Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MAC computer is still not totally safe in virus?
- Thread starter stuart2102
- Start date
- Sort by reaction score
Chicken and Egg, scenario - imo. Malware doesn't just spring out of nowhere, they are based on the tools and/or knowledge gained by exploiting a platform previously. In the case of Windows.... over the years hackers have amassed a great deal of knowledge that can be passed on, as well as tools that can automate the search for a possible hole to exploit. A piece of malware is based on all the previous (similar) malware that came before it - both successful and unsuccessful.
OS X has had so few malware attacks - for several reasons - that there just isn't the accumulated knowledge for a malware author to tap into, nor the tools to automate the search for holes to exploit. It may be that OS X is just generally harder to crack - but the fact that there are so few attacks makes any attack harder to write.
Any malware author wanting to write an exploit has a huge learning curve in order to get to a place where they can start writing productive (in their eyes) code.
For hackers that are after money, Windows is still the platform of choice. The Windows market share, combined with the ease of writing malware that bypasses the often outdated malware protections (And for the record - I think Mac owners can be just as lazy about keeping their systems up to date - There are just numerically more outdated Windows systems) means that for a little effort you can get a big payoff. For OS X the effort needed is greater (few tools and less of a knowledge base to tap into) and the payoff less (just from a numerical point of view).
What I find intriguing is that no one seems to have written a serious piece of malware just for the glory. Is it because OS X is in fact that much harder to crack? Or is the glory attached to an OS X exploit that much less than we, non-malware-writing-plebes, think?
Anyway... this is just imho....
Well, just this year there has been Flashback and MacDefender if you want to go "any malware", not just viruses. So there is some out there, it mostly uses attack vectors like 3rd party plugins that Apple includes (and are removing slowly) and mixes it up with social engineering to bypass the need for code escalation vulnerabilities.
Yes, there are ... (and I'm purposely using "malware" instead of "virus/trojan/etc" because if your computer is compromised, you don't really much care about the specifics...
).But you do make my point. These exploits are either using a 3rd party technology - i.e. bypassing OS X - or social engineering. Both are still serious issues, no question, but they are not exploiting OS X (though of course, a compromised system is still a compromised system). I find it intriguing though.
In the case of Flashback, as you've stated, they are removing that vector by removing that technology - as much as they can. In the case of other possible generic trojans that use social engineering they are, reportedly at least, introducing some new defences like a) Gatekeeper, and b) some serious sandboxing (if I understand what I'm reading - some developers are supposedly unhappy because MAS apps will be limited in what they can do across the system.) I think the sandboxing is especially targeted at straight up social engineering type malware. For a malware author, it severely restricts the number of possible victims you can benefit from. I suspect the vast majority of Mac users are getting the vast majority of their apps from the MAS. To try and target the remaining minority of app installations probably makes the payoff minimal compared to the effort and the risk of being caught.
One of the things I think a lot of Mac security critics miss is that Apple doesn't have to make the Mac 100% safe, they just have to make it hard enough to exploit that nobody really bothers to take the time.
What I find very intriguing.... is that when a malware like the Mac Defender is reported, the press take great delight in pointing out the relatively small numbers of infected Macs, and ignore the very large numbers of websites need to be compromised in order spread Mac Defender. But - that's the media for you....
Well, nothing is 100% safe. We pretty much accepts that the sun will rise tomorrow, but even THAT isn't 100% guaranteed. A Vogon constructor fleet could appear in orbit to demolish the Earth to make way for an intergalactic highway.
I know this sounds Yogi Berra, but OS X is safe from viruses until it isn't.
Lol. Honestly, I used a PC for 8 years and a Mac for 6, I had multiple viruses/trojans/malware on my PC with extensive Virus, Adware and Spyware protection, while on the Mac side I haven't had a single virus or malware with NO virus protection.
KnightWRX You thinking of DOS and OS like windows 9.x base on DOS where software and user level ran in administrator mode.
All windows 2000, XP,Vista and 7 are base on NT .
The only difference of NT and Unix /Linux /OS X is permission authentication. Where in Unix /Linux /OS X permission authentication is base on folders ,files and home group where windows permission authentication is base on user group what that group has read and write access to.
So first thing IT guy will do on windows is set up user group and what that group has read and write access to. But most home users will not do this.
One can set up permission authentication base on user group too in Unix /Linux /OS X .
But by default with Unix /Linux /OS X you need authentication out side you home group and this not case with windows. And most people run administrator mode with windows where wth Unix /Linux /OS X you user that has permission to do administrator stuff that needs authentication .
Windows vista and windows 7 is knock off the sudo command in Unix /Linux with Although User Account Control (UAC).In OS X they give you pretty GUI to authenticate.
Also note Although User Account Control (UAC) and IE sanbox has a lot holes and bugs and many malware get by .
All windows 2000, XP,Vista and 7 are base on NT .
The only difference of NT and Unix /Linux /OS X is permission authentication. Where in Unix /Linux /OS X permission authentication is base on folders ,files and home group where windows permission authentication is base on user group what that group has read and write access to.
So first thing IT guy will do on windows is set up user group and what that group has read and write access to. But most home users will not do this.
One can set up permission authentication base on user group too in Unix /Linux /OS X .
But by default with Unix /Linux /OS X you need authentication out side you home group and this not case with windows. And most people run administrator mode with windows where wth Unix /Linux /OS X you user that has permission to do administrator stuff that needs authentication .
Windows vista and windows 7 is knock off the sudo command in Unix /Linux with Although User Account Control (UAC).In OS X they give you pretty GUI to authenticate.
Also note Although User Account Control (UAC) and IE sanbox has a lot holes and bugs and many malware get by .
Please point where in my multitude of posts you think I'm not talking about NT and about what subject exactly. I specifically mentionned NT quite a few times and this thread is more than a week old. Jog my memory if you want to discuss things.
And try to see what processes run on your system. Plenty of OS level processes run with administrator or even higher privileges (like Local System, System or Network Service privilege levels).
Same as on Unix :
Code:
$ ps -fu root
UID PID PPID C STIME TTY TIME CMD
0 1 0 0 28Jun12 ?? 4:37.43 /sbin/launchd
0 10 1 0 28Jun12 ?? 0:14.63 /usr/libexec/kextd
0 11 1 0 28Jun12 ?? 0:06.07 /usr/libexec/UserEventAgent -l System
0 12 1 0 28Jun12 ?? 0:08.20 /usr/sbin/notifyd
0 13 1 0 28Jun12 ?? 0:02.03 /usr/sbin/diskarbitrationd
0 14 1 0 28Jun12 ?? 0:44.65 /usr/libexec/configd
0 15 1 0 28Jun12 ?? 0:04.88 /usr/sbin/syslogd
0 16 1 0 28Jun12 ?? 0:28.34 /usr/libexec/opendirectoryd
0 17 1 0 28Jun12 ?? 0:03.31 /usr/sbin/distnoted daemon
0 18 1 0 28Jun12 ?? 0:13.90 /System/Library/CoreServices/powerd.bundle/powerdSomethings just can't run unprivileged.
Hum, this is plain wrong, they aren't really different at all. NT and Unix ACLs are both applied directly to folders and files. Both use a owning user, other users and groups and default world permissions. NT is more granular in its permissions while Unix allows 3 : read write execute. POSIX ACLs under Unix allow to set permissions on a file/directory for multiple users and/or groups at the same time.
Windows NT however does use its ACL sub-system to set ACLs to a much wider breadth of objects, in fact, everything in NT can have an ACL thereabout. Printers, Registry entries, OUs in Active Directory, etc.. etc..
Hum, no. Most Linux distros force you to set the root password but only present an optional unprivileged user creation screen. Users are free to run as root all the time. HP-UX sets the root password during an ignite and nothing else.
Windows NT though since Windows XP has forced the creation of a user during install IIRC. OS X also forces it, but allows you to run it as part of the admin group.
No OS offers more security than the other here.
I run admin on my OS X installation. The installation procedure asked me if I wanted my user to be admin or not. I prefer less typing. And the number of people who just run root on Linux at home is staggering (my home Linux servers, all 4 of them, have unprivileged accounts created and I set up key based authentication for ssh and NOPASS in sudoers since again, I prefer less typing).
UAC is not sudo at all. UAC runs at the default display level, while your user session connects to the display server over RDP. That means nothing can bypass and force UAC operations besides the user. It's a much more complex mecanism than the simple user switching sudo/su does.
Again, I stated it quite clearly in this thread : sudo in Windows has been there since waaaaaaaaaaay before UAC in Vista. It's called runas. Go ahead, type start -> run, type in cmd, and type runas. I'll wait.
Yep, good old sudo/su right there for Windows.
So does a lot of Unix and OS X stuff. What's your point with this ?
Don't forget : You're talking to a Unix systems administrator here that has dabbled in the Windows world at the turn of the century for a couple of years as a system integrator.
The plain fact is : Windows NT was designed as a multi-user system with system level ACLs, proper process seperation, memory protection, kernel/userspace segregation, etc.. etc.. Windows NT is for all intents and purposes just as capable of proper levels of security as Unix. Unix has nothing inherent about it that makes it more secure if that was what you're trying to say.
Nothing in AT&T's copyright code base makes it more secure.
Nothing in the Opengroup's SUS makes it more secure.
Nothing in the Opengroup's trademark makes it more secure.
BTW, sudo is not part of the SUS. I have plenty of Unix systems without sudo. HP-UX and Solaris both use something called RBAC (role based access control) instead of sudo.
Linux , Unix and OS X use POSIX ACLs and windows use ACLs . Setting up POSIX ACLs on Linux, Unix and OS X is easy not case with windows.
With Unix /Linux /OS X with only one account set up that is administrator account but will need authentication out side user level . With windows with only one account you administrator / root and can do any thing with out authentication .
With windows to go on the internet you need standard or guest account (most home user do not do this) to force malware and behavior of the OS do not have permission to download or install programs .
With Unix /Linux /OS X you can go on internet with administrator account do to it need authentication root access to download or install programs in system level or making modification in system level .
The only time Unix /Linux /OS X will not ask for authentication for downloading or installing programs if the apps does not install or modify at the system level.
It is perfectly okay to run has administrator account with Unix /Linux /OS X but not root . With windows one should never run has administrator account only when installing programs , doing updates or making system setting. Always run standard or guest account 98% of the time with windows and especially when internet surfing this will not stop but cut down on malware infection.
Windows would not need UAC if it was like Unix /Linux /OS X that you a administrator user that needs authentication to system level .
You cannot even update Java or flash or install apps with out authentication and this not the case when you using administrator account in windows.
The reason I was saying windows vista and windows 7 is knock off the sudo command is it is poorly implemented the UAC and has a lot of holes and bugs and was explain here at macrumors many times.
I will get back to you on the other parts of this thread.
Last edited:
Uh ? What are you on ? On windows, you just right click whatever you want to set an ACL for and click "Add/Remove" to guess what, Add or remove groups/users. You then check a couple of checkboxes to set the ACL. You can then set inheritance values so you don't have to reset whole sub folders.
It's based on Novell's Netware ACL model actually, which is the best ACL model the industry has ever seen, period.
POSIX ACLs are tacked on to the Unix filesystem, and require mostly cryptic syntax to set using setfacl and getfacl to display them.
Do you even have any basis or understanding of our conversation here ?
I don't even know what you're talking about here. The root user doesn't need outside authentication, just like Administrator on Windows. root is actually more powerful than Administrator actually, as it can do anything, while Administrator is less priviledged than the System user on Windows.
See above.
The following paragraph tells me you are quite confused about how user security works on Unix and Windows :
Same as any Unix system. I'm really confused about what you're trying to imply. Running as root on Unix or Administrator on Windows is the same thing (except again, root is more privileged on the system than Administrator is).
Both systems are the same in this regard.
And again, the root user does not need "authentication" beyond login into the account. There is no difference. You're just making stuff up at this point, you obviously do not know a thing about Unix/Linux/OS X security and how it works.
And sudo is not perfect :
http://blog.c22.cc/2011/01/13/sudo-g-privilege-escalation-cve-2011-0010/
Not to mention sudo is SUID root in order to work. It's very dangerous when these flaws pop up (you know what SUID root means right ? rwsr-xr-x <-- the little s there. You know what it means right ? Otherwise, you have no place in this conversation.).
Please don't. I don't know how much more confused rambling I can take. I don't even know what's your point anymore nor why you decided to resurrect this thread to post whatever it is you're posting that has nothing to do with the current topic. Keep it simple : Are you saying Unix has a superior user account model without knowing how it works at all (the interaction between UID 0 vs sudoers vs RBAC vs a normal user) ? Because that's just plain wrong and quite the misunderstanding of how Unix works.
Again, I administer over 800 Linux/HP-UX/Solaris boxes. Trust me, walk away.
I think this disscuses is over now has you not even reading what I'm replying Most of you reply is not addressing my reply.
I have use windows and I can remove programs ,install programs and modify and delete system stuff with no password or prompt other than UAC in windows vista and windows 7 .Not the case with OSX ,Linux or Unix.
I see you never used any thing other than windows do to you have to put password to install, update or modify or delete system setting.
No no no no no root is locked in with OSX ,Linux or Unix you admin user not root user period .There are ways to turn root on but by default it is locked.
With windows admin it is root and admin .
Please read this thread has it seems to come up almost every week here macrumors https://forums.macrumors.com/threads/1375639/
Most of you reply is not addressing my reply.I have use windows and I can remove programs ,install programs and modify and delete system stuff with no password or prompt other than UAC in windows vista and windows 7 .Not the case with OSX ,Linux or Unix.
I see you never used any thing other than windows do to you have to put password to install, update or modify or delete system setting.
No no no no no root is locked in with OSX ,Linux or Unix you admin user not root user period .There are ways to turn root on but by default it is locked.
With windows admin it is root and admin .
Please read this thread has it seems to come up almost every week here macrumors https://forums.macrumors.com/threads/1375639/
I think this disscuses is over now has you not even reading what I'm replying
I have use windows and I can remove programs ,install programs and modify and delete system stuff with no password or prompt other than UAC in windows vista and windows 7 .Not the case with OSX ,Linux or Unix.
I see you never used any thing other than windows do to you have to put password to install, update or modify or delete system setting.
No no no no no root is locked in with OSX ,Linux or Unix you admin user not root user period .There are ways to turn root on but by default it is locked.
With windows admin it is root and admin .
Please read this thread has it seems to come up almost every week here macrumors https://forums.macrumors.com/threads/1375639/
Look. Again : I'm a Unix systems administrator. Have been for about 8 years now. I can tell you with certainty ...
You know what, you're right. I don't have a clue how computers work. Everything you've said has been explained with the utmost knowledge of computers, security vulnerabilities, default system configuration and proper understanding of user account configuration on multiple operating systems.
(Can we move on now ? I'll tell my boss to fire me tomorrow and hire you, how does that sound ?
).*sigh*.
Look. Again : I'm a Unix systems administrator. Have been for about 8 years now. I can tell you with certainty ...
You know what, you're right. I don't have a clue how computers work. Everything you've said has been explained with the utmost knowledge of computers, security vulnerabilities, default system configuration and proper understanding of user account configuration on multiple operating systems.
(Can we move on now ? I'll tell my boss to fire me tomorrow and hire you, how does that sound ?
*sigh*.
I never said that .I think there could be problem some times I don't understand your reply or post and some times you do not understand my posts and reply thus the confused.
When I ran windows before vista I never got prompts when I remove programs ,install programs and modify and delete system stuff asking for passwords.
Back in DOS ,windows 3 X and windows 9X there was only one user that was admin why would that user need security or confirmation in OS . It did not and need to .
Windows NT was base on users want that user had read and write access too and windows 2000/XP/ vista and 7 is base on NT .The IT guy who is admin uses the admin account for admin stuff like installing and removing programs or accessing system stuff like deleting or modify system files.
Most people at that business and corporation will belong to a group and that determine what read and write access they have . With people belong to group and the IT guy will set up the read and write access that keeps security in balance. Others wise being a users I could delete other peoples projects or install programs or god knows what else .
Home users is well a different story that means well when you buy a new computer it comes with one account that is admin account and you can do any thing that means installing and removing programs or accessing system stuff like deleting or modify system files with no password prompt this caused massive problems so Microsoft solution was to through the UAC at it for homes user. In the business and corporation that was not problem has system was locked down by IT guy for people in that business and corporation . Also with business and corporation people do not internet surf like home users so Microsoft never had to deal with that problem. Has you get fired for internet surfing on the job.
And most IT guys check routers log so getting cought for internet surfing is easy.
I don't understand your posts because you ramble on and on about things you don't quite understand.
What is your point ? What are you trying to argue here ? What are you trying to explain ?
You don't know about ACLs, you don't know about privilege escalation bugs, you don't know about how to "smash the stack" to insert executable code beyond the boundaries of allocated memory (yes, even on modern OSes with memory protection) commonly known as a buffer overflow, you've obviously never installed HP-UX, Solaris or any Linux distribution beyond probably Ubuntu or Mandrive. You have no idea what Netware ACLs are, why POSIX ACLs are a hack and why David Cutler (do you even know who this guy is ?) was chosen to write Windows NT for Microsoft.
Heck, I bet you didn't even know Microsoft once licensed the Unix version 7 code base from AT&T and made their own version of Unix which they licensed to OEMs.
You don't know sudo's relation to Unix (hint, it has no relation to Unix), or what Unix even is (hint, it's not an operating system anymore, it's actually 3 seperate and distinct things : 1- A copyrighted code base owned by Novell, 2- A trademark owned by the OpenGroup, 3- A specification, known as the Single Unix Specification, which is a set of specifications a system must meet in order to be certified to use the trademark mentionned in 2).
So what is it you're trying to tell me ? What do you think I'm wrong about ? And if I am wrong about something, quote it directly and precisely and CITATIONS NEEDED.
Until then, please, pretty please, with a cherry on top, stop rambling incomprehensible things and using words like Unix/Linux/OS X as if they mean what you think they mean.
If you could even see what the logs to our WCCPv2 enabled proxies look like, you'd understand how laughable this statement is.
Last edited:
If you want talk about those things thats fine but those things are way off my post above in fact none of those things address my post above .I'm not sure what you arguing about that windows , Linux , Unix and OS X do not prompt for password when installing and removing programs or accessing system stuff like deleting or modify system files or it does prompt when installing and removing programs or accessing system stuff like deleting or modify system files .
I'm also not sure what arguing about what is better out of the box OS or what is better locked down OS.
Did you read that link above I give you and what you take is on that link.
What does any of that have to do with this thread ?
And again : no, it depends. And "Unix does not prompt for password to do stuff", what Unix ? AIX, Solaris, HP-UX, FreeBSD, OpenBSD, NetBSD, Xenix, IRIX, NeXTSTEP, which god damn Unix are you even talking about ? What UID are you running ?
Why are we discussing this stuff when it has no relations to viruses or lack thereof on OS X ?
I'm so confused, what point are you trying to make ? <--- why don't you answer this question I've now asked you 3 times. What are you even talking about ?
What does any of that have to do with this thread ?
And again : no, it depends. And "Unix does not prompt for password to do stuff", what Unix ? AIX, Solaris, HP-UX, FreeBSD, OpenBSD, NetBSD, Xenix, IRIX, NeXTSTEP, which god damn Unix are you even talking about ? What UID are you running ?
Why are we discussing this stuff when it has no relations to viruses or lack thereof on OS X ?
I'm so confused, what point are you trying to make ? <--- why don't you answer this question I've now asked you 3 times. What are you even talking about ?
I will send you PM.
What are we discussing that has no relations to viruses or lack thereof on OS X ?
Any of the Linux and OS X I use prompt for password when installing and removing programs or accessing system stuff like deleting or modify system files for good reason has security feature and deal with malware.
Note I was saying windows does not prompt for password when installing and removing programs or accessing system stuff like deleting or modify system files using admin account that most home users use.
Last edited:
That we know of. I mean I would be astonished if some foreign governments did not have variants for use in their cyber warfare programs.
You've not established anything of the sort. ACLs and account management has mostly nothing to do with modern malware which uses bugs like buffer overflows to do privilege escalations and code execution. Network services affected by these bugs can result in both, creating what is called a "remote root hole".
Unix as defined anyway does not define any type of account management, nor ACL control, so I don't know why you're trying to argue anything there. OS X lacks viruses only because no one bothered to write one for a reason or another. It has had plenty of security issues in the past (patched by Apple) that could have allowed one. Leopard and Tiger both still have many that were only fixed in Snow Leopard that could even still technically be used.
Because like I keep saying, you do not run root.
Do not run as administrator.
Both systems are equal on this front. This is not Windows' flaw. It's not the reason Windows gets more viruses than say Solaris or HP-UX or Arch Linux or Ubuntu or OS X. And you can't say "Unix works like XXXX" because there is no 1 single way defined in the SUS for how Unix must behave as far as accounts go.
It's quite true. Common sense and education is the best defense against Mac malware.
I think the point nec207 is making is from a consumer end user standpoint. While in Windows logged in as administrator I can basically uninstall/reinstall programs to my hearts desire. If someone jumps on my computer while I am still logged on they can really do pretty much anything they want. When on most common linux distros (ubuntu, fedora, opensuse, etc) you are going to be prompted for a password when uninstalling things or making changes to system files (assuming they can even get that far). This is really besides the point though since we are talking about viruses/malware on the computer.
I think nec207 and KnightWRX are on two separate pages here.
Really, if no one can be bothered to port games to linux, do you really think there is going to be a rush to create viruses/malware for the system?
I love linux, but its just not that popular.
I think nec207 and KnightWRX are on two separate pages here.
Really, if no one can be bothered to port games to linux, do you really think there is going to be a rush to create viruses/malware for the system?
I love linux, but its just not that popular.
And so can you in a Unix system when logged in as root. I think nec207 was trying to say Windows somehow encourages people to run as administrator by not creating unprivileged accounts during installation. This is plain false since at least Windows XP, seeing this screen :
So from a consumer/end user point of view, all these systems are the same in that they offer to create unprivileged users from the initial install/configuration.
Except if you're logged in as root, which is enabled by default on all of these. In fact, last time I used SuSE, creating user accounts during installation was optionnal.
Exactly, I don't know why nec207 tried to bring this up.
I'm not on any pages, I want to know what page he's on though, he's been avoiding that question and not telling me what his whole point is.
You might try installing a newer version of the more consumer friendly distros these days (ubuntu 12.04, fedora 17). They have really streamlined the process for people new to the system and while you are still not forced to do anything, you typically run through an account creation process when installing using the live CD. Once this is created you are dropped into the user account on first login and have to elevate to root through "su" or "sudo" (password required) if you want to do anything useful.
The server versions of these distros are completely different though and usually drop you directly at root level with no GUI.
Im sure you work more in the enterprise world, but some linux distros have come a long way in consumer user friendliness (both with install and initial setup).