apple macs
- Thread starter xirokx
- Start date
wush said:
Haha, because you really think that hackers create their code for 'kudos'
as I said with my link to Google, OSX has been hacked before, and with the increased market share, it is being targeted ever-more. Look at how many patches OSX had last year due to vunerabilitys compared to previous years.Hackers, on the whole, hack for one reason and one reason only; monetary gain. This is why XP gets targeted so much with viruses, spyware and all other general nasties, the producers want you to part with your cash to get their "miracle cure" to their program, visit their sites via browser injections so they get paid via adsense etc.
Granted, there are some people out there who hack just to get a name within the 'scene' but to say that you don't "buy" my statement is plain stupidity when I'm stating a true fact.
garyh said:Haha, because you really think that hackers create their code for 'kudos'
Hackers, on the whole, hack for one reason and one reason only; monetary gain. This is why XP gets targeted so much with viruses, spyware and all other general nasties, the producers want you to part with your cash to get their "miracle cure" to their program, visit their sites via browser injections so they get paid via adsense etc.
Granted, there are some people out there who hack just to get a name within the 'scene' but to say that you don't "buy" my statement is plain stupidity when I'm stating a true fact.
Yes, people create viruses for reasons other than monetary gain. Quotes from Wikipedia:
Virus writers can have various reasons for creating and spreading malware. Viruses have been written as research projects, pranks, vandalism, to attack the products of specific companies, to distribute political messages, and financial gain from identity theft, spyware, and cryptoviral extortion. Some virus writers consider their creations to be works of art, and see virus writing as a creative hobby.
Many writers consider the systems they attack an intellectual challenge or a logical problem to be solved; this multiplies when a cat-and-mouse game is anticipated against anti-virus software.
My emphasis. Therefore his quote applies without a doubt.
All the signs point to it being a lot more difficult to hack than Windows. If it was only about profit, why not attack macs more often? It known to the computing community that 99% of mac users don't have anti-virus software, so any money making virus would have a near 100% success rate.
There's a reason people attack Windows computers. They are not as secure. The fact Apple release updates is testament to the effort they are putting in to keep it that way. You can't hold that against them.
Soldato
- Joined
- 17 Oct 2002
- Posts
- 3,101
garyh said:Haha, because you really think that hackers create their code for 'kudos'
Hackers, on the whole, hack for one reason and one reason only; monetary gain. This is why XP gets targeted so much with viruses, spyware and all other general nasties, the producers want you to part with your cash to get their "miracle cure" to their program, visit their sites via browser injections so they get paid via adsense etc.
Granted, there are some people out there who hack just to get a name within the 'scene' but to say that you don't "buy" my statement is plain stupidity when I'm stating a true fact.
Well what about white hats? Surely someone would have done a proof of concept that was highly infectious?
punky_munky said:
No-one's debating that it's not difficult, it's about whether it's possible. I'm 100% sure it's possible to develop a virus for pretty much any current OS.
Viruses take a lot of time to write, especially if it's for a new platform. White hats generally don't get paid for proof-of-concepts, so no white hat is going to spend a lot of time making something without being paid. No black hat is going to do it either, because they won't make much from a virus that can only target a small percentage of the world's computers.
Everyone's making it sound like viruses are things that malicious people write in a weekend away from their day job. On the contrary, it takes months and even years to find an flaw and then exploit it efficiently. Black hats do this for windows because a) it's easy and b) they get paid $$$ so it's worth the time and effort.
wush said:
Plenty reward? It's not about the 'kudos' reward, it's about what puts food on your table when you're spending months at a time doing the research into the OS and then coding the virus/worm/trojan. Black hats don't care about kudos, they care about money. Funnily enough, black hats tend to write the best viruses.
There's almost nothing worse than seeing a bunch of mac users dance around thinking that because of the huge 'kudos' attached to developing malware for the 'invincible' OS that they use, there must be armies of people working day and night trying to build viruses for it, and their failure so far is testament to the 'invincibility' of it.
I don't think I've quite said this enough - virus writers don't care about OSX. Not even a little bit.
Last edited:
Fair enough. You and garyh make good points.
Still, even if the vast majority of virus writers are in it for the money, surely all it takes is one or more talented people who are (for what ever reason) determined or have nothing better to do?
Still, even if the vast majority of virus writers are in it for the money, surely all it takes is one or more talented people who are (for what ever reason) determined or have nothing better to do?
wush said:
If I was a virus writer, it would take a *lot* of determination to sit down for months and do something that will ultimately net me very little benefit, as opposed to using that time earning better money finding exploits in windows. I'm not denying that someone could be that determined to throw away an income for the sake of "proving a point", but most people I know actually like to be paid to work. Also, people with nothing better to do probably aren't exactly pick of the talent.
Apple has had tons of security flaws just this month. Loads last month too. Infact there is a group of (white hat) hackers targetting OSX and releasing vulnerabilities all this month - just to raise the awareness that OSX security is bad (and of course for some kudos as mentioned)
Finding vulnerabilities is one thing. Having people exploit them is another and just doesn't seem to spark anyones interest on the Mac. Probably because so few script kiddies use Macintosh's or because they know that their efforts would be wasted as the majority of Mac users aren't morons who would open executable attachments on e-mails or whatever.
Finding vulnerabilities is one thing. Having people exploit them is another and just doesn't seem to spark anyones interest on the Mac. Probably because so few script kiddies use Macintosh's or because they know that their efforts would be wasted as the majority of Mac users aren't morons who would open executable attachments on e-mails or whatever.
Last edited:
NathanE said:
Indeed, Moab is getting a lot of press at the moment. I don't particularly think that osx is that secure for an OS based on BSD. It's just there has hardly been any security research into it compared to linux/windows and I expect many vulnerabilies to come to light in future.
Things like safari automatically mounting dmg's after download is pretty unexcusable. When it can cause a kernel panic from any user. Apple really need to get their act together and stop relying on the BSD developers for security.
growse said:
I don't think most virus writers are in it for the money. Its more the kudos and often darker motives. Not to mention challenging. Yes there are a few who do it for botnets/spam adverts but I would say the majority don't.
Some papers,
http://vx.netlux.org/lib/vas00.html
http://vx.netlux.org/lib/mpc00.html
Can't belive there is yet another thread on this
Last edited:
Soldato
- Joined
- 3 Aug 2005
- Posts
- 4,534
- Location
- UK
Disk images are considered "safe" by Safari – I assume because mounting a disk image just shows the contents in Finder and does not execute any files within. If a downloaded disk image is capable of causing a kernel panic, I'm guessing that is an issue with Finder or an integral part of the operating system, not in Safari's judgement pertaining to whether or not disk images are classified "safe" or not.Una said:
Whilst I agree that enabling the feature by default is not a very good idea security-wise, to the vast majority of users who daren't mess around with the application preferences and only download disk images from reliable sources it's a feature which saves a few seconds and makes the whole process flow much better. It can, of course, be disabled with the click of a button if you are of the security-conscious variety
Al Vallario said:Whilst I agree that enabling the feature by default is not a very good idea security-wise, to the vast majority of users who daren't mess around with the application preferences and only download disk images from reliable sources it's a feature which saves a few seconds and makes the whole process flow much better. It can, of course, be disabled with the click of a button if you are of the security-conscious variety
Its just the fact that it is enabled by default not the other way round which seems stupid to me....
Soldato
- Joined
- 17 Oct 2002
- Posts
- 3,101
garyh said:
Yes, what a well written article...
Where are the reports of any users actually being affected by this 'Apple Month of Bugs' then?
Proof of concept says it all to me. So even if you do download a file, it CANNOT do anything at an operating system level without user permission. I am still sat here with a smug feeling.
Proof of concept says it all to me. So even if you do download a file, it CANNOT do anything at an operating system level without user permission. I am still sat here with a smug feeling.
That's right, proof of concept. The point is, OSX fans continually say that their OS is more secure than most things but in reality it simply isn't. If somehow Windows and OSX switched places overnight and OSX had to take the strain of Windows' 90% market share then you and every OSX fan would see that it's more like swiss cheese than a bank vault and would probably feel a little bit heart broken inside too. Apple has always been a company built around "beliefs" and fanaticism. It doesn't matter how much they believe something is true, it still does not necessarily make it true in the real world.AJUK said:
There's no need for that.garyh said:
Last edited:
NathanE said:
I agree, it will be interesting to see what the next few years bring. If apple continue selling units and growing like they are there software will be trouble.
Mozilla firefox for example. It was rock solid, the most secure web browser. Now its popular people are starting to rip holes in it left, right and centre.
I can see the attraction to macs, had one myself for a bit but didn't use it enough mainly because my work requires me to have windows. However there is a lot of "fanboyism" (I know that’s not a word
) mac users which is rather tedious to say the least.