homepage Welcome to WebmasterWorld Guest from 50.19.206.49
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / The Macintosh Webmaster
Forum Library, Charter, Moderators: travelin cat

The Macintosh Webmaster Forum

    
Apple's OS X weakness announced
37 reported exploits reported by Symantec
AkGuy




msg:975316
 1:15 am on Mar 23, 2005 (gmt 0)

Interesting article with ideas fed by Symantec reports: Here [reuters.com]

I would like to learn more about these exploits, however I am not surprised to hear that such High-vulnerabilities-weaknesse issues exist. Like anything "It will be hacked".

On a final note 37 (potentially growing) does not scare me as much compared to the daily exploits that appear on Microsoft's OS.

Anyone have any resources on these reported exploits?

 

BjarneDM




msg:975317
 3:41 am on Mar 23, 2005 (gmt 0)

They "have been confirmed by the vendor, which, in the Apple case, almost always means that the company has released a patch."

This means that you can find the details on Apples security pages : [docs.info.apple.com...] . Please note, that many of these issues are actually in third party products that Apple bundles in either the client or the server version of the OS and thus not directly the responsibility of Apple or a fault of Apple's. Also, for the third party products, this means that the issue is present in every *nix system that bundles these products. This fact leads to an inflation of security reports where the same issues has a tendency to be reported for each and every instance of eg Linux when there's actually only one bug. If you take a look at the Symantec Security Advisories [symantec.com] there's not one instance of a time critical security issue that's contributed to Apple. On the other hand there are, however, several that are of issue to Mac OS X due to the bundling issue (eg. Apache, Sendmail).

I find the Secunia Apple Page [secunia.com] to be much more informative than what I've been able to coax out of the Symantec site.

dcrombie




msg:975318
 9:59 am on Mar 23, 2005 (gmt 0)

The report I read on Y! was basically FUD from Gartner and other sources - probably worried that if everyone switches to OSX they'll lose their market for anti-virus s/w.

The only un-patched, known vulnerabilities in OSX apply to _local_ users. ie. people who already have an account on your Mac!

If you look at Linux security advisories you'll also see a few hundred - but nothing in the wild. Think of them as commentaries on problems that you'll never have to experience, unlike certain other platforms ;)

BjarneDM




msg:975319
 12:52 pm on Mar 23, 2005 (gmt 0)

The only un-patched, known vulnerabilities in OSX apply to _local_ users. ie. people who already have an account on your Mac!
That's bad enough! One security problem that's often overlooked is the threat your employes can be.

Think of them as commentaries on problems that you'll never have to experience, unlike certain other platforms
I don't agree. It's just that most of the expoits are hard to use onlike under Windows where many of them rely on just writing an ActiveScript. Mac OS X did have a simply exploitable issue: [docs.info.apple.com...] Security Update 2004-06-07

On the other hand, Mac OS X has a much better way of handling access to the critical parts of the system than Windows. This means that most remote exploits will only run with the privileges of the local user, whereas many exploits on Windows usually start with a privilige escalation because the normal user is inadequately shielded from the critical parts of Windows.

timster




msg:975320
 2:51 pm on Mar 23, 2005 (gmt 0)

That attacks on Mac OS X are rising is no surprise.

If/when we start seeing successful attacks "in the wild," Symantec may not have to resort to FUD to drive sales. The article doesn't mention anything about Mac OS X box being maliciously compromised.

News about existing malware affected Mac OS X (I guess that basically means Macro viruses) would have been more useful. But I guess the threats posed by them is not so newsworthy.

I especially like the line, "the Macintosh operating system has not always been a safe haven," which is true (if not relevant) since there were viruses for pre-OS X Mac OS's.

AkGuy




msg:975321
 7:12 pm on Mar 23, 2005 (gmt 0)

If/when we start seeing successful attacks "in the wild," Symantec may not have to resort to FUD to drive sales. The article doesn't mention anything about Mac OS X box being maliciously compromised.

The report I read on Y! was basically FUD from Gartner and other sources - probably worried that if everyone switches to OSX they'll lose their market for anti-virus s/w.

I share the same opinion. I did not want to launch a flame, but could not help reflecting on the past when Symantec stopped paying attention to OS X. They made their money on Mac in the early days that is for sure… The fact that Symantec was a source reminded me of the Intego thing where they did the same PR strategy several months back.

BjarneDM
I find the Secunia Apple Page to be much more informative than what I've been able to coax out of the Symantec site.
I have never seen this site before and I was amazed at all the data within that site, not just for OS X. Thanks for the info!

I try to remember how many years into OS X Apple is… It is still a newer platform, and as OS X continues to mature the stronger the platform will become I believe. However, on the flipside I feel the more candy Apple tosses into OS X the less stable and productive the OS will remain.

I personally wish Apple would offer a stripped down version of OS X without all the candy.

I have stripped out as much as I can on one box (which take a lot of time) and the performance remains much better than the two other boxes with the standard OS X package.

whoisgregg




msg:975322
 4:58 am on Mar 26, 2005 (gmt 0)

I have stripped out as much as I can on one box (which take a lot of time) and the performance remains much better than the two other boxes with the standard OS X package.

When you say "candy" you're talking about the unique elements of the GUI or something else? What have you stripped out that improved performance? I've seen hacks to kill window shadows for running OS X on bondi iMacs, but not heard of any others.

techrealm




msg:975323
 3:00 am on Mar 27, 2005 (gmt 0)

ya know what I would pay cold hard cash (US Dollars) to see any exploit in a mac os x machine that does as much damage as any run of the mill windows virus does.

whoisgregg




msg:975324
 2:33 pm on Mar 28, 2005 (gmt 0)

pay cold hard cash

Imagine how many people there are with the means and the motive to fund a virus for OS X? Think of the enemies that exist for this platform... It makes you wonder how many times virus writers have been contracted and failed to provide even a single working virus.

They are left to fund FUD reports that compare "numbers of bug fixes" in a way that implies that fixing more bugs means being less secure.

yosemite




msg:975325
 5:25 am on Mar 29, 2005 (gmt 0)

It makes you wonder how many times virus writers have been contracted and failed to provide even a single working virus.

EXACTLY.

Virus writers were able to write viruses for Pre-OS X Macs. There weren't a whole lot of viruses (I never got one) but they were out there. But since OS X? It's been slim pickings. I don't believe for a second that the "lack of popularity" of the Mac platform has been the reason that it is pretty much virus-free. Lack of popularity certainly didn't protect Macs from viruses before OS X.

techrealm




msg:975326
 6:38 am on Mar 29, 2005 (gmt 0)

"Company backs off bounty for Mac OS X virus
DVForge cited legal concerns in dropping its $25k offer"

[computerworld.com ]

wusses...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / The Macintosh Webmaster
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved