Symantec: Mac users deluding themselves over security

MacCentral ^ | 09/19/2005 | Matthew Broersma

[Panerai]

Mac users are “operating under a false sense of security”, according to Symantec, and Firefox users will have to recognize that the open-source browser is currently a greater security risk than Internet Explorer.

Symantec’s latest Internet Security Threat Report, published Monday, found evidence that attackers are beginning to organize for attacks on the Mac operating system. Researchers also found that over the past six months, nearly twice as many vulnerabilities surfaced in Mozilla browsers as in Explorer.

“It is now clear that the Mac OS is increasingly becoming a target for the malicious activity, contrary to popular belief that the Mac OS is immune to traditional security concerns,” the report said.

Symantec said OS X - based on BSD Unix - now shares many of the security concerns affecting Unix users. “As Mac OS X users demand more features and implement more ports of popular UNIX applications, vulnerabilities and exploits targeting this operating system and its underlying code base are likely to increase,” Symantec said in the report.

The number of security bugs confirmed by Apple has remained about the same over the past two six-month reporting periods, with no widespread exploits, Symantec said. But an analysis of a rootkit called Mac OS X/Weapox - based on the AdoreBSD rootkit - indicates the situation might not last much longer. “While there have been no reports of widespread infection to date, this Trojan serves to demonstrate that as Mac OS X increases in popularity so too will the scrutiny it receives from potential attackers,” the report said. “Mac users may be operating under a false sense of security.”

[kmiller1k]

I have worked on Microsoft since we started computing at home several years ago and I have not had a computer go down because of a virus, but, I have had my home page hi-jacked, spyware, malware, IE hi-jacked when using Google...so I can agree with you on stopping my machine but it sure gets bogged down with crap and then I have to system restore. If I had a dime for every system restore I have done, I'd have at least twenty dollars.

[Swordmaker]

I agree about their current bloat, and I don't doubt this happened - but it begs the question. Why would they fire all their original programmers?

My recollection is that Symantec was taken over by another company when they went into the Windows market... and it was felt that Macintosh oriented programmers couldn't do the job...

On the other hand, my recollector could be on the fritz...

[Swordmaker]

Perhaps the numbers do not tell the whole story. OSX is relatively new. It takes some time to develop and test these back doors.

Let's see...

- OSX server was released March 16, 1999,
- OSXbeta version of the desktop was released September 13, 2000
- OSX.0 "Cheetah", the final desktop version was released March 21, 2001.

That means that OSX has been out there and the hackers have been "testing" those back doors for six years... or five years for the beta... or four and a half years for the desktop version.

SEVEN MONTHS AFTER OSX was released, Microsoft released Windows XP on Ocotober 25, 2001.

So, JustAnother, the hackers have had seven months more to develop and test the back doors in OSX than they have had on XP... yet they have yet to exploit any.

[Swordmaker]

OSX is relatively new.

Add to the above that OSX's underpinnings is UNIX... with a 35 year background in development and testing of back doors...

[clyde asbury]

Well, that certainly sounds plausible. In the early 1990s around the time Windows 3.0 was released, Norton Utilities was a genuine improvement over just plain MS-DOS. They even added the Unix-like free command. I wasn't aware Norton was working with Macintosh at that time.

Using Norton Anti-virus for the first time a year ago, it was obvious the program was a resource hog particularly when compared to AVG and Antivir.

[JustAnotherOkie]

You were saying


Linux users warned about Firefox flaw (An 'extremely critical' flaw)
Posted by postaldave
On 09/21/2005 2:40:16 PM PDT · 15 replies · 401+ views

ZD NET UK ^ | 9-21-05 | Ingrid Marson
Users running Firefox on Linux may be vulnerable to a security vulnerability that can be exploited to compromise the user's system. Security firm Secunia warned on Tuesday that a flaw rated as "extremely critical" has been found in Firefox 1.0.6. The flaw can only be exploited on Unix or Linux based environments and can be fixed by upgrading to Firefox 1.0.7.

Follow me...

http://www.freerepublic.com/focus/f-news/1488895/posts

[Swordmaker]

Follow me...

Please demonstrate how an adimitted flaw (fixed 9 days before it was "found") in Firefox is a flaw in Unix? The fix had to be made in Firefox's core code... not in the OS.

Even if this were to apply to OSX under BSDFree UNIX, it would still require administrator permission to first download and also for the first run of the malicious code... AND to do serious system damage, the user would have to be running in root... which is turned off by default in OSX.