apple macs

xirokx said:
Hi guys,

a friend at work is an avid MAC fanboy....

He claims you cannot get a virus with a Apple Mac latest OS's 9.1 and 9.2 I think those are the versions....

Is that true?

Please advise

Thanks in advance

Cheers!!

Yes you can, but theres not many as no one can be bothered writing one for an old Mac OS like 9.x . But Windows XP is poorly designed from a security point of view
 
wush said:
I must say that I don't buy that at all. Regardless of market share, surely the major kudos you'd get in the 'scene' for putting out a killer OS X virus would be reward enough for plenty of people.

Haha, because you really think that hackers create their code for 'kudos' :rolleyes: as I said with my link to Google, OSX has been hacked before, and with the increased market share, it is being targeted ever-more. Look at how many patches OSX had last year due to vunerabilitys compared to previous years.

Hackers, on the whole, hack for one reason and one reason only; monetary gain. This is why XP gets targeted so much with viruses, spyware and all other general nasties, the producers want you to part with your cash to get their "miracle cure" to their program, visit their sites via browser injections so they get paid via adsense etc.

Granted, there are some people out there who hack just to get a name within the 'scene' but to say that you don't "buy" my statement is plain stupidity when I'm stating a true fact.
 
garyh said:
Haha, because you really think that hackers create their code for 'kudos' :rolleyes: as I said with my link to Google, OSX has been hacked before, and with the increased market share, it is being targeted ever-more. Look at how many patches OSX had last year due to vunerabilitys compared to previous years.

Hackers, on the whole, hack for one reason and one reason only; monetary gain. This is why XP gets targeted so much with viruses, spyware and all other general nasties, the producers want you to part with your cash to get their "miracle cure" to their program, visit their sites via browser injections so they get paid via adsense etc.

Granted, there are some people out there who hack just to get a name within the 'scene' but to say that you don't "buy" my statement is plain stupidity when I'm stating a true fact.

Yes, people create viruses for reasons other than monetary gain. Quotes from Wikipedia:

Virus writers can have various reasons for creating and spreading malware. Viruses have been written as research projects, pranks, vandalism, to attack the products of specific companies, to distribute political messages, and financial gain from identity theft, spyware, and cryptoviral extortion. Some virus writers consider their creations to be works of art, and see virus writing as a creative hobby.

Many writers consider the systems they attack an intellectual challenge or a logical problem to be solved; this multiplies when a cat-and-mouse game is anticipated against anti-virus software.


My emphasis. Therefore his quote applies without a doubt.

All the signs point to it being a lot more difficult to hack than Windows. If it was only about profit, why not attack macs more often? It known to the computing community that 99% of mac users don't have anti-virus software, so any money making virus would have a near 100% success rate.

There's a reason people attack Windows computers. They are not as secure. The fact Apple release updates is testament to the effort they are putting in to keep it that way. You can't hold that against them.
 
very true, at least they are trying to keep up with any exploits coming out and haven't got a major apparent backlog of holes in the OS
 
garyh said:
Haha, because you really think that hackers create their code for 'kudos' :rolleyes: as I said with my link to Google, OSX has been hacked before, and with the increased market share, it is being targeted ever-more. Look at how many patches OSX had last year due to vunerabilitys compared to previous years.

Hackers, on the whole, hack for one reason and one reason only; monetary gain. This is why XP gets targeted so much with viruses, spyware and all other general nasties, the producers want you to part with your cash to get their "miracle cure" to their program, visit their sites via browser injections so they get paid via adsense etc.

Granted, there are some people out there who hack just to get a name within the 'scene' but to say that you don't "buy" my statement is plain stupidity when I'm stating a true fact.

Well what about white hats? Surely someone would have done a proof of concept that was highly infectious?
 
punky_munky said:
Well what about white hats? Surely someone would have done a proof of concept that was highly infectious?

No-one's debating that it's not difficult, it's about whether it's possible. I'm 100% sure it's possible to develop a virus for pretty much any current OS.

Viruses take a lot of time to write, especially if it's for a new platform. White hats generally don't get paid for proof-of-concepts, so no white hat is going to spend a lot of time making something without being paid. No black hat is going to do it either, because they won't make much from a virus that can only target a small percentage of the world's computers.

Everyone's making it sound like viruses are things that malicious people write in a weekend away from their day job. On the contrary, it takes months and even years to find an flaw and then exploit it efficiently. Black hats do this for windows because a) it's easy and b) they get paid $$$ so it's worth the time and effort.

wush said:
I must say that I don't buy that at all. Regardless of market share, surely the major kudos you'd get in the 'scene' for putting out a killer OS X virus would be reward enough for plenty of people.

Plenty reward? It's not about the 'kudos' reward, it's about what puts food on your table when you're spending months at a time doing the research into the OS and then coding the virus/worm/trojan. Black hats don't care about kudos, they care about money. Funnily enough, black hats tend to write the best viruses.

There's almost nothing worse than seeing a bunch of mac users dance around thinking that because of the huge 'kudos' attached to developing malware for the 'invincible' OS that they use, there must be armies of people working day and night trying to build viruses for it, and their failure so far is testament to the 'invincibility' of it.

I don't think I've quite said this enough - virus writers don't care about OSX. Not even a little bit.
 
Last edited:
Fair enough. You and garyh make good points.

Still, even if the vast majority of virus writers are in it for the money, surely all it takes is one or more talented people who are (for what ever reason) determined or have nothing better to do?
 
wush said:
Fair enough. You and garyh make good points.

Still, even if the vast majority of virus writers are in it for the money, surely all it takes is one or more talented people who are (for what ever reason) determined or have nothing better to do?

If I was a virus writer, it would take a *lot* of determination to sit down for months and do something that will ultimately net me very little benefit, as opposed to using that time earning better money finding exploits in windows. I'm not denying that someone could be that determined to throw away an income for the sake of "proving a point", but most people I know actually like to be paid to work. Also, people with nothing better to do probably aren't exactly pick of the talent.
 
Apple has had tons of security flaws just this month. Loads last month too. Infact there is a group of (white hat) hackers targetting OSX and releasing vulnerabilities all this month - just to raise the awareness that OSX security is bad (and of course for some kudos as mentioned)

Finding vulnerabilities is one thing. Having people exploit them is another and just doesn't seem to spark anyones interest on the Mac. Probably because so few script kiddies use Macintosh's or because they know that their efforts would be wasted as the majority of Mac users aren't morons who would open executable attachments on e-mails or whatever.
 
Last edited:
NathanE said:
Apple has had tons of security flaws just this month. Loads last month too. Infact there is a group of (white hat) hackers targetting OSX and releasing vulnerabilities all this month - just to raise the awareness that OSX security is bad (and of course for some kudos as mentioned)

Finding vulnerabilities is one thing. Having people exploit them is another and just doesn't seem to spark anyones interest on the Mac. Probably because so few script kiddies use Macintosh's or because they know that their efforts would be wasted as the majority of Mac users aren't morons who would open executable attachments on e-mails or whatever.

Indeed, Moab is getting a lot of press at the moment. I don't particularly think that osx is that secure for an OS based on BSD. It's just there has hardly been any security research into it compared to linux/windows and I expect many vulnerabilies to come to light in future.

Things like safari automatically mounting dmg's after download is pretty unexcusable. When it can cause a kernel panic from any user. Apple really need to get their act together and stop relying on the BSD developers for security.

growse said:
Plenty reward? It's not about the 'kudos' reward, it's about what puts food on your table when you're spending months at a time doing the research into the OS and then coding the virus/worm/trojan. Black hats don't care about kudos, they care about money.



I don't think most virus writers are in it for the money. Its more the kudos and often darker motives. Not to mention challenging. Yes there are a few who do it for botnets/spam adverts but I would say the majority don't.

Some papers,
http://vx.netlux.org/lib/vas00.html
http://vx.netlux.org/lib/mpc00.html

Can't belive there is yet another thread on this :-)
 
Last edited:
xirokx said:
...Apple Mac latest OS's 9.1 and 9.2

LOL! That made me spit my lunch onto my desk! Honestly, I think it is much more resilient that the latest Microsoft OS, Windows for Workgroups 3.11... ;)
 
Una said:
Things like safari automatically mounting dmg's after download is pretty unexcusable. When it can cause a kernel panic from any user. Apple really need to get their act together and stop relying on the BSD developers for security.
Disk images are considered "safe" by Safari – I assume because mounting a disk image just shows the contents in Finder and does not execute any files within. If a downloaded disk image is capable of causing a kernel panic, I'm guessing that is an issue with Finder or an integral part of the operating system, not in Safari's judgement pertaining to whether or not disk images are classified "safe" or not.

Whilst I agree that enabling the feature by default is not a very good idea security-wise, to the vast majority of users who daren't mess around with the application preferences and only download disk images from reliable sources it's a feature which saves a few seconds and makes the whole process flow much better. It can, of course, be disabled with the click of a button if you are of the security-conscious variety :)
 
Al Vallario said:
Whilst I agree that enabling the feature by default is not a very good idea security-wise, to the vast majority of users who daren't mess around with the application preferences and only download disk images from reliable sources it's a feature which saves a few seconds and makes the whole process flow much better. It can, of course, be disabled with the click of a button if you are of the security-conscious variety :)

Its just the fact that it is enabled by default not the other way round which seems stupid to me....
 
Where are the reports of any users actually being affected by this 'Apple Month of Bugs' then?

Proof of concept says it all to me. So even if you do download a file, it CANNOT do anything at an operating system level without user permission. I am still sat here with a smug feeling.
 
AJUK said:
Where are the reports of any users actually being affected by this 'Apple Month of Bugs' then?

Proof of concept says it all to me. So even if you do download a file, it CANNOT do anything at an operating system level without user permission. I am still sat here with a smug feeling.

You seriously do have no clue, so I shall give up contributing to this thread..
 
garyh said:
You seriously do have no clue, so I shall give up contributing to this thread..
Carry on as much as you like. I am sick to death of hearing people posting crap as well.
 
AJUK said:
Where are the reports of any users actually being affected by this 'Apple Month of Bugs' then?

Proof of concept says it all to me.
That's right, proof of concept. The point is, OSX fans continually say that their OS is more secure than most things but in reality it simply isn't. If somehow Windows and OSX switched places overnight and OSX had to take the strain of Windows' 90% market share then you and every OSX fan would see that it's more like swiss cheese than a bank vault and would probably feel a little bit heart broken inside too. Apple has always been a company built around "beliefs" and fanaticism. It doesn't matter how much they believe something is true, it still does not necessarily make it true in the real world.

garyh said:
You seriously do have no clue, so I shall give up contributing to this thread..
There's no need for that.
 
Last edited:
NathanE said:
That's right, proof of concept. The point is, OSX fans continually say that their OS is more secure than most things but in reality it simply isn't. If somehow Windows and OSX switched places overnight and OSX had to take the strain of Windows' 90% market share then you and every OSX fan would see that it's more like swiss cheese than a bank vault and would probably feel a little bit heart broken inside too. Apple has always been a company built around "beliefs" and fanaticism. It doesn't matter how much they believe something is true, it still does not necessarily make it true in the real world.

I agree, it will be interesting to see what the next few years bring. If apple continue selling units and growing like they are there software will be trouble.

Mozilla firefox for example. It was rock solid, the most secure web browser. Now its popular people are starting to rip holes in it left, right and centre.

I can see the attraction to macs, had one myself for a bit but didn't use it enough mainly because my work requires me to have windows. However there is a lot of "fanboyism" (I know that’s not a word :p ) mac users which is rather tedious to say the least.
 
Back
Top Bottom