February 27, 2006 4:00 AM PST

Is Mac OS as safe as ever?

Apple Computer fans have long loved to point out the safety of using Mac OS X, which has mostly been left alone by hackers. But the recent arrival of three threats has some asking: Is the software's charmed security life over?

In the past two weeks, a pair of worms that target Mac OS X have been discovered, along with an easily exploitable, severe security flaw. The vulnerability exposes Mac users to risks that are more familiar to Windows owners: the installation of malicious code through a bad Web site or e-mail.

While these threats represent a sea change, there is no need for Mac owners to worry, experts said, as the published attacks are still mainly theoretical and not widespread. But they caution that Apple fans should not be smug: Now that it's been done, other malicious code writers are likely to turn their attention to the operating system.

It's a "small step in malicious code development for OS X," said Kevin Long, an analyst at security specialist Cybertrust and a Mac user for 11 years. "The message we need to get out there is that Mac users should not be complacent."

While Microsoft Windows users have grown accustomed to a seemingly incessant stream of computer worms, viruses and security vulnerabilities, the same is not true for Mac owners. Going by forum postings, many Apple customers believe their systems are much better protected against cyberattacks than the average Windows PC.

"Mac malware is not a myth. It is very real," said Kevin Finisterre, a security researcher at Digital Munition. Finisterre created the Inqtana worm, which targets Mac OS X and spreads using an 8-month-old vulnerability in Apple's Bluetooth software. "My point with Inqtana was to say, 'Hey! Wake up!'" he said.

Finisterre did not release his worm into the wild. He created Inqtana only to prove a point and to encourage antivirus makers to update their products against malicious software using the same method of attack, he said. Furthermore, Inqtana was programmed so that it could never spread far.

"Go buy yourself some antivirus software, keep your Apple updates current and stop pretending that you are invincible, because you are not," Finisterre advised Mac users.

The risk for Apple system users grows slightly every day, Long said. The number of people using Macs is growing, which makes attacks more likely, he said. Some have suggested that Mac OS X's previous immunity to threats is due partly to malicious coders focusing on Microsoft products, which have a much larger user base and so bring a much bigger scope for impact.

"Many think that the Macintosh operating system is impervious to viruses or these kind of security threats. It is not that they are impervious; they are targeted less," said Craig Schmugar, virus research manager at McAfee.

'Don't freak out'
The events of the last two weeks could change that. Hackers have had their interest in Apple piqued, Finisterre said. "It is a semi-new frontier, so to speak," he said.

Even so, the incidents likely won't have any significant fallout, Long said. "Hopefully, the end result is that people are a little more careful. They don't need to freak out about this," he said.

Many Mac users seem unfazed.

"I don't see myself changing any habits or panicking and running out to grab antivirus," CNET News.com reader Shane Walker wrote in an e-mail. "I am concerned, but not overly so. You just need to take the right precautions, watch your e-mail attachments and what you download like a hawk, and try to avoid known or seemingly questionable sites."

Another CNET News.com reader, using the initials J.G., said the three incidents don't bother him. "They are 'proof of concept,' not actual malware loose in the wild," the reader wrote in an e-mail. "I think much of the attention now being focused on Macs and OS X will dissipate in a few months."

CONTINUED: The most serious incident yet…
Page 1 | 2

See more CNET content tagged:
Inqtana, malicious code, Apple Mac OS, Apple Macintosh, hacker

202 comments

Join the conversation!
Add your comment
A whole lot of publicity....
... for something that is yet to actually occur. Much noise from
people whose income depends on selling security software. No
reports of problem from the users that I have heard of.

Until something more significant than self-propotiojnal BS shows
up, I'm going to worry about other things, if I worry at all.
Posted by Earl Benser (4310 comments )
Reply Link Flag
Take notice....
Users have been talking on various forums about trojans and viruses on OS X. There is working code to exploit certain insecurities in the system, one being in Safari.

You should not be so ignorant as to ignore the warning signs. There are exploits for every major OS available today, including OS X. To ignore them may be fatal to your data.
Posted by fireball74 (80 comments )
Link Flag
Earl Benser, bona fide Apple shill
Yes folks, it's another Apple/OS X story, and Earl Benser is here to offer you his informed and unbiased opinion.

How many users have you "heard of", Earl? How many of them have any sort of protection against worms and ad-ware, much less viruses and rootkits, other than the supposedly secure OS that Jobs sells with his same-as-everyone else Wintel hardware? Why is the Mac vulnerable to the same rename-a-worm-as-an-image vulnerability as Windows when the great Jobs "thinks different"?

I look forward to the new wave of Mac malware. Yet another illusion of superiority wiped away.

"The PowerMac G5. So good, we're moving to Intel."
Posted by (39 comments )
Link Flag
Agree
C/net sees this as a way to milk some front page stories and
they are doing soft ball interviews with anti-virus makers and
such...

I don't agree at all with the Windows is bigger so it's the target
arguement either. When it comes to developing a SPREADING
virus Windows is a fisher price toy to hackers and Mac OS is fort
knox. I have a Windows box that is NOT connected to the
internet - only my Mac. I got tired of paying for AV
subscriptions and spyware subscriptions. It turns out it was the
best move I ever made - the Mac is superior.
Posted by keaggy220 (57 comments )
Link Flag
Sys
All OSs can get viruses. You're foolish to think otherwise.
Posted by paulsecic (298 comments )
Link Flag
Nothing is safe including OS X
I feel sorry for the people who are still in denial after reading the article. And not just this article in particular but any warning that being connected to the internet poses a vulnerability. The quote "curiosity killed the cat" should be changed to "complacency kill the computer".

Yes, you can be safe about attachments, browsing questionable websites yada yada yada but that doesn't fix the issue. It only means you drive with your eyes open. Car manufacturers still include airbags JUST INCASE.

Nothing is safe. Apple is taking the possibility of this being a wide spread problem seriously. I wonder why some of their users aren't taking the same approach.
Posted by BruceLawrence (90 comments )
Reply Link Flag
Fort Knox isn't safe either, but
I'd bet on it and OS X over a convenience store in a drug infested
neighborhood and Windows any day of the week.
Posted by Macsaresafer (802 comments )
Link Flag
Air Bags?
Are we comparing air bags to antivirus software here? In that
case, I'd like to point out that air bags come standard, antivirus
software is 3rd party support.

Antivirus software is more like The Club. A false sense of
security.
Posted by djemerson (64 comments )
Link Flag
I'm going outside and I'm going to feel safe
There have been more successful terrorists attacks on U.S. soil
than successful virus' on UNIX.

Sun has had 4 million downloads of its latest O/S Solaris 10,
Apple sells millions of computers a month, not to mention IBM
and HP UNIX. Yet, no successful virus - ever.

In other words, it's more likely that the next time you get on a
jet - it will crash, it's more likely the U.S. will have another
terrorists attack, but I'm still going outside - and get this -
without any protection.
Posted by keaggy220 (57 comments )
Link Flag
Three Stooges "Brick through the window"
This story reminds me of an old Three Stooges gag.

A brick comes flying through a plate-glass window shattering
the window. One of the Stooges picks up the brick and turns it
over to find the name of a glass company and its phone number.

Analogy:
window = Mac OS
brick = virus/trojan
brick source = Virus-making company

Since Mac OS is very safe and the virus "protection" companies
had almost none of that market, sure would benefit them if
some virii for the Mac OS start showing up.

Isn't it great that they have are best interest at heart.
Posted by schlegelmc (3 comments )
Reply Link Flag
Tempest in a Teapot
What is being called a virus by cnet and others was a trojan horse, not a virus. On top of that, it required the user to enter the PC's admin password. So please tell me how this is not far more secure than Windows, which lets virtually any process run as admin with no warnings and no prompts.

If a user clicks on a jpg and is prompted for their admin password how stupid are they to enter it? How can Apple (or MS for that matter) protect against abject user stupidity? No OS will ever be 100% secure and OSX is no exception. That said, compared to Windows it is an impenetratable fortress. Like a fortress it has one main weakness, some idiot leaving the front door open.

I do not use virus protection on my macs and so far I see no reason to start. That may change in the future, but this over hyped non story is just a tempest in a teapot.
Posted by miketkrw (86 comments )
Reply Link Flag
I agree
It is much ado about nothing. C|Net seems to be the publicity network for 'security firms' seeking publicity and the almighty dollar; if this same "threat" would have been targeting Windows nobody would give it a second thought, since the actual danger is minimal.

As long as humans program and use operating systems they won't be safe. Mac is yet another OS in that respect.
Posted by tennapel (22 comments )
Link Flag
LOL some idiot leaving the front door open
"Like a fortress it has one main weakness, some idiot leaving the front door open."

I thought that was funny. Unfortunately in my experience I have encountered many novice users that are that niave, but against that there is no defense.

I really enjoy these "new Mac virus" stories. They give me no end of pleasure in reading all sorts of fantasies about the impending doom of the Mac and the 'unfair' tirade against Windows because of its 'well-deserved' marketshare.
Posted by gpenglase (87 comments )
Link Flag
Mac Antivirus
I'm a network admin, so I keep a copy of ClamXav on my Mac to manually scan suspecious Windows attachments, and have no plans to run any active av protection.

But then again, I don't run active av protection on my xp machines either. I just never saw any reason to bog down a computer with something that wouldn't protect me from zero day exploits.

Avoiding the use of IE, Outlook/Outlook Express, and applying a tiny bit of common sense has keep me virus/spyware free since the late 70's.

But considering that 90% of the worlds Windows machines are infected with something, most people need all the help they can get.
Posted by rcrusoe (1305 comments )
Reply Link Flag
Mac AV tools not so good
Last week that users of the Sophos anti-virus product for the
Mac downloaded the "updates" that were intended to deal with
some of the latest vulnerabilities, people got all kinds of false
positivies. The "infected" files were key part of program files
like Microsoft Office and were deleted or moved depending upon
the users preferences.

So, the AV program did quite a bit of damage in an effort to
protect from stuff that is only at the proof-of-concept stage.
Doesn't provide encouragement to buy those products. At least
ClamAV is open source!
Posted by Thrudheim (306 comments )
Link Flag
RE: Mac Antivirus
Bravo Crusoe! And that is the point that the article never touches: Even if you'd have had an antivirus app on your Mac, it would not have prevented either of these so called attacks. They were new. We have both Windows boxes and Macs at our house. And I've been online since the early 90's (early 80's if you count using BBSs to send my e-mail). I've only had two viruses on my Windows machines: one from an infected disk in the mid 90's and once when I foolishly let my nephew use our Windows computer and he downloaded Kazaa and some files. Neither was stopped by the antivirus program because they were zero day exploits. Antivirus is kept on my Windows box because it helps protect it from PAST virii, worms, and trojans. Once the Mac gets a list of problems then I'll use virus protection. To use it now on my Mac would be useless and a waste of money.
Posted by Jeremiah256 (28 comments )
Link Flag
so true
Its too bad that grandma and grandpa who don't know any better and no one feels like helping them learn.
Posted by techguy83 (295 comments )
Link Flag
Too right... No need for AV software
I'd add MSN messenger to the list of progs one needs to avoid using as well. Download Trillian or if you're on the make get Adium or GAIM. Great progs (written by people who actually knwo how to write software), and you can hook into a range of IM networks not just MSN.

I've been a network installer and admin before my current life as a web app developer. I used to use Disinfectant on the early years because there were some (fairly harmless, more annoying than anything) viruses around for Mac OS 6,7,8 and earlier. But like you haven't bothered since then since the 2 steps in safe computing have protected me and my clients fo years. The 2 steps are:

Uninstall Microsoft software like Outlook/IE/MSN messenger and Office. If you need Office (though there are other progs out there like StarOffice, Corel Offce etc. which are mainly compatible with MS doc formats) turn off macros but if you need macros, then ensure that the auto macro functionality is turned off.

Never click on any attachment from anyone that you didn't first request. Don't run any macros in any attachments. Don't click on attachments unless you know what the extension is: ie these are all safe: .pdf for an Acrobat Reader file, .doc for a wordprocessing document, xls for a spreadsheet, .txt for a text doc, .vcf for an address book record, .zip for a archived file (but beware the file inside the archive) etc. Steer clear of extensions that you don't know of. like .pif and .scr and .exe etc. (.exe files are sometimes the files that you download from safe sites but you must be able to trust implicitly the source of the file).


And if you really wnat to be safe: by a Mac or Linux PC.

Anti-virus software is for those who wish to shut the door after the horse has bolted. And it probably won't stop you infecting your Windows computer if you don't know what to avoid, just like I can't stop my kids from clogging my Windows PC (which I only use for Games) with adware and spyware.
Posted by gpenglase (87 comments )
Link Flag
Fixing security
What's really important regarding this is probably how seriously apple takes security and if they're dedicated to fixing security holes. Microsoft has a fairly poor track record of increasing security in their OS and releasing patches.

This is part of what makes firefox more secure than internet explorer. Even if it isn't free of any problems, fixes for it are released on a timely manner as opposed t microsoft's web browser.
Posted by jdbwar07 (150 comments )
Reply Link Flag
Are We Supposed to Take This Seriously?
"The most serious incident was perhaps the public disclosure of
a serious and easily exploitable flaw in the Apple operating
system, which could be a conduit for intruders to install
malicious code on computers running the software. Attack code
that takes advantage of the security hole was quickly posted on
the Internet.

The problem lies in the way Mac OS X associates files with
applications, and it could be exploited to hit a Mac via the Safari
Web browser or Apple Mail, experts said. Apple has said it is
working on a fix for the flaw. So far, no attacks based on the
bug have been spotted on the Web."

Is it just me, or do they claim attack code is on the internet in
the first paragraph, and then turn right around and say that it
isn't in the second?

And I'm supposed to believe the rest of this "reporting"?

Which av company is greasing your palms, CNET? Or are they all
in this together?
Posted by djemerson (64 comments )
Reply Link Flag
Difference between "attack code" and "attacks"
There is a difference between attack code, which is computer code that can be used to exploit the flaw, and actual attacks that do that. The tools are out there, but the attack still has to be built.

Computer code that could be used to target Mac users was posted on the Internet. However, no actual attacks that take advantage of the flaw or use the code have been reported so far.

Joris Evers
CNET News.com
Posted by JorisEvers (48 comments )
Link Flag
Finisterre = Window
Didn't anyone pick up on this. The man's name is clearly a derivation of "fenestra" from Latin which means "window." Didn't that raise any concerns about whether he's real or not?
Posted by gparshal (15 comments )
Link Flag
I'm just Glad
to see an honest article about the situation and not blowing it out of proportion, like almost everywhere else on the net....
Posted by theoscnet (36 comments )
Reply Link Flag
YES
Go adhead. I DARE YOU to find this wrong.

First, both mentioned programs are actually trojans, not worms.
This has been a practice to present a bad story, spin it, then use
the bad story as the proof of the spin, and begin to quote false
statements as facts.

This so called Inquanta "worm", was a program written on a
reported flaw eight months ago. Eight months ago it was fixed.
But the "developer" decided to write code based on that old flaw.
-
Duh, can anyone begin to see the picture yet?!
-
After awhile, the "developer", succeeded in creating a TROJAN
program. Being based upon a non-existent flaw, of course it
cannot self propagate.
-
But heres' the power of spin again, hey wait!? Can't you say the
"developer" intentionally limited this programs capabilities?!
-
Because if the dodo knew he/she was writing code to go through
a door, that was sealed up in the past, wouldn't that be true?!

This entire story, and series of them, have been fabricated to the
point of not caring how obvious they are. You may not care for
the truth, but I sure as hell do.

Maybe a little background checking. Maybe the author should
know more than they think they do. Damn, that would be nice
for a change. Fanboy or no, this series of stories have been a
sham from the beginning.

The single most alarming thing is all the "data" (or info as you
will) are coming from the very companies that only want to sell
you something. In the trade market, if you were leak false
information to get your stock to go up and down, you could go
to jail. Maybe we should have the same thing?! Do we?! I don't
know.
Posted by Thomas, David (1947 comments )
Reply Link Flag
Not a fake issue
I agree that it is common, especially at tech sites, for people to
knowingly create false problems to get attention for the source
and page hits. They take advantage of the reality that many
people cannot distinguish between opinion and fact. I've
stopped reading many tech blogs and sites for that reason.
However, I do not believe that is what has occurred here. The
three malware on Macs attempts were real. Though they did no
actual harm, we must acknowledge their existence and potential
to do harm. But, we shouldn't overreact.

I can think of a story that I think was somewhat of a fake that
CNET reported, along with other media. It is the claim that blind
people are having hissy fits over Target's website. When I did
some research, I discovered that most of the complaints about
the website are coming from a web design firm that specializes
in creating sites it says help the visually impaired. If reporters
had looked more closely, they could have learned that from the
most vocal critics' names.
Posted by J.G. (837 comments )
Link Flag
"Our page views are down. Crank out another of those Apple pieces."
"And get some of those security companies to tell people to 'Wake up!'"
Posted by M C (598 comments )
Reply Link Flag
So true... lol... so transparent
... but it's a business, and not exactly Reuters or the AP.
Posted by mgreere (332 comments )
Link Flag
Bull
Repeat after me:

There are NO exploits for OSX. Period, and anyone who says so,
including so-called "security experts, are liars or idiots.

"Users have been talking on various forums about trojans and
viruses on OS X. There is working code to exploit certain
insecurities in the system, one being in Safari."

Users have been talking about these things since the beginning
of the mac back in 1984, and since the release of OSX. It is a
myth that the mac is safe because of its small footprint. It is safe
because it is safer. Even when it was OS(, there were numerous
viruses available. None for OSX, even thought there have been
repeated attempts.
Again, THERE IS NO WORKIN CODE TO EXPLOIT OSX
INSECURITIES. PERIOD

As for the BS in the article. it is not just that these are not
"released in the wild" or even just "proof-of-concept." They are
NOT exploits at all. It is NOT malware to trick someone into
doing something on there own computer. No one (except maybe
the morons quoted in this article) would consider a text file with
the following lines in it malware"

first you open terminal
then you type "sudo rm ./*.*"
Enter your password into dialog
hit return

This, essentially is what ALL the supposed malware available for
OSX do, talk the user into doing something stupid. Big deal.

As proof of the stupidity of these so-called experts, one of them
advises OSX users to "Turn on their firewall" Anyone who knows
anything about OSX security knows that"
1) The firewall comes turned on
2) it is next to impossible to turn it off.

when will people get a clue?
Posted by DeusExMachina (516 comments )
Reply Link Flag
True for 95% of Windows exploits
The fact that user interaction is needed has never been seen as a defence before. Interesting that it is now. I have never had a virus problem on Windows and I have had broadband for 5 years, and I run 7 computers most of the time. This is because I don't do stupid things.

The Mac is "safer" because of its obscurity. Most malware is made for the purpose of money. Why write a virus that targets under 5% of the world when you can write one that targets 95%? How is a Mac virus supposed to spread? When a Windows virus tries to spread via EMail it has a good chance that the receiving computer is Windows. If you do not understand this basic concept then I advise you to get Steve to explain if for you. I am sure you will believe him.
Posted by Andrew J Glina (1673 comments )
Link Flag
Who's calling who?
The only people in this thread segment calling the other posters in it stupid are the Apple users. Hmmm. Are you really that defensive?

As for Apple's market share recently, it's largely due to iPods and iTunes....
Posted by LesleyO (3 comments )
Link Flag
Here's how to make Mac OSX vulnerable
Simple really.

Install Microsoft software on it, particularly Outlook and Internet Explorer combo, though MS Office holds it's own as well. Guaranteed that you'll be one of the first mac users to get a serious bug.

Before Windows came along there were viruses for DOS and for the Mac OS (probably more on the mac). 99% of them were relatively harmless, and the instance of them was relatively rare on both platforms. A few things have changed since then: Windows, which no-one can seriously dispute is the least secure OS on the planet by a wide margin, and MS software using VBscript (you should read the security releases - high-level vulnerabilities are discovered on a monthly basis in Windows OS and MS software), and the Internet (a ready-made virus writer's playground).

Yes, there are vulnerabilities in every OS, but to compare Windows to the Mac on this point is to compare a 800-pound gorilla and a mouse. There is no real comparison. I recently emailed the hosts of a Mac-cracking cometition on the old Mac OS - you may remember that $100,000 was offered for anyone who could crack into a stock standard Mac setup on the Intenet. Well it tooks more than 6 months (thats a long time in anyone's language), and it was a fellow Aussie who did it, and the source of the vulnerability was actually a combination of Sidekick (a notepad programme) and some other non-Apple software that was running on it.

Mac OSX will have its occasional viruses, and I don't expect it to be as rock-solid as the original Mac OS since up to Mac OS9 it was only a single-tasking, single-user OS wihtout built-in remote access anyway and therefore not as complex but similar to the cracking example above, any major vulnerabilities will almost certainly be non-Apple software. FreeBSD which is the kernel is a pretty solid and safe OS, and Apple write good reliable and secure software - they've done it for years and have nothing to prove in that regard.

And to say that it hasn't been exploited only because it doesn't have the user-base of Windows is a purile statement and one that I am so sick of reading in the IT press. T here are always people out there trying to crack anything, and if they haven't found it easy to exploit so far then that's not going to change no matter how many new macs are sold. Yes it's hackable, yes we should be alert but since over 95% of viruses are based on vulnerabilities in Microsoft software (150,000 and counting), I' can't see a deluge coming for the Mac.

The ONLY caveat I'd add to that is whatever happens with the whole Mactel thing - maybe that will make the rootkits access more likely. But I'm not going to hold my breath.

I don't use anti-virus software since that in most cases is shutting the door after the horse has bolted. I simply practive safe computing and have avoided viruses for over 8 years. (the last one came from a client's floppy disk back in 98.

As a veteran user of Mac , Windows and Linux I'd have to say that even my Windows PC is relatively safe without all of the Microsoft application software (Outlook, MS OFfice, etc.), and I don't use MSN messenger (Trillian is preferable), don't click on any attachments I'm not expecting, and avoid using IE except for a few sites that force me to use it. However the incidence of adware and spyware on my PC is horrendous on the Windows PC (thanks to my kids). you just don't get the same exposure or vulnerability to that on the Mac.

it never fails to amuse me thhe number of medium sized organisations that I am aware of that suffer significant vulnerabilities due to their continued reliance on MS software. I know of over 10 companies personally that regularly lose 3 to 4 full working days every year just due to viruses. And these companies have MS trained I.T. personel working for them. In contrast, I have never, that is never, heard of a client company using Macs that has had any major downtime due to viruses or the like. There have been a couple that have got them selves into trouble when installing new system with incompatibilties between software but that's usually lack of knowledge or care. But it is almost unheard of in my experience for a company that uses Macs to have suffered like this.

Richard G and all of you Windows evangelists. Please continue using Windows. Please keep telling other people the inaccuracies of Windows security and the Mac's inevitable demise. I really need the price of Apple shares to be pushed south another 15% so I can get some more. And it just gives us Mac users the advantage in business.
Posted by gpenglase (87 comments )
Reply Link Flag
I have no opinion
On what OS people/business use, since it should be based on need... but if this statement is true

"I know of over 10 companies personally that regularly lose 3 to 4 full working days every year just due to viruses. And these companies have MS trained I.T. personnel working for them. "

I now know of over 10 companies that need to do some "restructuring" of their IT personnel. I have been in quite a few entrprise enviroments and a few medium size companes and I have never seen that **** poor of security.
Posted by Bob Brinkman (556 comments )
Link Flag
How to make a business run
And yet every Mac enthusiast has been telling me I should buy a Mac to run windows. How strange you do not.

Actually, what makes most corporations run are the applications written specifically for them. Unless those applications run, the business will grind to a halt. What operating system will they run on? Not OSX. Sometimes not even Windows XP. If the only horse that can pull the cart is windows NT or DOS, then that's what will be used. Rewrite the applications, you say? Not likely. The original programmers are long gone and nobody knows how the data is encoded into the database. It would cost more than an arm an a leg to figure it out and this is a common problem for corporations. I don't care how good an OS is. If it doesn't run the apps, it's not getting used... and that includes OSX, Windows XP, and vista.
Posted by Seaspray0 (9714 comments )
Link Flag
Is Mac OS as safe as ever?
If we compare it to anything Microsoft, it is.
Posted by ServedUp (413 comments )
Reply Link Flag
Including...
Thats also including Longhorn...

Microsoft and their viral advertorials. Pathetic!
Posted by ServedUp (413 comments )
Reply Link Flag
What?! Me worry?!
Mac owners shouldn't worry at all. They can simply do what most Windows owners do: get paranoid.

:D
Posted by Mendz (519 comments )
Reply Link Flag
Safari Vulnerability More Severe Than Imagined
First, I want to say McAfee's Schmugar is just peddling FUD.
"There are fewer and less evolved defenses around a Mac,
because there have been fewer threats against it," he said. "The
success rate for getting malicious code to run is probably
greater."

This is total garbage. Macs ship with ports closed by default,
unlike Windows. There aren't wide open vectors of attack
available like there are in Windows boxes.

That being said the Safari vulnerability is a scary one. I've been
exploring it here: <a href="#">http://www.cootey.com/temp/mactest.html&lt;/
a&gt;. Anything archived alone into a zip file will autolaunch when
uncompressed through Safari. This makes malware infection on
a Mac very plausible.
Posted by booboo1243 (328 comments )
Reply Link Flag
A 'cootey' indeed
Duh.

All the user has to do is turn the preference to automatically
open downloaded files off in Safari. As an additional safeguard
she can check the nature of the file in Get Info before opening it
manually. Apple will likely patch Safari to make not
automatically opening files in Safari the default anyway.

In addition, there is no threat whatsoever if a browser other than
Safari is used.

Any more 'deep thoughts' you would like to embarrass yourself
with?
Posted by J.G. (837 comments )
Link Flag
Mac users amuse me....
First off, no OS is completely safe. The safest a computer can be is locked in a closet and turned off. Even then, it's questionable.

For a long time, I've seen Mac users say "Oh, I'm glad I use a Mac. I'm immune to the tribulations of viruses, trojans, and malware. We have a super-duper-BSD-Unix based OS, that's just swell at keeping exploits and hackers at bay." To that I have to laugh. Right now, I think the Mac is starting to get noticed, and not by the people you want it to be noticed by too. Market share is going up, so in the natural order, Mac's too will become targets of malicious attacks. Need I remind people that the first worm on record was spread from Unix to Unix? Wake up people!?!?

I think it's only a matter of time before something comes out that is truely devistating for Macs. Time to buckle up and get ready for the ride, cause it's coming if you believe it or not. Of course, those of you who don't prepare, well, I'll be laughing at you when you go whine about how you're always getting popups, and your system is running slow because it's infected with tojans and malware. Yes, and it will be a good belly laugh too. :)
Posted by fireball74 (80 comments )
Reply Link Flag
You may be waiting a long time for that laugh
Jay -

There has never been a successful virus on UNIX - not just Mac,
but all UNIX - for the history of UNIX. Yes, there have been
virus' - and they have spread, but we are talking a fraction of a
fraction of a percentage of users - nothng compared to the
"Everyone is a superuser O/S."

Only the uninformed think that the reason MS gets hit is because
they are big. MS gets hit because it's easy and full of holes.
UNIX offers no chance of widespread success.

The Washington Post ran a story on this Mac trojan and they
interviewed a person that was TRYING to MAKE this trojan work
on several Mac systems in a lab and was not successful. I read
from one published resport that a total of less than 50 Mac's
worldwide were effected by this trojan that has been getting so
much press. Apple sells over a million Mac's a month.
Posted by keaggy220 (57 comments )
Link Flag
It's always a matter of time....
"I think it's only a matter of time before something comes out
that is truely devistating for Macs."

Probably true. OS X has been out almost five years now and so
far ], no one has managed to create a threat. Low market share?
An excuse for those trying to explain why Windows and IE get
shelled so frequently. No mention of the faulty design
philosophy that made Windows a marketing tool not an OS.

So you go ahead and get ready to laugh in maybe five or ten
years.... if you aren't terminally grumpy from the relative
bombardment on XP and Vista. Just keep your fire wall up, get
the latest AV software, and stay off the Internet - then you'llbe
safe.

No that is really funny....
Posted by Earl Benser (4310 comments )
Link Flag
Safe OS?
"First off, no OS is completely safe. The safest a computer can be
is locked in a closet and turned off. Even then, it's questionable."

This is the most laughable argument you MS apologists ever
come up with. Yes no OS is completely safe, but there is a large
difference between the default security measures in OS X and
Windows. Anyone that will not admit this deserves the adware/
virus/spiware they get.

Sure XP will run fine without any viruses as long as you pay your
monthly subscription to the huge security industry it has single
handedly created. I rarely have any problems with my XP
machine at work but then again my companies employees an IT
staff larger then most small companies to make sure everyones
desktop is running and Virus free.

People need to wake up and realize that if OS X was the
dominant market share things would be much different. IT
staffs would be 1/4 the size, becuase stuff just works and is
intuitive. Virus software would come down to a scanner that is
run while you are not using your computer similar to ClamXAV
rather then the bloatware that is Notron hogging all of your
system resources because it must scan everything before you
can touch it. Life would be much different. Here is hoping that
Vista will improve things, I doubt it though as MS is already
trying to get people to subscribe to their own cash cow
"OneCare."
Posted by danielwsmithee (433 comments )
Link Flag
Enough already... it's old
This argument is really old. Windows is swiss cheese in comparison to other OSes and you and everyone else knows it - why defend something that you probably don't even own shares in (if you do hve some MS shares, look to sell them on any run-up, as they're time is over).

But the question remains "how vulnerable is MacOS X".

When did the first actual malicious virus that was exploiting an unheard of hole arrive? Feb 16 2006. See <a class="jive-link-external" href="http://www.f-secure.com/v-descs/leap_a.shtml" target="_newWindow">http://www.f-secure.com/v-descs/leap_a.shtml</a>

Let's have some fun...
When was Mac OSX first released? March 24th, 2001
When was the second. Well technically it wasn't really a second because it exploited a hole that had been plugged in an updte 6 months prior to its release, but let's say the second worm was OSX/Inqtana - there have been some attempts and some demos but for arguments sake lets say it was this recent one on the Feb 20th

So by my calculations, given a bastardised use of Gordon Moore's 1965 theory of chip speed doubling every 18 months,
Let's assume that there are going to be 3 more this year, so that means 5 in the first year,, 20 by the end of 2009, 80 by 2012 etc., and eventually over 300000 by 2036.

Seriously, I think that those predicting the end of MacOS X's safe record when it comes to security can only be described as wishful thinking. While Microsoft has been making great noises about 'security is the key" and the "security initiative" there have been an exponential amount of security breaches. Listening to Microsoft's PR machine is like listening to the government. You can be guaranteed that the very thing they say they are doing they are doing just the opposite. MacOS X does not have much to fear because:
(a) it is more secure {no not totally but a lot more}
(b) it doesn't have a raft of extremely insecure applications pre-installed on it which seem to be an open invitation to virus writers (VBscript et al)
(c) it doesn't have as much focus on it {but it is not forgotten or overlooked as you would like us to believe - see my post about obscurity}

So I think that I should be relative secure on this platform unti the year 2027 at which time there'll be abot 2000 viruses around for the MacOSX. But by that time, Windows will probably have lost more than 50% of its market share and it'll be Windows evangelists who are being called zealots.
Posted by gpenglase (87 comments )
Link Flag
Taking Precautions... Mac or Windows...
Taking precautions is a must no what what computer or OS you
are using, Viruses are jut one means to an end, on Macs the
most common loss of data has usually been because of user
error, but anything can happen!

Theft, Hard Drive failure, fire, water damage, human error.. my
dog ate it and even viruses can take down a Mac.

I have been using Macs for over 10 years and have never had a
Virus of any kind, but I backup regularly just in case. And by the
way I have never used Virus software and hope I never have to!

Yes the more popular Macs get the more common Mac Viruses
will be, even with the added security that Apple's Unix based
system offer it would be silly to not take some sort of
percussion.

Apple system are a very very long way off from having the same
Virus-Spyware related issues that Window's have... Do yourself a
favor and Backup!

Michael
Related articles:

<a class="jive-link-external" href="http://www.switchingtomac.com/backup.html" target="_newWindow">http://www.switchingtomac.com/backup.html</a>

<a class="jive-link-external" href="http://www.switchingtomac.com/macorpc.html" target="_newWindow">http://www.switchingtomac.com/macorpc.html</a>
Posted by mkaye (5 comments )
Reply Link Flag
Why it is safe gives us something to think about
Mac is safer because each new computer is set on a different platform that can be interrelated but which hackers despise learning something that will be obsolete in a couple of years.

Why bother when most people are using PC's with MSN and therefore they let the nuts as they see them continue on their merry way.

Will they get to Macs eventually sure they will once an offline ID processing system is ready for PCs then they'll have to go where the arrogance and myth is strong that people are protected online.

This only increases the need for a universal platform solution to keep all ID offline. That's what I think. Ciao now.
Posted by Iohagh (54 comments )
Reply Link Flag
Why it is safe gives us something to think about
Mac is safer because each new computer is set on a different platform that can be interrelated but which hackers despise learning something that will be obsolete in a couple of years.

Why bother when most people are using PC's with MSN and therefore they let the nuts as they see them continue on their merry way.

Will they get to Macs eventually sure they will once an offline ID processing system is ready for PCs then they'll have to go where the arrogance and myth is strong that people are protected online.

This only increases the need for a universal platform solution to keep all ID offline. That's what I think. Ciao now.
Posted by Iohagh (54 comments )
Reply Link Flag
Of course it is safe.
The media is so lame and dramatic. I use all types of OS's. I dont hate any in particular. But its so lame when people say things and compare apple to microsoft.

Think about it. If you were a virus creator, would you want to write out a virus that will wipe out 100 computers or 100,000 computers. well seeing that most of the world uses MS, its only logical.
Posted by stevebor1 (15 comments )
Reply Link Flag
virii...
wow, this guy really researches meaningless stuff huh?

<a class="jive-link-external" href="http://homepages.tesco.net/J.deBoynePollard/FGA/plural-of-" target="_newWindow">http://homepages.tesco.net/J.deBoynePollard/FGA/plural-of-</a>
virus.html

<a class="jive-link-external" href="http://en.wikipedia.org/wiki/Plural_of_virus" target="_newWindow">http://en.wikipedia.org/wiki/Plural_of_virus</a>
Posted by balkce (32 comments )
Reply Link Flag
Non Bias Comment on the subject...
I use both a windows xp pc and a imac g5 in my household. I believe that mac is alot safer then my pc because of the majority of viruses, etc... that can infect it. I have to use a norton antivirus and a trojan program on my pc at all times. I have had to reboot my system on more then one occasion that is really annoying honestly. On my mac I have absolute no problem with this. I use Xvclam (can't spell) to manually scan for pc viruses so I won't spread them to freinds with pc's. But that about it , I do believe that mac is going to get more malicious program writers to attack it because its a challange. Apple has way better support them Microsoft and updates are more frequent with my mac then Microsoft. I really do hope the new features included in windows vista allow my pc to work without the inconvient headache of viruses , etc. In conclusion I believe that the Mac OS is alot safer the Windows OS.
Posted by Richard_Felix (1 comment )
Reply Link Flag
The Mac/MS battle EVERMORE and ANON
I remember there was a essay written by Neal Stephenson about 7 years ago BEFORE Macintosh's switch to a Unix architecture. (it is iteresting to hear his suggestions, here, directed towards MACOS9) It's a great read "In the Beginning Was the Command Line" It's a great metaphorical comparison of OSes (Macos, Microsoft, BSD) AND THEIR USERS. check it out here:
<a class="jive-link-external" href="http://www.cryptonomicon.com/beginning.html" target="_newWindow">http://www.cryptonomicon.com/beginning.html</a>

DL it, Print it out, read it on your commute.
Posted by Vivant Kafka (8 comments )
Reply Link Flag
correction
OSes: Macos, MS, BeOS and Linux

snippet from "In The Beginning There Was The Command Line"
Item: a woman friend of mine recently told me that she'd broken off a (hitherto) stimulating exchange of e-mail with a young man. At first he had seemed like such an intelligent and interesting guy, she said, but then "he started going all PC-versus-Mac on me."
Posted by Vivant Kafka (8 comments )
Link Flag
It is NOW SAFE- Run Software Update
Apple released a security fix for these problems, it is fixed for now.
Run Software Update if you are on a Mac.
Posted by Ilgaz (573 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.