Apple Fans Are Clueless About Security

Apple Fans Are Clueless About Security
Preston Gralla
Apr 16, 2010 2:29 pm

http://www.pcworld.com/article/19442...nl_dnx_h_crawl

Not only are Apple fans misguided about the Mac's security, but Apple doesn't take security
as seriously as Microsoft, according to one expert.

Apple fans who claim that the Mac is more secure than PCs not only are wrong, but they're ignorant about their security
risks, says a well-known hacker and security expert who has made a name for himself finding vulnerabilities in Windows.
And Apple itself doesn't take security as seriously as does Microsoft, he claims.

Marc Maiffret, currently chief security architect at security firm FireEye first gained a modicum of fame as a hacker
targeting Microsoft products. For example, he uncovered the security hole that the Code Red worm exploited back I
n 2001 to attack Windows servers.

He's been no stranger to publicity, being one of the hackers featured on MTV's I'm a Hacker, and named as one of
People Magazine's "Next Wave" of people to watch, back in 2004.

In an interview with CNet, he claims that Microsoft takes security more seriously than does Apple, and excoriates
Apple fans as being "ignorant" about security risks.

Maiffret says he believes Microsoft does one of the best jobs in the industry around security, telling CNet:

"From an internal process in how they go about auditing their code and securing software from a technical
perspective, they do have one of the best models. The area they still have room for improvement is around
time lines of how long it takes for them to fix things."

As for Apple and its fans, he has very little good to say, saying that the Mac is vulnerable, and its fans
ignorant about security risks:

"...they try to market themselves as more secure than the PC, that you don't have to worry about viruses,
etc. Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability.
If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very
much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple.
The reason we don't see more attacks out there compared to Microsoft is because their market share isn't
near what Microsoft's is."

And he leaves no doubt that he believes Microsoft as a company pays more attention to security than does
Apple, and says the only reason the Mac hasn't been targeted by malware writers is that it doesn't have a
large enough installed base:

"I think Microsoft does a better job with their code auditing than folks like Apple do. We've only seen a
scratching of the surface as far as Apple vulnerabilities because nobody cares to find them. There's nothing
Inherent with Apple themselves and their development. The only reason Apple gets little increase in security
is because they're running on top of a Unix-based operating system and they can take advantage of some of
the things that have been done for them."

---

› See More: Apple Fans Are Clueless About Security

great, but the fact remains OSX is by far the most secure OS you can
run... nobody can crack it without a password and that's been proven
over and over. It can't get viruses, and only 6 worms or trojans have
happened in the last decade.

windows has hundreds of new viruses each day, only linux ranks up with
OSX it terms of security.

Oxford wrote:
> great, but the fact remains OSX is by far the most secure OS you can
> run... nobody can crack it without a password and that's been proven
> over and over.

So much ignorance and delusion!

Mac OSX/Safari/iPhone have been repeatedly cracked in the pwd2own contest.

http://dvlabs.tippingpoint.com/blog/...5/pwn2own-2010

> It can't get viruses, and only 6 worms or trojans have
> happened in the last decade.

*ALL* OSs that can run unrestricted binaries can get viruses.

Against virus, the only effective measure is white listing binaries. Most
GNU/Linux distributions with their repository setups can provide both virus
free binaries, and a white listing signatures to check for changes to the
binaries.

Worms use vulnerabilities in some software and all OSs have software with
vulnerabilities. Things like no exec memory protection and address space
randomization provide good defense against some important class of
vulnerabilities. All main OSs provide both these protections but some don't
have secure defaults.

Trojans are dependent on user cooperation. For these, some OSs put more
barriers than others. GNU/Linux software repositories, noexec partition's
flag, and the file execute permission provide for a greater barrier to
trojans than both OSX and Windows provide.

> windows has hundreds of new viruses each day, only linux ranks up with
> OSX it terms of security.

GNU/Linux default security for most main distros is better than OSX, and
things like SELinux, AppArmor, TOMOYO and msec can give GNU/Linux a security
level far greater than OSX. FreeBSD also has a impressive security track
record that easily wins over OSX (and Windows).

Finally, OpenBSD bets everyone else like an old, hole filled, bug ridden
carpet.

Regards.

Lusotec <[email protected]> wrote:

> Oxford wrote:
> > great, but the fact remains OSX is by far the most secure OS you can
> > run... nobody can crack it without a password and that's been proven
> > over and over.
>
> Mac OSX/Safari/iPhone have been repeatedly cracked in the pwd2own contest.
>
> http://dvlabs.tippingpoint.com/blog/...5/pwn2own-2010

You are 100% incorrect... none were cracked without full physical and
password access, so it wasn't a contest after that fact was publicly
known. No osx mac has ever been cracked from the outside don't forget.

> > It can't get viruses, and only 6 worms or trojans have
> > happened in the last decade.
>
> *ALL* OSs that can run unrestricted binaries can get viruses.

not OSX, it's technically impossible because of the way root and admin
are fully separated.

> > windows has hundreds of new viruses each day, only linux ranks up with
> > OSX it terms of security.
>
> GNU/Linux default security for most main distros is better than OSX, and
> things like SELinux, AppArmor, TOMOYO and msec can give GNU/Linux a security
> level far greater than OSX. FreeBSD also has a impressive security track
> record that easily wins over OSX (and Windows).

no, OSX has had the least security concerns of the last decade, linux is
up there in the rankings, but no OSX based Mac has ever been compromised.

> Finally, OpenBSD bets everyone else like an old, hole filled, bug ridden
> carpet.

so learn to use facts... thanks...

ps: your follow up groups had several errors, i fixed them, but it shows
you don't pay attention to details.

In article <[email protected]>, Oxford
<[email protected]> wrote:

> > Oxford wrote:
> > > great, but the fact remains OSX is by far the most secure OS you can
> > > run... nobody can crack it without a password and that's been proven
> > > over and over.
> >
> > Mac OSX/Safari/iPhone have been repeatedly cracked in the pwd2own contest.
> >
> > http://dvlabs.tippingpoint.com/blog/...5/pwn2own-2010
>
> You are 100% incorrect... none were cracked without full physical and
> password access, so it wasn't a contest after that fact was publicly
> known. No osx mac has ever been cracked from the outside don't forget.

you didn't say 'from the outside.' don't move the goalposts.

> > > It can't get viruses, and only 6 worms or trojans have
> > > happened in the last decade.
> >
> > *ALL* OSs that can run unrestricted binaries can get viruses.
>
> not OSX, it's technically impossible because of the way root and admin
> are fully separated.

you can't be this ignorant. it may be difficult for a virus to
propagate on its own, but it's certainly not impossible.

> > > windows has hundreds of new viruses each day, only linux ranks up with
> > > OSX it terms of security.
> >
> > GNU/Linux default security for most main distros is better than OSX, and
> > things like SELinux, AppArmor, TOMOYO and msec can give GNU/Linux a
> > security
> > level far greater than OSX. FreeBSD also has a impressive security track
> > record that easily wins over OSX (and Windows).
>
> no, OSX has had the least security concerns of the last decade, linux is
> up there in the rankings, but no OSX based Mac has ever been compromised.

yes they have. one example is when ignorant users installed pirated
software (iwork).

nospam <[email protected]> wrote:

> > > Mac OSX/Safari/iPhone have been repeatedly cracked in the pwd2own contest.
> > >
> > > http://dvlabs.tippingpoint.com/blog/...5/pwn2own-2010
> >
> > You are 100% incorrect... none were cracked without full physical and
> > password access, so it wasn't a contest after that fact was publicly
> > known. No osx mac has ever been cracked from the outside don't forget.
>
> you didn't say 'from the outside.' don't move the goalposts.

inside or outside, no osx mac has never been cracked without full
physical & password access.

> > not OSX, it's technically impossible because of the way root and admin
> > are fully separated.
>
> you can't be this ignorant. it may be difficult for a virus to
> propagate on its own, but it's certainly not impossible.

but since 1987, none have had a virus... that's a fact you need to
accept...

> > no, OSX has had the least security concerns of the last decade, linux is
> > up there in the rankings, but no OSX based Mac has ever been compromised.
>
> yes they have. one example is when ignorant users installed pirated
> software (iwork).

but that wasn't without FULL user approval... so learn to be honest
before you post.

In article <[email protected]>, Oxford
<[email protected]> wrote:

> > you didn't say 'from the outside.' don't move the goalposts.
>
> inside or outside, no osx mac has never been cracked without full
> physical & password access.

wrong.

> > > not OSX, it's technically impossible because of the way root and admin
> > > are fully separated.
> >
> > you can't be this ignorant. it may be difficult for a virus to
> > propagate on its own, but it's certainly not impossible.
>
> but since 1987, none have had a virus... that's a fact you need to
> accept...

wrong

> > > no, OSX has had the least security concerns of the last decade, linux is
> > > up there in the rankings, but no OSX based Mac has ever been compromised.
> >
> > yes they have. one example is when ignorant users installed pirated
> > software (iwork).
>
> but that wasn't without FULL user approval... so learn to be honest
> before you post.

it was still compromised.

nospam <[email protected]> wrote:

<snip>
> wrong.

<snip>

> wrong

<snip>


TRANSLATION: I just got outed as a troll by Oxford!

In article <[email protected]>,
extra <[email protected]> wrote:

> nospam <[email protected]> wrote:
>
> <snip>
> > Wrong.
>
> <snip>
>
> > Wrong
>
> <snip>
>
> Translation: I just got outed as a troll by Oxford!

Is that so, zara?

On Sat, 17 Apr 2010 12:05:07 -0700, Ness-Net wrote
(in article <[email protected]>):

>
> Apple Fans Are Clueless About Security
> Preston Gralla
> Apr 16, 2010 2:29 pm

<snip long quoted article>

I think the term is "blissfully clueless". Like a small child who has yet to
learn about all the ugliness, crime, and hate in the world, Mac users are
blissfully ignorant about computer security. Luckily, so far, we haven't had
to know about these things, and while I realize that this is probably wishful
thinking, I sincerely hope it stays it way.

Fa-groon wrote:
> On Sat, 17 Apr 2010 12:05:07 -0700, Ness-Net wrote
> (in article <[email protected]>):
>
>> Apple Fans Are Clueless About Security
>> Preston Gralla
>> Apr 16, 2010 2:29 pm
>
> <snip long quoted article>
>
> I think the term is "blissfully clueless". Like a small child who has yet to
> learn about all the ugliness, crime, and hate in the world, Mac users are
> blissfully ignorant about computer security. Luckily, so far, we haven't had
> to know about these things, and while I realize that this is probably wishful
> thinking, I sincerely hope it stays it way.
>

A lot depends upon where you are. If it's behind a router/firewall that
requires that all connections be initiated from inside the firewall, you
are in pretty good shape unless you are careless about what you click on!

It also helps to be running an up-to-date antivirus program.

"Oxford" <[email protected]> wrote in message news:[email protected]...
> great, but the fact remains OSX is by far the most secure OS you can
> run... nobody can crack it without a password and that's been proven
> over and over. It can't get viruses, and only 6 worms or trojans have
> happened in the last decade.
>
> windows has hundreds of new viruses each day, only linux ranks up with
> OSX it terms of security.

And.... Oxy, wrong again!!

Macs Hit by Backdoor Attack
John E. Dunn

Apr 18, 2010 5:44 am

http://www.pcworld.com/article/19446...nl_dnx_h_crawl

Able to infect both PowerPC and newer Intel-based Macs thanks to being written as a universal binary,
OSX.HellRTS.D sets out to take complete control of an infected machine, setting
itself up as a server capable of doing pretty much what it wants. This will include, downloading software,
spewing email, set up screen sharing, accessing files on the Mac, and copying anything it finds on the clipboard.

So much for your complete BS....

In article <[email protected]>, Ness-Net
<[email protected]> wrote:

> Able to infect both PowerPC and newer Intel-based Macs thanks to being
> written as a universal binary,
> OSX.HellRTS.D sets out to take complete control of an infected machine,
> setting
> itself up as a server capable of doing pretty much what it wants. This will
> include, downloading software,
> spewing email, set up screen sharing, accessing files on the Mac, and copying
> anything it finds on the clipboard.

it also requires the user to deliberately install it and provide an
admin password, which means the user gave it permission to do whatever
it does. it's a trojan, not a virus. furthermore, the company that
'discovered' it states that there has been no actual instance of it the
wild.

nospam <[email protected]> wrote:

> > but that wasn't without FULL user approval... so learn to be honest
> > before you post.
>
> it was still compromised.

no it wasn't, that's like inviting a thief into your home, but then
being surprised something was taken. but this was a harmless trojan,
that didn't do anything since osx doesn't allow mischievous behavior.

In article <[email protected]>, Oxford
<[email protected]> wrote:

> no it wasn't, that's like inviting a thief into your home, but then
> being surprised something was taken. but this was a harmless trojan,
> that didn't do anything since osx doesn't allow mischievous behavior.

this just gets better with every post.