• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Mac OS X, iOS at Increased Risk in 2011: Report


    Mac OS X will come under more frequent attack in 2011, according to a prominent security firm. In its 2011 Threat Predictions report, McAfee Labs says that newly popular platforms like Android, iOS and Mac OS X will be targeted by malicious code more than ever before.

    Though ardent Mac OS X supporters (aka fanbois) often tout the platform's history of fewer destructive viruses along with its UNIX roots as signs of its inherent superiority an the area of security, security researchers have found many vulnerabilities in the operating system. In May, the security firm Secunia put Apple at the top of its list of software developers with the most vulnerabilities, ahead of Oracle and Microsoft. And at this year's Pwn2Own, Charlie Miller, an analyst at Baltimore-based Independent Security Evaluators, defeated the security on a MacBook Pro in seconds.

    Mac OS X's main protection has been its relative obscurity when compared to Windows. However, that may now be in jeopardy, ironically as a result of Apple's success with computers: from about 2% usage in 2000, Mac OS X has shot up to over 6% and is poised for further growth. "Historically, the Mac OS platform has remained relatively unscathed by malicious attackers," the McAfee report notes, but predicts that "Mac-targeted malware will continue to increase in sophistication in 2011."

    In addition, the report says, iOS will also be at greater risk in the year to come. "The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices," will increase the danger. Furthermore, McAfee Labs foresees that "Apple botnets and Trojans" will be "a common occurrence. "

    Source: Computerworld
    This article was originally published in forum thread: Mac OS X, iOS at Increased Risk in 2011: Report started by Paul Daniel Ash View original post
    Comments 103 Comments
    1. Team Infecti0n's Avatar
      Team Infecti0n -
      Wow, rather tough for some AV out there... usually see those in the big boys
    1. Zokunei's Avatar
      Zokunei -
      Quote Originally Posted by Rob2G View Post
      I dont think virus' and stuff will ever be as big an issue in os x as they were (are?) in windows. Im not saying that more virus' wont happen but no Offence Mac users seem to be a bit smarter than most windows users, (I mean we did choose OS X over windows J/K). I think most mac users will protect them selfs if they have not already.
      Lol, that's probably because to afford a Mac you have to have a good education and job.
    1. NSXrebel's Avatar
      NSXrebel -
      Quote Originally Posted by vantheman169 View Post
      I know what a resource hog is, i gave 2 different user reviews problems. resource hog, and another using up hard drive space. Justsayin.
      You're wasting your time with AV for Mac. Just sayin'.
    1. krosis's Avatar
      krosis -
      Wow. The amount of people that think Macs are just secure and you don’t have to worry about it is unsettling. Of course the AV companies want your money. That’s how business works. That doesn’t mean there’s no threat. Your Doctor wants your money too. That doesn’t mean you shouldn’t ever go see one.

      The primary reason windows has been so plagued with malware is mostly because of it's market share. The point of this news post was that as Apple's market share increases, the likely hood that it is targeted by attack also increases. This isn't something anyone needs to "prove", it's just how the security world (and many other things in life) works. The value of an attack is the reward compared to the cost. As the Mac user base expands, the reward cross hairs and dollar signs on it get bigger.

      Quote Originally Posted by NSXrebel View Post
      Mac OSX, and any OS/software for that matter, are not malware proof, but fact is that it's much safer than Windows. Not because of obscurity, but just the UNIX it's based on is much more secure.
      This is an unfortunate rumor that seems to persist. A result of being under such attack for over a decade has been Microsoft’s adoption of several secure coding practices and systems. A properly setup and used Windows 7 machine actually has more protections in place and is more difficult to attack than a Mac. Obscurity, and WinXP users reluctance to upgrade are far above anything else at the top of the list of what makes a Mac "safe". There is nothing inherently "secure" about a UNIX based system either. They've had security vulnerabilities and been regularly attacked throughout the years. I've been a Linux user and admin for the last 13 years, so I've got to experience that first hand.

      Mac OS X 'a lot of fun' to exploit
      "Writing exploits for Vista is hard work," the consultant says. "Writing exploits for Mac is a lot of fun."

      Apple missed security boat with Snow Leopard
      Apple missed a golden opportunity to lock down Snow Leopard when it again failed to fully implement security technology that Microsoft perfected nearly three years ago in Windows Vista

      Quote Originally Posted by Team Infecti0n View Post
      MAC having no viruses is IMO some B.S. Lol. Really the only OS that can't get viruses is Linux. Security is so tight the virus actually asks you permission to infect your computer lol xD
      I realize that you're kind of making a joke, but that's so not true. Vulnerable services running with privileges. Vulnerable code running setuid. Weak passwords. Sudo. There's a whole lot of ways UNIX based systems can be attacked, even if it's not as vulnerable to what most windows users used to think of as a virus. On the server front where market share is more comparable to Microsoft, this is a regular issue. Fortunately, like Windows, it's also a known and understood issue with a lot of well designed techniques and systems to help mitigate the problem.

      Quote Originally Posted by NSXrebel View Post
      That's the definition of a Trojan, and OSX asks you for permission too, because they are both based on UNIX, unlike Windows where just the mere connection to the internet or plugging in a USB device can infect it.
      Windows actually does that too as long as you don't go out of your way to disable it. And that’s not the only route of attack. There have been plenty of exploits for Windows, OS X, and every flavor of UNIX that have not triggered a privilege escalation prompt.

      Quote Originally Posted by Team Infecti0n View Post
      Well seeing an iOS attack will be interesting. They'll finally breach UNIX's security if they do IF it even happens at all. If it does there's room for improvement
      I don’t understand what this magic “UNIX security” you guys talk about is. There's a reason we're able to jailbreak our iDevices, and it's not because of "UNIX's security" or Apple's flawless security record. Unix based systems are compromised all the time, including Mac OS X and iOS.

      Here’s a few links for those of you who still think Mac is somehow protected because it’s Mac.

      Mac OS X is easy to exploit
      Mac runs an abundance of setuid programs, and is generally behind the curve updating their software packages.

      Six months on, Macs still plagued by critical Java vulnerability
      More than six months after Sun Microsystems warned that a flaw in its Java virtual machine made it trivial for attackers to execute malware on end users' machines, the vulnerability remains unpatched on Apple's Mac platform.

      Hack-off contestant dubs Apple Safari 'easy pickins'
      4 new unique critical vulnerabilities for Safari were revealed at this event alone.

      Safari / Macbook falls in seconds
      For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser. “It took a couple of seconds. They clicked on the link and I took control of the machine”

      Apple Desperately Needs an SDL Program
      "The security reality does not match Apple's marketing/advertising and, as the Pwn2Own exploits show, the company is running around in circles trying to keep hackers at bay."

      It's not just as simple as "don't visit bad sites". When advertising networks get compromised, any site that makes use of them is also infected. You think Safari has never been exploited? Even if that were true (it’s not), what about the Flash and Java runtimes it calls? Or the dozen other programs it calls to handle content? Recently MSN's ad network and Google's Adsense were both compromised. Do you know how many legitimate sites use those services?

      Antivirus is not perfect, but it’s an important step in protecting yourself and there have been a lot of good recommendations about it in this thread. In the end of the day, I look at AV like I look at a seat belt. It doesn’t 100% guarantee that I’ll be safe in an auto-accident, but there’s a good chance that if I do get in trouble, it’ll save my ***. So buckle up.

      Sorry to rant so much, I don't mean to sound hostile, this is just a HUGE misconception that I have to deal with regularly. I hope I've been able to provide some useful information to someone.
    1. Zokunei's Avatar
      Zokunei -
      Actually a properly used WinXP is damn secure for me. I can't remember the last time I had a virus worm in.
    1. krosis's Avatar
      krosis -
      Quote Originally Posted by Zokunei View Post
      Actually a properly used WinXP is damn secure for me. I can't remember the last time I had a virus worm in.
      I'll meet you half way: A properly used WinXP machine is better than an improperly used Win7 machine. Smart user habits are paramount, and knowing is half the battle.

      There are still a lot of fundamental changes to the way code is handled and executed that Microsoft made with Vista. There are attacks that work on WinXP or OS X that simply can't execute on Windows 7 because of those protections.

      I'd also point out that not all malware makes it obvious that you're infected. Indeed many infections rely on not being noticed. Virus scanners are like 70-90% effective when they're kept up to date. I'm not saying you're infected or anything, just that XP is the most targeted OS on the planet and there are a number of fundamental flaws in it that were improved in Vista.

      Just curious, what's your personal reason for not upgrading? Performance? Cost?
    1. Zokunei's Avatar
      Zokunei -
      Quote Originally Posted by krosis View Post
      I'll meet you half way: A properly used WinXP machine is better than an improperly used Win7 machine. Smart user habits are paramount, and knowing is half the battle.

      There are still a lot of fundamental changes to the way code is handled and executed that Microsoft made with Vista. There are attacks that work on WinXP or OS X that simply can't execute on Windows 7 because of those protections.

      I'd also point out that not all malware makes it obvious that you're infected. Indeed many infections rely on not being noticed. Virus scanners are like 70-90% effective when they're kept up to date. I'm not saying you're infected or anything, just that XP is the most targeted OS on the planet and there are a number of fundamental flaws in it that were improved in Vista.

      Just curious, what's your personal reason for not upgrading? Performance? Cost?
      It's an old computer therm couldn't handle the update. And I can't really afford to upgrade the hardware right now.
    1. Xenthis's Avatar
      Xenthis -
      A lot of people buy mac computers just because they don't get viruses. I never get viruses on my windows machine and the only people I think really do anymore are the people who are A: too lazy to get virus protection, even though a lot of good protection is free, or B: download lots and lots of torrents... If macs are attacked, I think that Apple wouldn't be prepared to fight back.
    1. ty22's Avatar
      ty22 -
      Quote Originally Posted by kuhndsn View Post
      Personally I think that the big anti-virus software firms are behind most of the malicious code. I cannot stand them They slow down the PC and cause their own havoc. One of the main reasons I switched to MAC.
      This. I still to this day believe McAfee crashed both my dad's comp's(they kicked at the same time). Coincidence? Not. He loves his Mac now!
    1. thazsar's Avatar
      thazsar -
      Happy New Year everyone!
    1. Him Himself's Avatar
      Him Himself -
      Really kuhndsn?
      I lol'd
    1. csworrell's Avatar
      csworrell -
      low level key logger, obtain su password. Remote operation above port 50000, then you are in!
    1. Zokunei's Avatar
      Zokunei -
      Quote Originally Posted by csworrell View Post
      low level key logger, obtain su password. Remote operation above port 50000, then you are in!
      Is it really that typical for Mac users to use Terminal?
    1. StealthBravo's Avatar
      StealthBravo -
      I use terminal everyday
    1. Zokunei's Avatar
      Zokunei -
      Ok. I just wondered because on Windows the only thing that ever uses DOS is other programs so they run faster. No one knows a single command lol. I've tried DOS before though and would definitely rather go with Unix.
    1. krosis's Avatar
      krosis -
      That's because the dos command interpreter sucks compared to bash

      I'm curious why a terminal matters though (I lack Mac experience). Isn't there a graphical password / privilege escalation prompt that comes up when you need to do something beyond standard user permissions?

      BTW if you want a good terminal on Windows, you can always install cygwin.
    1. Zokunei's Avatar
      Zokunei -
      Lol I'm not that much of a command-line fan. The only language I can program in is Unix though.
    1. Rob2G's Avatar
      Rob2G -
      Quote Originally Posted by StealthBravo View Post
      I use terminal everyday
      As do I.
    1. NSXrebel's Avatar
      NSXrebel -
      What do you guys use Terminal everyday for? I use it once in a while for certain things, but not something I would use daily or regularly.
    1. Zokunei's Avatar
      Zokunei -
      I use it pretty much every day on my iPod.