Symantec: Mac users deluding themselves over security

MacCentral ^ | 09/19/2005 | Matthew Broersma

[Swordmaker]

"You can't write an effective virus for OSX because of its Unix base."
Sure you can, no one has bothered.

The problem is spreading the virus you may write... OSX is locked down against most vectors.

[general_re]

Me either. The last worthwhile AV stuff they made was NAV CE 7.0/7.5, and that was '98 IIRC. NIS (any version) is just a complete heap of sh*t, IMO.

O, where have you gone, Peter Norton, when we need you? ;)

[Swordmaker]

Hackers will attack solely based on the number of users of an OS.

Funny. False on its face.

The Witty Worm

Witty infected only about a tenth as many hosts than the next smallest widespread Internet worm. Where SQL Slammer infected between 75,000 and 100,000 computers, the vulnerable population of the Witty worm was only about 12,000 computers. Although researchers have long predicted that a fast-probing worm could infect a small population very quickly, Witty is the first worm to demonstrate this capability. While Witty took 30 minutes longer than SQL Slammer to infect its vulnerable population, both worms spread far faster than human intervention could stop them. In the past, users of software that is not ubiquitously deployed have considered themselves relatively safe from most network-based pathogens. Witty demonstrates that a remotely accessible bug in any minimally popular piece of software can be successfully exploited by an automated attack.

I suspect there are more than 12,000 Linux and/or Mac hosts out there on the internet.

Also, consider that the folks who were hit with this were also among the more security-concious users:

The vulnerable host population pool for the Witty worm was quite different from that of previous virulent worms. Previous worms have lagged several weeks behind publication of details about the remote-exploit bug, and large portions of the victim populations appeared to not know what software was running on their machines, let alone take steps to make sure that software was up to date with security patches. In contrast, the Witty worm infected a population of hosts that were proactive about security -- they were running firewall software. The Witty worm also started to spread the day after information about the exploit and the software upgrades to fix the bug were available.

(The above posted by Freeper Zeugma, April 4, 2005)

In addition, viruses have been written for a specific Ethernet router with fewer than 40,000 installed base and cell phones with fewer than 100,000. There are over 18,000,000 OSX Macs (Newsweek cited 25,000,000 based on a scientific poll of computer users), are seriousy thinking that is not a sufficient installed base to attract hackers?

[N3WBI3]

Personally, I think users of alternate OS'es are a touch overconfident about security issues.

Maybe, but no more than users of mainstream OS's (read windows) ignore the serious problems that OS has had and chalk it up to market share not engineering.

[Swordmaker]

Personally, I think users of alternate OS'es are a touch overconfident about security issues.

Only a touch... I use a both a software firewall and hardware firewall... and my Mac is set to not respond to any external probe from the Internet. But, until a Mac virus is found in the wild, I see no reason to pay Symantec or any other anti-virus publisher for protection. When one is captured in the wild, and shown to be vicious, then I will consider it.

On the other hand, Symantec hasn't made a single product worth having for about six or seven years now.

Norton used to make an excellent suite of tools for cleaning, repairing, and maximizing Macintosh Harddrives, Norton Utilities. Since then I have seen nothing but bloat and processor intensive background junk. That happened after Norton fired all their original programers just after they moved into the Windows world...

[onlyeverything]

I have Norton installed but not running on my G4 with OS 10.3.9 installed. This post reminded me that I should probably perform a quick scan of my computer since it's been about 6 months since the last scan. Then after I find that I don't have a virus... I'll turn off Norton for another 6 months.

Regards,

Jim
MCSE

[coconutt2000]

*chuckle*

Symantec is upset that Mac users do not feel the need to purchase their software.

I've found since the change over to UNIX as the basis for the Mac OS, Symantec software does more harm than it helps.

[BigSkyFreeper]

I remember when Norton/Symantec rocked.

I remember those days too. Long before Symantec took the product over from Peter Norton and turned it into a heaping, steaming, expensive pile of manure. They started charging for yearly updates around 2000. System Works was an indespinsible tool right up until 2000. It had everything any user could want.

[BigSkyFreeper]

The problem is spreading the virus you may write... OSX is locked down against most vectors.

That's what Bill Gates has said every time a new Windows version is on the horizon.

[clyde asbury]

Since then I have seen nothing but bloat and processor intensive background junk. That happened after Norton fired all their original programers just after they moved into the Windows world...

I agree about their current bloat, and I don't doubt this happened - but it begs the question. Why would they fire all their original programmers?

[JustAnotherOkie]

Perhaps the numbers do not tell the whole story. OSX is relatively new. It takes some time to develop and test these back doors.

[steve-b]

Yeah -- this is like concluding that Bush is sleazier than Clinton based on reports from the mainstream media (which tends to trumpet the former and downplay the latter).

[Leonard210]

When I was selling Macs, the only people interested in virus software were potential switchers. In my humble opinion, that's why Apple offered anti-virus protection in their dotMac suite. dotMac came out around the same time that the "switchers" campaign was in full swing, and if their experience was at all similar to mine, anti-virus was at the top of the list of add-ons desired by PC users. It was easier to sell a PC switcher virus software than to convince them that it was unnecessary at that point in time (and today as well). That doesn't mean that we're "deluding" ourselves, as the title of this thread suggests. We just don't have problems right now. Earlier someone suggested that their Windows boxes hadn't had problems in 12 years 'cause they kept their AV software updated. Right now, we don't have problems and we don't use AV software. I haven't purchased any for OS X and only ran NAV every six months on OS 9 'cause I got into a habit with OS 7 and 8. It never found anything. (I wouldn't allow it to run in the background 'cause it screwed up the OS.)

I am also running XP and the AV updates in the background automatically. Other than slowing the network down while it does its thing, it seems pretty stable. I wouldn't run a PC without it. And I'll run it again on OS X if a valid threat is discovered. That's not delusional, that's just the facts.

[general_re]

...users of mainstream OS's (read windows) ignore the serious problems that OS has had and chalk it up to market share not engineering.

Honestly, the architecture and design is really reasonably sound - the registry is a kludge, but nevermind that. The real problem is that the defaults are much too lax, and too much (legitimate) software is written with an expectation of lax permissions. It's sort of like building a bank vault, and then leaving the combination to the lock on a sticky next to the door - the problem isn't the design of the vault, it's the way the default security settings are set up that's the problem.

[js1138]

My understanding is that Vista will not allow programs to have administrator priveleges.

Nonconforming programs will be installed in a virtual program directory and will get a virtual copy of the registry.

[anonymous_user]

Never used Macs; they don't run the software that I need to run and they're overpriced for what you get.

I feel the same way about PCs. ;)

[general_re]

My understanding is that Vista will not allow programs to have administrator priveleges.

...without explicit permission, I assume.

[js1138]

That's an interesting question. Even with the current windows you have to give explicit permission for a new active-x control to install, but people just click OK without thinking.I have taken up the habit of writing to websites that want to install stuff and telling them that I will not visit their site. I'm thinking of emailing their sponsors and telling them the same thing.