Here’s What We Think
Of People Who Can Donate
But Won’t
Sponsoring FReepers leapfrog0202 and another person will contribute $10
Each time a new monthly donor signs up!
Get more bang for your buck
Sign up today
Save our wonderful Lazamataz.
Posted on 05/05/2011 3:29:50 PM PDT by Gomez
Ed Bott, ZDNet, three days ago: “Coming Soon to a Mac Near You: Serious Malware”:
Now I am seeing evidence that the next target is OS X. That’s potentially very bad news for Mac owners who have abandoned their PCs in the belief that switching to a Mac somehow immunizes them from malware.
Security experts know, of course, that there’s nothing magical about Macs when it comes to security. They just haven’t been targeted because Windows has been such a big juicy target for so long.
But now that Macs have achieved a critical mass of success in the marketplace, they’ve attracted the attention of malware authors. According to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform.
Tony Bradley, PCWorld, December 2010: “Apple No Longer Flying Under the Security Radar”:
The McAfee report explains, “McAfee Labs saw malware of increasing sophistication that targets Mac this year; we expect this trend to increase in 2011. The popularity of iPads and iPhones in business environments and the easy portability of malicious code between them could put many users and businesses at risk next year and beyond,” adding “We anticipate threats of data and identity exposure will become more pronounced.” […]
If McAfee is right, 2011 could be a bittersweet year for Apple and Apple fans.
Nick Farrell, The Inquirer, September 2009: “Hackers Target Macs”:
A bunch of Russian hackers are offering 43 cents for each Mac that their partners in crime can infect with bogus video software. The move has been cited by insecurity experts at Sophos as a sign that Mac users’ security by obscurity days are coming to an end. […]
This is because most Mac users believe that faith in Steve Jobs protects them from all malware. To them, malware is only for Windows users because OS X is perfect and totally secure. The fact that Mac OS X’s security is the stuff of jokes at security experts’ parties does not matter to the Apple faithful.
Roger L. Kay, Businessweek, March 2008: “Apple’s Icarus Effect”:
Just as those living in shiny houses of self-righteous glass often end up surrounded by shards of their former sanctimony, so Apple Inc. now finds itself the increasingly appealing target of software hackers.
Bernhard Warner, The Sunday Times, July 2008: “Hackers Start to Target Apple Macs”:
The company [Sophos] reports today that two new Mac-ware Trojans that emerged in February and June ought to shake Mac users of their misconceptions that their computers (and, eventually, iPods and iPhones) are impenetrable. To put this in perspective, the first really pernicious piece of Mac malware emerged only in October, 2007, Mr Cluley adds, suggesting that a worrisome trend is about to get worse.
Kevin Allison, GNT, December 2007: “Apple’s Rising Popularity Lures Hackers”:
“Over the past two years, we had found one or two pieces of malware targeting Macs,” said Patrik Runald, an F-Secure security researcher. “Since October, we’ve found 100-150 variants.”
The rising security threat could present a challenge to Apple, which has long touted the security advantages of its platform over those of Microsoft, whose software is a perennial target for hackers.
“As Apple’s platform becomes more visible, it will increasingly come under the gun,” said Roger Kay, an analyst at Endpoint Technologies.
Bill Snyder, Infoworld, December 2008: “Hackers Take Aim at Mac OS X”:
It’s not often that an analyst covering computer security issues tells you that he doesn’t do much to protect his systems. But one reputable analyst I know said just that as we talked about the rising threat of malware aimed at Apple’s hardware. I won’t mention his name, but the gentleman is dead wrong. The days when you can assume that Apple’s products are exempt from harm are over.
Ryan Singel, Wired, November 2007: “New Apple Trojan Means Mac Hunting Season Is Open”:
Evron sees more problems for Apple users than just new Trojans that try to trick users. Hackers will find it profitable and all too easy to find holes in Apple software, because the company hasn’t paid sufficient attention to security, said Evron. He predicts Apple will experience a full-range of attacks, just as Microsoft did a decade ago when Windows machines and the internet first met.
“It’s Mac season. The next two years will be interesting.”
Kim Zetter, Wired, October 2007: “iPhone’s Security Rivals Windows 95 (No, That’s Not Good)”:
With Apple’s announcement Monday that it shipped 1.12 million iPhones in the three months after its launch, the gadget’s apparent popularity rivals some PCs. That has security experts warning of trouble, following revelations that Apple built the iPhone’s firmware on the same flawed security model that took rival Microsoft a decade to eliminate from Windows.
“It really is an example of ‘those who don’t learn from history are condemned to repeat it’,” says Dan Geer, vice president and chief scientist at security firm Verdasys.
Steve Hargreaves, “special” to CNN, October 2006: “Hackers Look to Crack the Mac”:
Apple computers have long been prized for being virus-free. But as more people use Apple products, experts say the company is increasingly becoming a target for cyber pranksters and criminals writing viruses and other forms of malware.
John McCormick, TechRepublic, May 2006: “X Marks the Spot: Hackers Turn Attention to Apple’s OS”:
But that may all be about to change. The number of newly discovered Mac OS X vulnerabilities has surged by more than 220 percent (annualized) from 2003 to 2005. Compare that to an 80 percent increase in the number of Windows vulnerabilities.
Of course, McAfee is in the business of selling antivirus software, so it’s important to take its reports with a grain of salt (as with any antivirus vendor).
Bob Johnson, CNet, May 2006: “Say Good-Bye to Apple Security?”:
While Microsoft’s vulnerabilities might let intruders into the castle, Apple is giving them the keys to the kingdom and rolling out the welcome mat.
Apple also happens to make the world’s most popular music devices: iPods. Essentially large hard drives, they also have the potential to deliver all kinds of security threats into any environment, even Windows. Once a virus infiltrates the iPod, plug and play becomes plug and plague. Did anyone really believe the security nirvana for Apple would last? It’s now more vulnerable than ever, and things can only get worse.
Munir Kotadia, Silcon.com, March 2005: “Symantec: Mac OS X a Hacker Target”:
Symantec’s concerns were echoed by James Turner, security analyst at Frost & Sullivan Australia, who said many of the people who bought Apple products were not concerned about security, which left them wide open to attack.
“The iPod, PowerBooks and mini Macs are cool products,” Turner said. “The by-product is that people are buying these products for form over function. They say it looks pretty and then buy it but don’t secure it. As Apple increases its market share, it will be a legitimate target”.
Eric Hellweg, MIT Technology Review, October 2004: “Hackers Target Apple? Congratulations!”:
The Apple community has, since its inception, been largely immune to nefarious hackers bent on spreading harm. If you are a Windows user, as I am, you know the routine. You complain about the latest spyware or virus attack, and Apple devotees respond with good-natured teasing — they don’t have worry about such nonsense. Well, now they do.
Predictably, posts on various Apple-related message boards have been offering varying levels of concern, ranging from mild disappointment to utter gloom. I think this reaction is fundamentally misguided. MAC users should not be upset about this malware news; they should rejoice.
I stand corrected. The front end is Java-based, and there is OS X specific code behind it. But for it to install, the user has to accept a Java applet signed by an unknown authority; accept the certificate for that authority; then enter an administrator password after the Java applet has downloaded a native installer. The user has to actively bypass security three times.
MrShoop, That chart was reported on and discussed on FR back in November. It would never have been a news item had not Sophos' AV not basically TURNED OFF the anti-malware that OSX itself has in place to block Trojans. Of those 19 listed malware, only TWO are OSX Trojans. . .OSX/Jahlav-C and OSX.DNSCha-E . . . the rest are ALL Windows malware that were found imbedded in JPEGS, FLASH, eMails, etc. None of which would have any effect on a Mac. The two that could have had an effect on a Mac would have been blocked by the Mac itself had not Sophos effectively gotten in the way so THEIR anti-virus could find something. Whoopee-doo. This report and Sophos way of generating is considered unethical, to deliberately prevent the SYSTEM from doing its job so your software CAN FIND SOMETHING? Pathetic. That's the essence of Scareware.
I agree it is kind of sleazy of Sophos. Nonetheless, you are the one who was saying, “number of OSX viruses, worms, and involuntary spam bots is still ZERO.” Will you admit there are at least a few?
Nope. Those are Windows malware and two Trojan horse applications that will run on a Mac. They are NOT "OSX viruses, worms and involuntary spambots". A Trojan horse is merely an application that does something other than what it claims to do... and requires the user install it like any other application. My statement is absolutely true. Just because an anti-virus application can identify WINDOWS malware coming into a Mac, it does not make that Mac vulnerable TO that Malware unless that Mac is running Windows!
As I told you, there are 18 known Trojans in five distinct families (means of attack) in the wild for OSX. OSX identifies and warns the user about all of them if the user attempts to download, install, or run any of them. The user is given three distinct warnings and is required to submit three distinct administrator permissions with name and password for each of those steps to over ride those warnings... it really takes industrial strength stupidity to get infected with a Trojan on a Mac. Sophos’ AV intervened in the download step so that their software could report it found those Trojans. It allowed the Trojan downloads to occur! I think it’s better to prevent the download in the first place, as soon as OSX recognizes the signature.
this is what is known as a proof-of-concept trial Trojan... It never escalated to anything that worked in OSX.. It had similar problems in trying to get it to work in Linux.
It had several problems, MrShoop... On a Mac, these library files may exist, but they have been placed in non-executable memory locations... they cannot run where they are placed. In addition, the library it needs to be placed in requires ROOT level permission to alter. For these to execute in the Mac, something needs to be placed elsewhere and this exploit has yet to find that ability... That's why it's still listed as WINDOWS only. It's a cross platform wanna be... And isn't there yet because of the usual problem... no Mac vector to get the rest of the exploit in place.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.