OS X, can we ever be hacked?

[voltron]

I was just thinking, is it okay to be a bit paranoid of Malwares and hackers now and again? Is there a software I can use to run a sweep from time to time?

I'm asking because yesterday, one of my students opened a web site and a pop-out came out asking to download a virus system scanner. My student clicked yes and it prompted to ask for my system password. Of course, I cosed the tab immediately.

But can't help thinking, what would have happened if my student knew my password and gave it. Will hackers be able to access my system? Plant malwares or something?

Do any of you Mac gurus have a scanner or utility to sweep your computers once in a while?

 

[bryphotoguy]

I don't but I am the only one that uses this computer, I don't get unwanted mail, and I make sure I know what it is I am downloading.

 

[dtravis7]

That sight with the so called Scanner is not anything but a scam. If you let it run it tests your Mac and OSX's Registry and DLL files. Funny as OSX has no DLL files nor registry. It's a total scam and no danger to you. It's annoying though!

They are just trying to get you to purchase their scanner.

 

[WakeCarver]

Yes, it is possible for a hacker to get into your system if you are careless. It is possible that viruses may one day come about for the Mac. Operating Systems are incredibly complex pieces of software and it is impossible to plug all the vulnerabilities. Now all that being said Apple stays on top of things to prevent these things. When they find a security hole they close it quickly. OS X is very secure and it gets better all the time so I would not be worried about getting a Virus or being hacked unless you just go around the internet clicking willy nilly on every link you can find and installing just any ole piece of software offered. If a real virus comes out for the Mac you will most definitely here about on the news or here.

 

[skaheadpunk]

Yes it's possible. Why somebody would take the time and effort to get into my personal computer I don't know. If I were a hacker I'd be after business and the government or some way of making money...

 

[deathcab1]

what i dont understand is -

hackers target windows machines all the time, and there are lots of anti-spyware/virus/etc available as protection.

mac osx has no viruses and no anti virus or firewall software?

 

[skaheadpunk]

I believe we do have firewall software.

 

[PerryLynch]

Yes it's possible. Why somebody would take the time and effort to get into my personal computer I don't know. If I were a hacker I'd be after business and the government or some way of making money...

Well, here's the deal on that: You've got to work somewhere, right? And if you are the diligent employee, who is enthusiastic about what you do, then I might find sensitive corporate data on your machine.

Also, it stands to reason that, if you have a PC, and a permanent Internet connection, then you are in the class of Americans known as "Not Poor," especially when compared to much of the world in general. You may have stored information regarding checking accounts, savings accounts, and other identity information (resume, etc.) that may contain your government-issued identification numbers (SSN, etc.).

If I know your name and physical address, or your SSN (or better yet, all three), then it is ridiculously easy to become you. Or maybe I could raid your \Users\SkaHeadPunk\Documents\Work Projects folder and find out what projects you are working on - if you are in HR or Payroll, have I found that cache of information left over from the last time you had to do quarterly reports that you should have deleted?

Bear in mind that even a Windows PC has sufficient horsepower to handle several malicious processes in the background - you could be used as a spam generator, or added to a group of systems working to decrypt an encryption key, and generally you would not notice (if it was done correctly). And while the OS-X security protocols are better developed, if you fail to utilize them properly, you will provide a malicious attacker with a much more powerful machine with which to play.

Here's an example from a movie we've all seen: In The Blues Brothers, the cops stood watch at every known entrance to the Palace Hotel Ballroom in order to capture Jake & Elwood. So they looked around until they found a first-floor restroom window, and easily broke through the glass window and managed to get in anyway. Do you want your Mac or PC to be the restroom window that crooks use to get to either your personal or corporate sensitive data?

I'll shut up now.
Perry

 

[Alexis]

It's not worth worrying over.

Just use the internet as normal. There are no viruses or malware out there worth being concerned over.

The debate over whether one day things will change has been going on for years.

 

[Dysfunction]

Well, here's the deal on that: You've got to work somewhere, right? And if you are the diligent employee, who is enthusiastic about what you do, then I might find sensitive corporate data on your machine.

Also, it stands to reason that, if you have a PC, and a permanent Internet connection, then you are in the class of Americans known as "Not Poor," especially when compared to much of the world in general. You may have stored information regarding checking accounts, savings accounts, and other identity information (resume, etc.) that may contain your government-issued identification numbers (SSN, etc.).

If I know your name and physical address, or your SSN (or better yet, all three), then it is ridiculously easy to become you. Or maybe I could raid your \Users\SkaHeadPunk\Documents\Work Projects folder and find out what projects you are working on - if you are in HR or Payroll, have I found that cache of information left over from the last time you had to do quarterly reports that you should have deleted?

Bear in mind that even a Windows PC has sufficient horsepower to handle several malicious processes in the background - you could be used as a spam generator, or added to a group of systems working to decrypt an encryption key, and generally you would not notice (if it was done correctly). And while the OS-X security protocols are better developed, if you fail to utilize them properly, you will provide a malicious attacker with a much more powerful machine with which to play.

Here's an example from a movie we've all seen: In The Blues Brothers, the cops stood watch at every known entrance to the Palace Hotel Ballroom in order to capture Jake & Elwood. So they looked around until they found a first-floor restroom window, and easily broke through the glass window and managed to get in anyway. Do you want your Mac or PC to be the restroom window that crooks use to get to either your personal or corporate sensitive data?

I'll shut up now.
Perry

At the same time, we spent 2 hours a few months back running scripts against my 'out of the box' OS X installation, with the firewall turned off.

 

[skaheadpunk]

Well, here's the deal on that: You've got to work somewhere, right? And if you are the diligent employee, who is enthusiastic about what you do, then I might find sensitive corporate data on your machine.

Also, it stands to reason that, if you have a PC, and a permanent Internet connection, then you are in the class of Americans known as "Not Poor," especially when compared to much of the world in general. You may have stored information regarding checking accounts, savings accounts, and other identity information (resume, etc.) that may contain your government-issued identification numbers (SSN, etc.).

If I know your name and physical address, or your SSN (or better yet, all three), then it is ridiculously easy to become you. Or maybe I could raid your \Users\SkaHeadPunk\Documents\Work Projects folder and find out what projects you are working on - if you are in HR or Payroll, have I found that cache of information left over from the last time you had to do quarterly reports that you should have deleted?

Bear in mind that even a Windows PC has sufficient horsepower to handle several malicious processes in the background - you could be used as a spam generator, or added to a group of systems working to decrypt an encryption key, and generally you would not notice (if it was done correctly). And while the OS-X security protocols are better developed, if you fail to utilize them properly, you will provide a malicious attacker with a much more powerful machine with which to play.

Here's an example from a movie we've all seen: In The Blues Brothers, the cops stood watch at every known entrance to the Palace Hotel Ballroom in order to capture Jake & Elwood. So they looked around until they found a first-floor restroom window, and easily broke through the glass window and managed to get in anyway. Do you want your Mac or PC to be the restroom window that crooks use to get to either your personal or corporate sensitive data?

I'll shut up now.
Perry

Well, in Britain, (in 2007) 61% of people had an internet connection, 84% of which are broadband.

I work in a small dingy pub, so nothing exciting there, I don't think there is anything at all relating to that on this computer. My CV is on here, but I hand and send that out all over the place when I'm looking for a job. My NI number isn't on here either, and if it was I wouldn't be overly worried anyway, unless they knew my full name (which I don't use for anything other than government stuff), DOB, address, mother's maiden name, etc, and even then if they did anything with it I'd know about it.

My boyfriend put it another way - I have one door. A big company or government has a lot of connections in and out, hundreds of doors, easier to find one that's open and probably more profitable.

 

[theonegod]

It's not worth worrying over.

Just use the internet as normal. There are no viruses or malware out there worth being concerned over.

The debate over whether one day things will change has been going on for years.

Very very wrong. There are security vulnerabilities out there. In the case described here that security vulnerability was the user. The student actually clicked the popup and may have even entered the password when asked to. There ARE things that can take control of your mac if you let them. In most cases though you have to explicitly give them that ability. But many many people will just do whatever is asked of them.

Yes, there are virus scanners and firewalls for the mac.

The best thing to do is to be smart. Macs can not yet be passively infected in the same manner as an unpatched windows box. But it is still vulnerable to user stupidity.

 

[McBie]

One day, MAC's will probably be targeted with malicious intent ...

I have been looking at IT related risks all of my life and the golden rule still is:

" ( IT ) Security is more about people and their behavior then it is about machines and their settings ! "

Cheers
McBie

 

[Seant018]

I like this topic. The whole idea behind what most people are saying is this; "if you don't surf around the internet clicking and downloading like a madman, you will be ok"

That is great, and completely true. The best part of it though? It is true for windows machines also.

I used a Windows computer with no firewall, no antivirus, no spyware protection, nothing, for more than 3 years. That computer had no problems at all. It just goes to show, no mater what type of computer you use, you can stay free of problems as long as you know what you are doing.

 

[Aqua]

The answer to "can mac's be hacked?" Is basically a no, but then again 'crackers and hackers' are getting smarter and more devious. My father hates PC, but has to communicate with PC (he's a graphic designer) other than that he wouldn't have a concern. That being said, if you communicate with PC, have a PC side on your puter than it is possible to be the carrier. He uses symantec but there is also the freeware clamx (clamx sounds to me to be what you are looking for as far as random scans go). In a lot of ways it is wise to be a bit paranoid. There has been 1 virus created for the mac and would you want to be the first person who got it (LOL) but then again no one in the mac world would believe you nor would they know what it was hehe, therefore it would take some time before anyone would figure out that it was one (my guess is that it would look diff and act diff then you typical pc virus/malware). I have heard or seen on webpages the idea that hackers/crackers will use unsuspecting mac users to transmit their payload to PC. As was said earlier, as yet, there are no REAL viruses for Mac as it isn't the focus nor 'big and common' enough to be a target but then again no one knew with PC what was going on when the first DRMs and rootkits came out quietly/unadvertised and undetected. Most assumed it was faulty hardware/software or users (RIP cd/dvd player and computers )...

 

[voltron]

"if you don't surf around the internet clicking and downloading like a madman, you will be ok"

Out of the millions of regular joe Mac users out there, there definitely are surfers out there who go "internet clicking and downloading" like a madman. Don't you think? If this is a reason to breakdown OS X's golden shield, I believe we would have had tons of malicious intent reports by now.

Therefore, "Apple stays on top of things to prevent these things. When they find a security hole they close it quickly." sounds about right.