Malware Evolution: MacOS X Vulnerabilities 2005 - 2006

Discussion in 'Spyware' started by Ron Lopshire, Jul 24, 2006.

  1. Ron Lopshire

    Ron Lopshire Guest

    Malware Evolution: MacOS X Vulnerabilities 2005 - 2006
    (http://www.viruslist.com/en/analysis?pubid=191968025)

    That will teach you Mac guys to mess with the Beatles!

    Ron ;)
     
    Ron Lopshire, Jul 24, 2006
    #1
    1. Advertisements

  2. Ron Lopshire

    Mark Ritchie Guest

    Long live the beatles!
    I laugh when Mac users tell me they don't get viruses or spyware. I tell
    them... well, if you wrote the stuff would you target 3% of the population?



    --
    Regards,

    Mark Ritchie


    **************************************
    Computer Problems Dragging you Down?
    Let us Fix it for you quickly and remotely!
    http://www.livetechsupport.ca
    (866)730-5403
    **************************************
     
    Mark Ritchie, Jul 30, 2006
    #2
    1. Advertisements

  3. Ron Lopshire

    optikl Guest

    And that changes things because.....?
     
    optikl, Jul 30, 2006
    #3
  4. Ron Lopshire

    cmsix Guest

    Because if your praise of Macs helps them gain significant market
    share, you'll get to enjoy the spyware too.

    cmsix
     
    cmsix, Jul 30, 2006
    #4
  5. Ron Lopshire

    Geoff Guest

    To quote the article:

    "Overall, malware has evolved enormously over the last couple of years. In the
    past, most authors of malicious code were seeking a place in the headlines.
    Today, they are looking for financial gain. Apple’s small share of the global
    personal computer market has, until now, protected Macs from the unwanted
    attention of malware authors. However, as Apple systems become more popular,
    this will change; once critical mass is reached, more malware will undoubtedly
    start to appear."

    "... these proof of concept programs showed that Mac OS X does contain security
    flaws, and that these can be used to compromise the system."
     
    Geoff, Jul 30, 2006
    #5
  6. Ron Lopshire

    Ron Lopshire Guest

    A good friend of mine switched to a Mac because his daugher is taking
    Graphics Arts in college (a requirement for her, sounds like collusion
    to me [g]). I pointed out that he might want to visit Apple.com, and
    sign up for Automatic Updates, which includes
    patches/fixes/improvements for his Mac OS X, particularly exploits.

    He said, "Why?"

    I said, "If you like Apple software enough to pay $5,000 USD for a
    computer, why in the Hell would you not want to take advantage of
    anything that Apple is _giving_ away as an improvement for such a
    computer?"

    He said, "Good point."

    And the updates 1) don't come with WGA, and 2) are released when
    available, and not just because it's the second Tuesday of the month.
    As always, just my 0.02.

    Ron :)
     
    Ron Lopshire, Jul 30, 2006
    #6
  7. Ron Lopshire

    optikl Guest

    IMO the Mac will always be a niche OS and for those of us who appreciate
    the Mac, we couldn't be more pleased. If attacking it doesn't appeal
    doesn't appeal to predators, Mac users won't lose any sleep.
     
    optikl, Jul 31, 2006
    #7
  8. Ron Lopshire

    Geoff Guest

    For those who may not have seen the link at the bottom of the page that the OP
    originally posted the link for, here's a "incomplete" list of security updates
    as admitted to by Apple.

    http://docs.info.apple.com/article.html?artnum=61798

    I own an iMac 20" and use it for development purposes. The system does its
    updates flawlessly so far, including at least two Flash ROM updates (They don't
    call them BIOS). No complaints here. Many updates don't require restarts, but
    several of them, including the Flash updates required special handling and a
    restart of the system. I make it a point to check up on the update status from
    time to time to be sure its doing the job. XCode, Safari, iMail, iTunes, OS-X
    itself, iChat, Quicktime, Java Engines, have all needed updates and what MS
    would have called "critical updates" since I bought this system in November
    2005.

    The last update to OS-X 10.4.7 also fixed a mysterious 55% CPU utilization bug
    apparently caused by iMail for which I have seen no explanation or description
    from Apple. The PPC's would go to 100% and the Dual Cores would do 55% and the
    System Monitor wouldn't show what task was doing it. Increased fan activity told
    me the CPU's were heating up. A reboot of the system was the only thing that
    would return the system to normal. I found that if you started Safari before
    iMail on my system the utilization would remain normal. I never found any
    official explanation for it. They cover their tracks pretty well but I must
    admit that I have not looked outside the Apple notifications for it. I suppose
    CNet might mention it but I have not searched there. With an average of two
    critical updates and OS upgrades occurring each month, this system has yet to go
    more than 30 to 45 days without a restart.

    Anyone who claims to be "safe" from exploitation on a Mac is only kidding
    himself. Zero-day exploits are just as much a threat to Macs as they are to PCs.
    The only difference is a slight cost barrier to obtaining test targets and a low
    population density of Macs on the net. Not many script kiddies can afford a few
    Macs to play with and develop on. Then there is the foreign nature of the PPC
    architecture and the typical skiddies dependency on pre-packaged kits for their
    PC exploits. Now with cheaper Macs, more of them, and Universal Binaries, you
    can expect to see Poly-Metamorphic viruses capable of infecting PPC, D-C and x86
    platforms. It's only a matter of time.

    The new iMacs come with .Mac subscription trials with an option to sign up for
    an annual fee. This is for mail, backup, synchronization and file sharing
    purposes and is also the ADC credential for updates to the Apple Developer
    Connection. The systems all have unique serial numbers and they exchange unique
    crypto keys with the Apple update servers for authentication.
    Now, what were you saying about WGA? :)

    The main reason for MS's "Tuesday" plan was to placate the IT managers who
    couldn't keep up with the testing required on their test platforms for
    compatibility before they could deploy them on their production systems. When
    your BIG customers call you and tell you to slow down and create a schedule they
    can live with, you listen.

    I own 4 PC's running various flavors of Windows, one iMac and one Linux box and
    they all pretty much run 24x7 except for 3 of the older PC's in my lab that only
    get used occasionally for hardware development on some test boards. The Linux
    box has the best uptime right now, 136 days, followed by the XP box doing 17
    days and the iMac a distant 3rd at 3 days. I think the best time it has shown me
    was 36 days but at that time the XP box had been up for 128 days. OS-X is BSD
    and I am looking forward to the day when it can achieve significant uptime. :)
     
    Geoff, Jul 31, 2006
    #8
  9. Ron Lopshire

    cmsix Guest

    My point exactly. But some Mac owners can't keep quiet about a good
    thing.

    cmsix
     
    cmsix, Jul 31, 2006
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.