10-17-2010, 12:57 AM

Quote:

Originally Posted by LPPU

Does that new Stuxnet thing effect the Mac? And if not then what's keeping it from doing so? It sounded like this thing was a whole new thing and a HUGE deal.

http://en.wikipedia.org/wiki/Stuxnet

Windows specific.

10-17-2010, 01:08 AM

Just as Windows software doesn't run on Mac OS X natively, Windows viruses do not either. Software is software.

10-17-2010, 02:09 AM

Let me say that my MacBook is connected to a school network 24/7. It is constantly running 24/7. And considering the internet browsing I do, I do not run antivirus on it.

I find it totally hilarious that these commercials (like "MaxMySpeed.com") advertise virus removal for Mac computers. Among other commercials of course...

Oh...does anybody find it ironic that the Citrix commercial where the two guys sell sushi- one guy owns a Mac, though Citrix is and has been partnered with Microsoft?

10-17-2010, 08:48 AM

Quote:

Originally Posted by Chris H.

Oh...does anybody find it ironic that the Citrix commercial where the two guys sell sushi- one guy owns a Mac, though Citrix is and has been partnered with Microsoft?

Not a bit. Citrix fully supports Mac and iOS. In fact, they were quick to jump on the latter and have an amazingly robust solution.

Remember, even Apple partners closely with Microsoft (Exchange support in OS X, which is licensed from M$). Conversely Apple often provides dev support to M$ for Office.

10-20-2010, 09:08 PM

Added link for Panda Antivirus.

https://shop.pandasecurity.com/cgi-b...D1&track=55450

10-27-2010, 10:12 PM

So there appears to be a new trojan out.

Critical security risk posed by new 'Boonana' Trojan horse for OS X | MacFixIt - CNET Reviews

Like the others it needs you to enter your administrator password.

10-28-2010, 08:16 AM

Quote:

Originally Posted by LPPU

So there appears to be a new trojan out.

Critical security risk posed by new 'Boonana' Trojan horse for OS X | MacFixIt - CNET Reviews

Like the others it needs you to enter your administrator password.

Like this thread we already have talking about it?

Security alert: New Trojan Horse apps said to attack the Mac

10-28-2010, 02:45 PM

I have recently switched to Mac, tired of PCs. I have a MacMini OSX 10.6.4 with Snow Leopard. My first concern was with Security, so I followed instructions and went to the Security Panel, to find that there were only two tabs: General and FireVault. No Firewall tab.
Is the Firewall tab missing because
a) I activated FireVault (which I find unobtrusive and reassuring)
b) I use a router, which may have a Firewall.
Thanks for your help.
By the way, great thread, Schweb!

10-28-2010, 07:07 PM

Quote:

Originally Posted by schweb

Like this thread we already have talking about it?

Security alert: New Trojan Horse apps said to attack the Mac

FOILED AGAIN!!!!! *shakes fist*

I do have a question though...but not about this.

I got an email from a friend yesterday, and he's been known to have malware issues and spam issues before. I didn't open his email yet because quite frankly who knows if it's even him. It could be a spambot that got him this time.

But while I didn't open the email I did have my mouse hovering over it, and when I'm on certains websites and I hover over a link it will display some of the contents of where the link goes. I don't know if that would happen with Gmail, but if it did would it have displayed any malware?

What worries me a little bit is stuff like this new trojan can be for both windows and OS X. And then I know there are browser hijacks, but I don't know if they can get us Mac users. All the popular browsers are for both operating systems, and I know that with Firefox it needed me to enter a password to install it, but needed no password for the extensions themselves. What would keep malware from installing to the browser if I needed no password to install extensions?

10-28-2010, 07:33 PM

For Mac OSX you would need to type in your password to allow malware to install. So rule of thumb is that if you don't know why the box just popped up asking for your password, don't type it in.

10-29-2010, 05:58 PM

After reading the initial post regarding the Security Alert Topic here on the forum, as well as the replies that followed.. Rather than add-on other threats to OS X in that thread, I came to this thread to ask the following....

Many still believe OSX is (let's call it) untouchable against viruses, trojans, etc. So I have to ask here.. Can someone please explain the viruses, trojans and such reported vulnerabilities against OSX in the following links? And for that matter, why Apple finds vulnerabilities and patches them, not to mention add's Malware to a OS that supposedly "doesn't get PC viruses"?

Pwn2Own Winner.

Mac Botnet: iWork Installer.

SC Magazine - Security Flaw in Snow Leopard

And I have to wonder, why would Apple do this?
zdnet - Apple adds Malware Blocker in Snow Leopard
If you bother with this link, be sure to read the comments section.

And if you're clinking the links, this is very interesting read..
Gigaom - Antivirus Software On Your Mac: Yes or No?

So if anyone (actually knowledgeble) can tell me why some will insist I have nothing (and have never had anything) to worry about, I will appreciate it. Sincerely.

10-29-2010, 10:37 PM

Quote:

Originally Posted by Mad_Man

Many still believe OSX is (let's call it) untouchable against viruses, trojans, etc. So I have to ask here.. Can someone please explain the viruses, trojans and such reported vulnerabilities against OSX in the following links? And for that matter, why Apple finds vulnerabilities and patches them, not to mention add's Malware to a OS that supposedly "doesn't get PC viruses"?

No OS is immune to malware (which is a broader category of malicious software that includes Spyware, Adware, Viruses and Trojans - each of which is not the same thing and varies in its severity). OS X has had a handful of trojans thrown at it in the past few years. Trojans effect any platform as they are simply undesirable software that are masked to look like desirable software. They essentially play on the ignorance of a user, as opposed to actually using clever programming to co-opt a system.

I think the reason that the Mac has gotten a reputation for being free of these maladies (aside from Apple marketing) is that while OS X has had a half dozen or so trojans, their overall effect is relatively minor and their number is dwarfed by the hundreds of thousands of maladies that are Windows-specific.

But again, you will never buy a computer that is absolutely impervious to security threats. It doesn't exist, and will never exist as long as imperfect humans are creating computers and other malicious humans are writing software for them.

Quote:

Pwn2Own Winner.

Charlie Miller is very talented, indeed. Unfortunately, about the only way he can "pwn" a system is to coerce or be allowed to direct a user into visiting a very specifically coded webpage that he has prepared in advance over weeks or months of research trying to find the tiniest of bugs.

Should this be of concern to the average user? Sure, but just as an unseen asteroid could impact the Earth tomorrow ending life as we know it, the likelihood that you would run into a site like this under casual browsing is slim to none. And if you do, the likelihood that an AV product would stop you from visiting it is even slimmer.

Quote:

Mac Botnet: iWork Installer.

This is a trojan bundled with a pirated copy of iWork. Don't pirate software and you have nothing to worry about. Always be cautious about where you get your software from, particularly if it requires an admin password to install it.

Quote:

SC Magazine - Security Flaw in Snow Leopard

Again, as long as software is made by humans, they will have bugs that lead to exploits. Same goes for any complex creation. Fortunately this is one that was found and patched. The moral of this story? Keep your software updated.

Quote:

And I have to wonder, why would Apple do this?
zdnet - Apple adds Malware Blocker in Snow Leopard

I have to wonder why Apple would block one of these trojans too, especially since one of the patched-for maladies is the one that's included with pirated copies of iWork (seeing as you'd think they'd want pirates to get their just desserts ).

But seriously, the two most actively distributed trojans are this one and the one that comes from porn video sites. It basically tries to convince you that you need to download a "codec" to view a video. And of course you need to enter your admin password through the process, which should throw up red flags for any relatively savvy Mac user.

Moral of this story? Again, don't pirate. And if you're on a seedy site, I probably wouldn't trust its recommendation of codecs.

Quote:

If you bother with this link, be sure to read the comments section.

And if you're clinking the links, this is very interesting read..
Gigaom - Antivirus Software On Your Mac: Yes or No?

So if anyone (actually knowledgeble) can tell me why some will insist I have nothing (and have never had anything) to worry about, I will appreciate it. Sincerely.

Put simply... because at this point in time, the threats are so few and far between, the severity of those threats is so low, and avoiding those threats is so simple, that it's just not warranted. In most cases, they are more trouble than they're worth.

NO AV package can possibly protect a computer against the greatest threat to it: *YOU* Nearly every Windows machine that I remove malware from has an active, up-to-date and decent AV package on it. Guess what? These folks still get infected. Why? Because there's no AV package that can defend successfully against the hundreds of thousands of maladies that Windows is susceptible to - especially if the user doesn't apply any common sense in using the machine.

So, what is my recommendation as a seasoned Windows network admin with more than a few years of Mac experience under my belt? Just follow a few simple rules and you have nothing to worry about:

1. Make backups. If something bad happens, you can recover easily using a Time Machine, Carbon Copy Cloner or SuperDuper! backup.

2. Keep your OS up-to-date using Apple's built in Software Update mechanism.

3. Don't pirate software. Furthermore, don't download software from sites you know little to nothing about. Sites like Apple's own public domain download site, MacUpdate, and CNET's Download.com are good sources.

4. Most Mac software does *not* require an admin password to install. If it does, that means it's trying to modify the OS in a significant way. If you're installing software and you're prompted for a password, make sure it passes the following common sense test:

* I know what this software is and what it does.
* I trust the source of this software
* I know why I need it.

If you can't answer those questions "yes", don't install it.

10-29-2010, 10:37 PM

And one more thing...

I think the best op-ed I've ever read on Mac security is as follows... and I think it's worth repeating here, as it explains quite well why the Mac (and Linux) has fared so well in an era of constant security threats to Windows...

Quote:

Originally Posted by lead2thehead

I was at DefCon this weekend and there were actually several talks about OS X vulnerabilities. And yes, they are real threats, but media tends to exaggerate them because:

1) Reporters are not engineers and thus, do not fully understand the problem.
2) Their articles get more circulation if they over-hype the problem.

Nobody is saying that OS X is malware-proof. But OSX, BSD, Linux and Unix all have inherent design features which make them more secure than Windows. The biggest and most important is a concept called Discretionary Access Control. Allow me to explain...

Alll *nix-based systems have a user called "root". This is a super user that can control the entire computer. In order to install software, you must first become root. In order to read or change configuration files, you must become root. If you want to modify an executable, add a shared library, modify a device driver, or change anything meaningful, you must first become root. This makes it next to impossible for a regular user to unwittingly install a virus or any piece of malware on his computer because, in order to do so, he would need root permission. This is called "Discretionary Access Control", or DAC for short.

Most Windows users will tell you that this is akin to the "Administrator" account on your PC, but that is not exactly the case. Microsoft has attempted to emulate this technique many times, but always fails miserably in its implementation. On a typical Windows PC, THE DEFAULT USER ACCOUNT has Administrator access! This makes it very easy for users to unwittingly install all kinds of malware on their computer without realizing it. Think about that for a second... why would you ever need to run a word processor or a web browser as a super user? That would mean that Internet Explorer, for example, would have permission to write to your system32 directory! Why would IE ever need to do that? And what person in their right mind would ever allow it to? It's a virus writer's dream come true.

Now let's talk about software vulnerabilities. Try to stay with me here, because this gets complicated. The vast majority of software vulnerabilities (greater than 90&#37 involve buffer overflow attacks. This is an attack, where by a malicious user takes control of a running program and shoe-horns its own malicious code onto the instruction stack. When this happens, the malicious instructions have the same permissions as the program it just took over. And what permissions would those be?... it depends on which user is executing the program. When you run everything as Administrator, as is the default behavior in Windows, EVERY vulnerability becomes a critical vulnerability and EVERY piece of malware can run as a super user.

Let's back up... I'm sure that by now, the Microsoft crowd is saying "Wait a second! You don't have to run everything as Administrator! You can create regular user accounts and restrict their permissions too." And they would be correct. I have never met anyone who does this on their home PC, but the option is certainly there. But even if you do that, you're still screwed because EVERY SINGLE BACKGROUND SERVICE runs as Administrator. Oh, you forgot about the background services, didn't you? Don't feel bad... Microsoft forgot about them too. Right click on "My Computer", select "Manage", and click "Services" if you want to see I'm talking about. There you can see nearly a hundred services, all running as Administrator! Break any one of them and you have Administrator access to the entire computer. Nice, huh?

But wait, you say, doesn't Mac OS have that same problem? Of course not. Only an idiot would run everything as super user. Mac OS comes from the factory with FORTY different user accounts, one for every background service that it runs. (Most flavors of Linux do this as well.) So if you happen to exploit one of them, you can only do what that small, very restricted user account can do... and it isn't much. In fact, when you buy a computer from Apple, they don't even give you the root password! You only have access to your user account... your own little world. And if you mess it up, you're not going to take down the entire computer. You'll only screw up your own account because you don't have the required permissions to screw up the rest of the OS. So the underlying architecture of Mac OS is inherently more secure.

Keep in mind that this *DARN*-poor excuse for a DAC is one of a thousand flaws with Windows. I could go on for days about the absolutely retarded design decisions made by Microsoft. Remember the outbreak of email viruses about 5 years ago? Know why those were such a big problem? Because some genius at Microsoft said, "Hey! Let's invent a scripting language that allows user to embed executable code into email messages and then execute that code automatically when you open the message!" Brilliant, huh? It's like they put that hole there on purpose so that every script kiddie with a copy of Microsoft Word could write CRIPPLING email viruses that took down servers and cost billions of dollars to fix.

The issue is much more fundamental than people think. People who use the "security through obscurity" line clearly do not comprehend the issue.

Link to the story he/she was commenting on.

10-30-2010, 06:47 AM

PS. This latest Trojan does affect Macs ... but is ACTUALLY a Trojan against a vulnerability in *Java*, not actually in OS X itself.

And again, because a lot of people have trouble with this, a Trojan is NOT a virus.

Still no viruses for Mac. Ten years and counting.

10-30-2010, 07:43 AM

Quote:

Originally Posted by chas_m

PS. This latest Trojan does affect Macs ... but is ACTUALLY a Trojan against a vulnerability in *Java*, not actually in OS X itself.

And again, because a lot of people have trouble with this, a Trojan is NOT a virus.

Still no viruses for Mac. Ten years and counting.

Either case, it still doesn't take away from the fact it is a vulnerability that affects people using a Mac. Technically you're right, the Mac is not the issue, but the effect is still the same.