Loading ...
Sorry, an error occurred while loading the content.

Re: [wpmac] [OT] The sad state of anti-virus protection

Expand Messages
  • Randy B. Singer
    ... Most of the malware that has appeared in the last year was targeted by China at Himalayan activists and has been essentially non-existant in the West.
    Message 1 of 15 , Jan 8, 2013
    • 0 Attachment
      On Jan 8, 2013, at 1:01 PM, John R wrote:

      > Nice links. Glad to have them, since I noticed he says:
      >
      > > of all the Mac malware that has appeared over the last 12 years,
      > > almost 1/3 appeared in 2012, with 2011 in second place with 1/6
      > > of appearances. If this trend continues, Mac users will need to
      > > take security far more seriously than they do now.

      Most of the malware that has appeared in the last year was targeted by China at Himalayan activists and has been essentially non-existant in the West. Even with all the resources of an entire country behind creating such malware, the Mac has been kept updated by Apple to keep it secure.

      At quick look at Thomas' malware catalog at:
      http://www.reedcorner.net/mmg-catalog/
      shows two things:

      1) That there are only 35 known pieces of malware for the Macintosh. Compare that list to the *over a million* (!) pieces of malware for Windows:
      http://news.bbc.co.uk/2/hi/technology/7340315.stm
      and the over 95,000 new threats for Windows *every day*!
      http://www.sophos.com/security/topic/security-threat-report-2011.html

      2) Only a couple of the pieces of malware in Thomas' catalog have a threat level as high as "low." The rest have a threat level of "very low" and most have a threat level of "none."

      The Macintosh is now more secure than it has ever been.

      Experts: OS X now much more secure than rivals
      http://www.macnn.com/articles/11/07/23/leapfrogs.windows.7.linux.but.still.not.perfect/
      or
      http://is.gd/20R6VD

      Lion Security: Building on the iOS Foundation
      http://tidbits.com/article/12417
      "...we have security options never before available to consumers"

      Major overhaul makes OS X Lion king of security
      http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/

      Windows bigots have been saying that there will be lots of nasty malware for the mac "any day now" for as long as OS X has been around. However, OS X has been around for over a decade now. We shouldn't have listened to them then, and we don't need to listen to them now. There is no indication that OS X is going to be beset with malware anytime soon.

      Here is a fun article. It is simply entitled "Wolf." It is about the press crying "wolf" for the past decade with regard to the "coming wave of Mac malware."

      Daring Fireball: Wolf!
      http://daringfireball.net/2011/05/wolf

      Here's an interesting article about Mac Defender (the threat that everyone got all worked up about) and what Apple did behind the scenes:

      Mac Malware 'Explosion' Missing In Action
      http://www.tuaw.com/2011/07/21/mac-malware-explosion-missing-in-action/

      ___________________________________________
      Randy B. Singer
    • mxytsplyk
      Thank you, Randy, for putting this in perspective. There are reasons we use Macs and an operating system designed with security in mind (as BSD Unix was), is
      Message 2 of 15 , Jan 8, 2013
      • 0 Attachment
        Thank you, Randy, for putting this in perspective. There are reasons we use Macs and an operating system designed with security in mind (as BSD Unix was), is one of them.
      • John Kaufmann
        Randy, I echo the thanks expressed for your perspective. As a one-time Windows programmer, I was keenly aware of exploitable flaws that simply did not exist
        Message 3 of 15 , Jan 8, 2013
        • 0 Attachment
          Randy,

          I echo the thanks expressed for your perspective. As a one-time Windows
          programmer, I was keenly aware of exploitable flaws that simply did not
          exist in the more robust Mac system architectures. That said, I was struck
          by one of your assertions:

          In a message dated 2013-0108 20:32 -0500, Randy B. Singer wrote:
          > The Macintosh is now more secure than it has ever been.

          Ever? Was there ever malware for the pre-OSX "classic" Mac OS? [I'm not
          suggesting it was a better OS - there are many things that OSX does better
          - just that security was not an obvious motivation for the switch.]

          John K
        • Randy B. Singer
          ... When I said that the Macintosh is now more secure than it has ever been, I meant that OS X has been continually made more secure. As of Lion there were
          Message 4 of 15 , Jan 8, 2013
          • 0 Attachment
            On Jan 8, 2013, at 7:11 PM, John Kaufmann wrote:

            > Ever? Was there ever malware for the pre-OSX "classic" Mac OS? [I'm not
            > suggesting it was a better OS - there are many things that OSX does better
            > - just that security was not an obvious motivation for the switch.]

            When I said that the Macintosh is now more secure than it has ever been, I meant that OS X has been continually made more secure. As of Lion there were major improvements made with regard to security.

            Note that "improvements in security" doesn't mean that here are more threats around, or more severe threats. It just means that Apple has been pro-active.

            To directly answer your question though, yes, there was malware for the classic OS (OS 9 and earlier). At least 27 examples by my count:

            See:
            http://www.faqs.org/faqs/computer-virus/macintosh-faq/
            Section 7

            In fact, the fact that there were a significant number of viruses for the classic Mac OS is a great piece of evidence to refute the lie that Windows bigots like to spread that OS X doesn't have lots of viruses because it doesn't have a big enough market share. Back in the days of the classic OS the Mac had a much smaller market share than it does now, yet there was no lack of malware (but nothing like what existed for the PC). So it clearly isn't the case that virus-writing sociopaths are only interested in writing malware for a platform with a certain level of market penetration. The reason the Mac has so many fewer pieces of malware than Windows is, and always has been, that it is much harder to write malware for the Mac.

            Have a look at these fun articles:

            Broken Windows
            http://daringfireball.net/2004/06/broken_windows

            So Witty (followup to Broken Windows)
            http://daringfireball.net/2004/06/so_witty

            ___________________________________________
            Randy B. Singer
            Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

            Macintosh OS X Routine Maintenance
            http://www.macattorney.com/ts.html
            ___________________________________________





            [Non-text portions of this message have been removed]
          • Randy B. Singer
            As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they
            Message 5 of 15 , Jan 8, 2013
            • 0 Attachment
              "As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they require dangerous behavior on the user�s part, such as not updating their systems or downloading software from bad sources, such as through most torrent applications. Right now, anti-virus software is still not necessary for most users."
              http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/


              ___________________________________________
              Randy B. Singer
              Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

              Macintosh OS X Routine Maintenance
              http://www.macattorney.com/ts.html
              ___________________________________________
            • Randy B. Singer
              As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they
              Message 6 of 15 , Jan 8, 2013
              • 0 Attachment
                "As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they require dangerous behavior on the user�s part, such as not updating their systems or downloading software from bad sources, such as through most torrent applications. Right now, anti-virus software is still not necessary for most users."
                http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/


                ___________________________________________
                Randy B. Singer
                Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                Macintosh OS X Routine Maintenance
                http://www.macattorney.com/ts.html
                ___________________________________________
              • John R
                I know very little about this, but couldn t help taking seriously this caution from the Department of Homeland Security:
                Message 7 of 15 , Jan 22, 2013
                • 0 Attachment
                  I know very little about this, but couldn't help taking seriously this caution from the Department of Homeland Security:

                  http://bits.blogs.nytimes.com/2013/01/14/department-of-homeland-security-disable-java-unless-it-is-absolutely-necessary/

                  which includes:

                  "Last April, hackers exploited a Java vulnerability to infect more than half a million Apple computers with a vicious form of malware in what was the largest-scale attack on the OS X operating system to date. The exploit was particularly disconcerting because it let attackers download a malicious program onto its victims' machines without prompting."

                  It's just a guess, but when malware went from being the province of the teenage hacker/vandal to become the province of professional thieves, it was bound to become worse. Mac market share is growing, making Macs increasingly plausible targets.

                  According to the article, Apple now ships Macs with Java disabled, and has remotely disabled Java where it has been installed. I disabled Java on my machine as soon as I read this (for whatever reason, it had not been remotely disabled). But a day later I was on the New York Times' chess page, which featured an interactive game; I clicked on it and a dialog said I had to install Java, giving me a button to click to do so. I might not have known about the vulnerability.

                  Half a million Macs aren't very many, but I'm glad mine wasn't one of them. Hope this info helps someone.

                  John R.
                • Randy B. Singer
                  ... That exploit was called Flashback, and whether or not it really infected half a million Macs is a matter of intense debate. I m on about a dozen Mac
                  Message 8 of 15 , Jan 23, 2013
                  • 0 Attachment
                    On Jan 22, 2013, at 8:48 PM, John R wrote:

                    > I know very little about this, but couldn't help taking seriously this caution from the Department of Homeland Security:
                    >
                    > http://bits.blogs.nytimes.com/2013/01/14/department-of-homeland-security-disable-java-unless-it-is-absolutely-necessary/
                    >
                    > which includes:
                    >
                    > "Last April, hackers exploited a Java vulnerability to infect more than half a million Apple computers...

                    That exploit was called Flashback, and whether or not it really infected half a million Macs is a matter of intense debate. I'm on about a dozen Mac discussion lists, frequented by tens of thousands of Mac users, and among all of those users we could not find a single first-hand account of anyone having encountered Flashback.

                    It's true that Java is full of security holes and it is risky to have Java installed and active on your Mac. However, that point is moot for the overwhelming majority of Mac users at this point.

                    Mountain Lion didn't ship with Java at all. For those who were using an earlier version of OS X with Java installed, Apple has already pushed out patches to all Macs running OS X 10.6 through 10.8 that disables Java.

                    http://www.reedcorner.net/about-the-flashback-malware/
                    http://www.reedcorner.net/apple-and-mozilla-act-fast-to-secure-java/
                    http://www.macobserver.com/tmo/article/apple-remote-disables-java-on-macs-after-major-security-alert

                    If you haven't allowed Software Update to update your Mac with security updates, you should. If you have re-enabled/installed Oracle's version of Java on your Mac because you need it to access a particular Web site (some courts require Java to be able to file documents via the Web, for instance), you should turn Java off in your Web browser until, and only when, you specifically need Java.

                    In Safari, go to:
                    Safari menu --> Preferences --> Security --> uncheck Enable Java

                    As before, it's best not to use Web sites written by sources that don't really understand the Macintosh as your primary source of information about what is going on with the Macintosh. Especially with regard to security. They tend to be overly alarmist and not entirely accurate.

                    You can always find the latest info, written in language that ordinary folks can understand, and offered by a source that isn't trying to sell you anti-virus software, here:
                    http://www.reedcorner.net/mmg/

                    ___________________________________________
                    Randy B. Singer
                    Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                    Macintosh OS X Routine Maintenance
                    http://www.macattorney.com/ts.html
                    ___________________________________________
                  • John Kaufmann
                    ... Firefox users have the option of the QuickJava extension, which gives button-based toggling of Java and other potential vulnerabilities (JS, Flash, ...),
                    Message 9 of 15 , Jan 23, 2013
                    • 0 Attachment
                      In a message dated 2013-0123 06:13 -0500, Randy B. Singer wrote:

                      > ... If you have re-enabled/installed Oracle's version of Java on your Mac because you need it to access a particular Web site (some courts require Java to be able to file documents via the Web, for instance), you should turn Java off in your Web browser until, and only when, you specifically need Java.
                      >
                      > In Safari, go to:
                      > Safari menu --> Preferences --> Security --> uncheck Enable Java

                      Firefox users have the option of the QuickJava extension, which gives
                      button-based toggling of Java and other potential vulnerabilities (JS, Flash,
                      ...), making it very easy to enable on a per-site, or even per-page, basis.

                      John
                    • Rick Albright
                      ... What about JavaSCRIPT? That s a separate option. Should that be unchecked, as well, Don t a lot of web pages use JavaScript? What are the implications of
                      Message 10 of 15 , Jan 25, 2013
                      • 0 Attachment
                        On Jan 23, 2013, at 6:13 AM, Randy B. Singer wrote:

                        > In Safari, go to:
                        > Safari menu --> Preferences --> Security --> uncheck Enable Java

                        What about JavaSCRIPT? That's a separate option. Should that be unchecked, as well, Don't a lot of web pages use JavaScript? What are the implications of turning this off? Will it cause a lot of problems accessing web pages?

                        Thanks,
                        Rick

                        ===========================================================
                        Rick Albright
                        logres@...

                        Writing the Past, Writing the Future: Time and Narrative in Gothic and Sensation Fiction
                        http://www.powells.com/biblio/72-9780980149647-0
                      • J.J. McVeigh
                        ... No. You can leave that be. Apples and Oranges. -- John Joseph McVeigh, Attorney at Law Butler, Maryland 21023-0128 Practice before the Federal
                        Message 11 of 15 , Jan 25, 2013
                        • 0 Attachment
                          At 23:01 -0500 25.01.2013, Rick Albright wrote:

                          > > In Safari, go to:
                          >> Safari menu --> Preferences --> Security --> uncheck Enable Java
                          >
                          >What about JavaSCRIPT? That's a separate option. Should that be
                          >unchecked, as well[?]

                          No. You can leave that be. Apples and Oranges.

                          --
                          John Joseph McVeigh, Attorney at Law
                          Butler, Maryland 21023-0128
                          Practice before the Federal Communications Commission
                          Member: NY; DC; and USPTO Bars
                        • Sam Storch
                          While it is now considered good practice to disable Java (except by you for known specific purposes that you trust) you may need to have Javascript enabled to
                          Message 12 of 15 , Jan 26, 2013
                          • 0 Attachment
                            While it is now considered good practice to disable Java (except by you for known specific purposes that you trust) you may need to have Javascript enabled to do just about any work beyond text-only websites.

                            Despite having similar names, Java and Javascript are two entirely different things. You can get better clarification than my simple statement by searching recent discussions on macintouch.com which is reliable in this sort of stuff.

                            Cheers!
                          Your message has been successfully submitted and would be delivered to recipients shortly.