUD.

  11. Scott Gant says:

    For one thing, I think people are getting trojans mixed up with viruses. A trojan can strike anyone at any time…even the most secure, the most heavely protected OS out there…simply because it’s exploiting the weakness of the user itself. A trojan could be as simple as a “rm” command that deletes everything in root. How does a virus scanner protect against that if the user is letting it happen? On any system?

    A virus exploits a hole in the system. A trojan exploits the user of the system.

    As I’m sitting here on a brand new 24″ iMac and I loaded in a few pieces of software that wanted my admin password, I thought to myself “what if this is some malware or trojan…there’s nothing that would protect me at all”. But the same could be said for any OS out there…unless the OS doesn’t allow any modifications or loading of new software at all, even by the admin.

  12. James Hill says:

    #3 – Agreed: Most people would leave that piece of shit PC in the box, return it, and get a Mac they’d actually unbox.

    As someone who develops Mac and Windows software for a large systems management company, I can say that we are in position to make money off of the potential increased security risk Macs face.

  13. Lauren the Ghoti says:

    “…we are in position to make money off of the potential increased security risk Macs face…”

    …as are many of the companies and individuals currently crying “wolf” about OS X’s “vulnerability”.

  14. Angel H. Wong says:

    #10

    “And before another Win fanboi in denial pops out with the old standby, don’t try selling anyone with half a brain the bullshit idea that no malware author is interested in being the very first to actually loose an OS X virus on the world.”

    Well, Duh! Why waste effort on an OS where you have to change ALL of your (expensive) software every time the OS get updated.

  15. Olo Baggins of Bywater says:

    Most people would leave that piece of shit PC in the box

    Well, some 95% of all computer users don’t. There’s probably a reason for that, ya suppose? 🙂

    The vast majority of malware these days is aimed at getting control of a machine for DoS and other remote attacks. A lot of it is just so these guys can brag about the number of machines they control. Given the odds of infecting a given system, it just doesn’t make any sense to include OSX in the attacks…there’s simply no payoff for the effort required.

    As a marketer of anything, you don’t go after the difficult 3% of your potential market, you go after the easy 95%. Basic Marketing 101, right?

    Every system of every type can be hacked, history tells us this is true and it will remain true. The problem is that it apparently takes half a brain to realize this. (that would be touché)

    And FWIW, I hate MS for a lot of things. Take Outlook for example. Or Publisher. I don’t hate Apple for anything. Well, there’s that iTunes thing where it deleted the music from my Shuffle, but whatever. On the other hand, a core group of Mac users are just so damned unbearable and logic-impaired sometimes. And easily tweaked, too. 🙂

  16. Mac Guy says:

    #17 – “…a core group of Mac users are just so damned unbearable and logic-impaired sometimes. And easily tweaked, too.”

    Even as a Mac guy, I will *totally* agree with you there. Fortunately, I don’t have my head buried *too* far up my behind that I can’t see Apple’s flaws. Strangely, I’m one of their biggest fans, but I’m also one of their biggest critics. Love/hate relationship, I guess. 😉

  17. Jaems Hill says:

    #15 – Bingo.

  18. JoaoPT says:

    I just love that “protection by obscurity” thing…

  19. Scott Gant says:

    It’s “security through obscurity”.

    Please…it has to rhyme.

  20. sheva says:

    apple pwned…again

  21. Peter iNova says:

    Panic in the Idea Zero. There’s no there there. Dvorak is in the BUSINESS of writing inflammatory headlines. He LOVES it when people flock to a misleading gist.

    Does Apple Know That Macs Are A Ticking Time Bomb?

    Does Dvorak know that his very heart, and yours and mine are ticking time bombs? Does it make us sweat with panic–according to John–like we should?

    -iNova

  22. James Hill says:

    #17, meet #22 – This is your core user group.

    The 5% continues to set the pace, while the 95% you seem comforable with continues to use pwned like it’s an actual word.

    You lose, and #22 should have been aborted by his parents.

    #23 – Dvorak didn’t write the headline, and writing catchy headlines isn’t reserved for Mac stories alone. Honestly, don’t you guys read JCD’s work?

  23. GregA says:

    Wow, this thread confirms my suspicions. Apples target market is complainers. Just wow.

  24. Lauren the Ghoti says:

    All the sheeple who believe that popularity equals quality should be reminded;
    McDonald’s makes the best food;
    Gallo produces the best wines;
    Fords are the best cars;
    Britney is the best singer;
    & cetera…

    With very rare exceptions, the best of most anything in this life is the one the masses – that is to say, most people – cannot and do not appreciate.

    ‘Ninety percent of everything is shit.’
    ~ Ted Sturgeon

    Enjoy your lowest-common-denominator dreck, 95%ers.

  25. ChrisMac says:

    The last virus i had was under Desqview on msdos on my old BBS.
    some cheesy ram virus if i remember correctly..
    It was a great learning expeience back then..

    Then web browsers came along..
    They are the virus

  26. Mr. Fusion says:

    #8, Scott
    But on the Mac it also has “security through obscurity” and I’m totally fine with that.
    Comment by Scott Gant — 2/21/2007 @ 11:50 am

    My abacus and slide rule have even greater “security through obscurity”.

  27. OmarThe Alien says:

    The last virus protection I had screwed the computer so I don’t use it, I think it’s more marketing than protection anyway. I’ve been using computers for over thirteen years, and except for the time I launched my 486 unfirewalled (intentionally) towards the best of the porn sites just to see what would happen (and yeah, it was cool, just to watch the weird stuff load itself like magic) I’ve only had one problem that could have been caused by a virus, and that was when the MBR crapped on a hard drive a few months ago. Use a good firewall, good sense and good backups just in case and there is no problem. And I ain’t never understood this whole Mac/Windows thing, a computer is a computer, an invention of man, and subject to problems, I don’t care what kind of logo is stuck on it.

  28. ChrisMac says:

    I can make a mac work.. if i have to.. from a pile of parts
    but i would only do it.. if it was free and i got to keep it..

  29. Gasparrini says:

    Jezz, I find it strange that you guys didn’t realize that I was using sarcasm. If you noticed there was a 😉 in my comment on the article. I am completely aware that Apple kicks M$ ass in security. What bothers me is the attitude that Apple has towards any type of vulnerabilities.
    Apple following M$’s lead on improving security? Please, everybody knows that M$ was in denial about security vulnerabilities for years and is playing catch up. I sometimes think that Windows Vista is SP3 for WinXP.


1

Bad Behavior has blocked 5324 access attempts in the last 7 days.