Posted on 01/07/2007 6:56:27 PM PST by Huntress
Name one in the wild. Not a laboratory proof-of-concept with out a vector.
I think ISPs are afraid to confront or fix infected user computers. They could end up sued either way. If they try to fix a users computer and it does not work and there is damage is one way. Or if they tell a user they will cut off service unless they fix the hack that lets their computer be used by some hacker they could get a lawsuit that way.
Uh, Drift? You REALLY believe there are only 12,000 Macs in use in the world??? .... that's funny. You continually display ignorance of the Mac computer. From your link:
On March 8th, 2004, eEye Digital Security discovered a vulnerability in ISS's BlackICE/RealSecure products. On March 9th, ISS released a patch for the vulnerability. On March 18th, eEye published a high-level description of the vulnerability. 36 hours later, Witty (Worm) was released into the wild. Within 45 minutes, every vulnerable machine was infected, about 12,000 machines in total. . . Witty only attacked computers running unpatched versions of BlackICE firewalls. It was released ten days after a fix for the vulnerability was issued. It only infected 12,000 hosts, but it did so in 45 minutes, or 4.45 hosts per second.
ISS's BlackICE/RealSecure Firewall runs on WINDOWS computers, not Macs. It infected 12,000 WINDOWS computers using BlackICE's firewall. The point of the article was that crackers wrote a virus that invaded a firewall on a Windows machine that was installed on only 12,000 computers. Not 12,000 Macs.
You want the source? Last January, Apple reported 19,000,000 OS X Macs were in use. They have sold an additional 6 milllion or so in the last year.
Popular Science did a scientific survey of computer users in the United States a couple of years ago and found that 14% of the respondents were using Macs... which translated into about 16,000,000 Macs. Consumer Reports found 16% Mac users in another unbiased survey of consumer computer users. The Software Publishers Association of America reported a year and a half ago that 18% of all software is purchased for Macs.
25,000,000 is probably on the outside edge of accuracy but 22 million would be real close.
Uh, Common? The Mac is not a Linux based computer. The underlying OS of OS X is FreeBSD UNIX. Linus Torvald's brain child has had nothing to do with it.
I thought the article was announcing a coordinated attack, right now, today.
WTH?
Must be a slow news day.
No, It is just more anti-Mac FUD. They want you to infer a Mac vulnerability from their off hand implication! They provide no evidence for Mac involvement beyond their say-so. There are no credible reports of any malware invading Macs to date. That does not mean that one might not appear... or that someone is using their Mac to do evil deeds.
Macs under attack by zombie computer users
More Macs out there now than when they had over a hundred viruses in the wild. That kind of ruins the argument.
Reality check, dude. According to Apple's 10K filed with the SEC, they sold 5.3 million Macs last quarter alone. But since your 12,000 number comes from 2004, we can compare that with the same 10K which says Apple sold almost 3.3 million Macs that quarter in 2004.
My daughter's ISP shut down her account a few years ago when it was hacked and was forwarding spam. She had 2 teenagers at home at the time. I don't remember what version of MS they were running. She bought a 20" iMac last year and is very happy not having to deal with the crashes the MS machine suffered. The Mac runs behind a Linksys router as does mine...
It has been known for some time that the TCP/IP stack in Windows was taken from BSD. (Not "Berkley Linux" --- BSD and Linux are similar, but not the same.) The BSD license allows commercial products to incorporate BSD code as long as credit is given. OSX is based almost completely on BSD.
There are several differences between the way Windows and unix-like systems work that make Windows far more vulnerable.
First, *nix operating systems enforce user privileges. Generally, a user needs to enter an administrative password before changing important system files or installing programs.
In Windows almost all users have administrative rights,which allows any program to alter crucial system files and run any code. If a malicious program tries to alter system files in Linux or OSX, it would either need to use a flaw in the system to escalate privileges to administrator or convince the user to enter an administrative password.
Secondly, ActiveX allows a website to run programs on a user's computer with the user's full privileges. This is the fundamental reason why Internet Explorer is unsafe. Until recently, a user could simply visit a site, and an ActiveX control could run, download the malicious software and run it without any user intervention. Unpatched systems still have this vulnerability.
Windows' problems are based on design decisions made by the Windows developers many years ago. They assumed that the Internet was safe and that no one had malicious intent. They have been working to deal with those assumptions for years. The first big step was XP SP2, where the firewall was on by default, which ended much of the worm problem. Now, they have required user intervention to run ActiveX controls.
Windows Vista will make it much harder for hackers to take over machines, since it implements unix-like privilege system for all users. At the very least, in Vista, a user will have to click "OK" before any software is installed or touches system files.
Sorry your daughter had a problem, but more ISPs should do the same.
Bingo. I've seen reported vulnerabilities, but no Mac viruses in the wild; but it doesn't take much programming chops to write a Trojan Horse that some doofuses will download and install, clicking "OK and entering their admin password each step of the way.
Morris Worm, anyone?
The problems (and there were several small, unrelated problems that combined to make the vulnerability) that allowed the Morris Worm to spread have all been fixed years ago.
For instance, no modern Unix variant has shipped with fingerd running by default for at least 5 years.
One might as well scream that cars are DEADLY because of those Pinto gas tanks.
On the other hand, 90% of all spam is generated by owned Windows boxes. Microsoft Windows is the cause of most spam.
This is because of two basic problems. A) Windows runs it services as the system user (so and owned service like IE can own the whole box) and B) Microsoft has marketed Windows by saying that a Windows desktop doesn't need an admin, yet there are a multitude of admin tasks that need to be completed regularly on a Windows desktop to ensure that it's not owned.
The first is a systemic design flaw. The second is just dishonesty.
The result is billions of dollars in losses for businesses and individuals due to spam.
Oh, I certainly didn't mean to imply anything about current vulnerabilities; quite the opposite, in fact. I was backing up the statement that hackers have been banging on Unix machines for a very long time.
This is because of two basic problems. A) Windows runs it services as the system user (so and owned service like IE can own the whole box) and B) Microsoft has marketed Windows by saying that a Windows desktop doesn't need an admin, yet there are a multitude of admin tasks that need to be completed regularly on a Windows desktop to ensure that it's not owned.
More fundamentally, DOS/Windows was not built from the ground up as a multiuser, networked OS; Unix was.
Oh, I see. Sorry to misunderstand you.
More fundamentally, DOS/Windows was not built from the ground up as a multiuser, networked OS; Unix was.
They had the opportunity to fix that at least three times that they've bragged about. Windows 9x->WindowsNT, WindowsXP and now Vista. Each time they've said it was going to be a complete rewrite. Each time they end up with the same old mistakes.
"Duh, that was 10K, not 10Q. 10Q has it at 1.3 million that quarter, 10K has the yearly number. Still, way bigger than 12,000."
Sure there are more than 12,000 but them selling that many per quarter doesnt mean there are 25 million in use.
Apples represent a tiny fraction of the PCs sold throughout the world. Yes they have a good product but they don't have the market share. People have written code to attack apples so we know it can be done. MS has the market and is more profitable.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.