Macs becoming virus targets

Discussion in 'Computing' started by xerxes, May 1, 2006.

  1. xerxes

    xerxes Guest

    http://www.smh.com.au/news/breaking/macs-becoming-virus-targets
    /2006/05/01/1146335624796.html

    Macs becoming virus targets

    April 1, 2006

    Benjamin Daines was browsing the web when he clicked on a series of
    links that promised pictures of an unreleased update to his computer's
    operating system.

    Instead, a window opened on the screen and strange commands ran as if
    the machine was under the control of someone - or something - else.

    Daines was the victim of a computer virus.

    Such headaches are hardly unusual on PCs running Microsoft Corp.'s
    Windows operating system. Daines, however, was using a Mac - an Apple
    Computer machine often touted as being immune to such risks.

    He and at least one other person who clicked on the links were infected
    by what security experts call the first-ever virus for Mac OS X, the
    operating system that has shipped with every Mac sold since 2001 and has
    survived virtually unscathed from the onslaught of malware unleashed on
    the Internet in recent years.

    "It just shows people that no matter what kind of computer you use you
    are still open to some level of attack," said Daines, a 29-year-old
    British chemical engineer who once considered Macs invulnerable to such
    attacks.

    Apple's iconic status, growing market share and adoption of same
    microprocessors used in machines running Windows are making Macs a
    bigger target, some experts warn.

    Apple's most recent wake-up call came last week, as a Southern
    California researcher reported seven new vulnerabilities. Tom Ferris
    said malicious Web sites can exploit the holes without a user's
    knowledge, potentially allowing a criminal to execute code remotely and
    gain access to passwords and other sensitive information.

    Ferris said he warned Apple of the vulnerabilities in January and
    February and that the company has yet to patch the holes, prompting him
    to compare the Cupertino-based computer maker to Microsoft three years
    ago, when the world's largest software company was criticised for being
    slow to respond to weaknesses in its products.

    "They didn't know how to deal with security, and I think Apple is in the
    same situation now," said Ferris, himself a Mac user.

    Apple officials point to the company's virtually unvarnished security
    track record and disputed claims that Mac OS X is more susceptible to
    attack now than in the past.

    Apple plans to patch the holes reported by Ferris in the next automatic
    update of Mac OS X, and there have been no reports of them being
    exploited, spokeswoman Natalie Kerris said. She disagreed that the
    vulnerabilities make it possible for a criminal to run code on a
    targeted machine.

    In Daines' infection, a bug in the virus' code prevented it from doing
    much damage. Still, several of his operating system files were deleted,
    several new files were created and several applications, including a
    program for recording audio, were crippled.

    Behind the scenes, the virus also managed to hijack his instant
    messaging program so the rogue file was blasted to 10 people on his
    buddy list.

    "A lot of Mac users are in denial and have blinders on that say,
    'Nothing is ever going to get to us,'" said Neil Fryer, a computer
    security consultant who works for an international financial institution
    in Britain. "I can't say I agree with them."

    Fryer, also a Mac user, said he has begun taking additional precautions
    over the past year to make sure he doesn't fall victim to an attack. He
    spends more time than in the past scrutinizing his security logs for
    signs of intruders, and he uses a firewall and additional security
    applications, just as he would with a Windows-based machine.

    Among the other signs Macs are a growing target:

    - The SANS Institute, a computer-security organisation in Bethesda, Md,
    added Mac OS X to its 2005 list of the top-20 Internet vulnerabilities.
    It was the first time the Mac has been included since the experts
    started compiling the list in 2000.

    - This week, SANS updated the list to warn against flaws in Safari, the
    Mac Web browser, which the group said criminals were able to attack
    before Apple could fix it.

    - The number of discovered Mac vulnerabilities has soared in recent
    years, with 81 found last year, up from 46 in 2004 and 27 in 2003,
    according to the Open Source Vulnerability Database, which is maintained
    by a nonprofit group that tracks security vulnerabilities on many
    different hardware and software platforms.

    Less than a week after Daines was attacked in mid-February, a
    25-year-old computer security researcher released three benign Mac-based
    worms to prove a serious vulnerability in Mac OS X could be exploited.
    Apple asked the man, Kevin Finisterre, to hold off publishing the code
    until it could patch the flaw.

    The Mac's vulnerability could also increase as Apple transitions to a
    product line that uses microprocessors made by Intel, security experts said.

    With new Macs running the same processor that powers Windows-based
    machines, far more people will know how to exploit weaknesses in Apple
    machines than in the past, when they ran on the PowerPC chips made by
    IBM and Motorola spinoff Freescale Semiconductor.

    "They have eliminated their genetic diversity," said independent
    security consultant Rodney Thayer. "The fear is that we're going to run
    into a new class of attacks."

    Bud Tribble, Apple's senior vice president of software technology,
    disagreed.

    "All the things we've been doing to make Mac OS X secure continue to be
    relevant on Intel," he said.

    Mac OS X, he said, is designed to be Internet safe out of the box,
    without the need for firewalls or additional security software. He
    praised Mac OS X for making it easy for users to automatically install
    security patches.

    He noted that the operating system was derived from FreeBSD, open source
    software that was built from the ground up to provide security for
    computers networked together. Since its origins in the early 1990s, the
    Unix-based FreeBSD has continually been battle-tested by college
    students and computer security specialists.

    "The bottom line is we still feel more comfortable using a Mac than a
    (Windows) PC," said Alan Paller, director of research for SANS.

    But as Daines can attest, there are no guarantees.

    "We're all sort of waiting with bated breath to see if any problem will
    happen and the jury is still out," said Thayer, the independent security
    consultant. "I don't think you'll find a consensus."
     
    xerxes, May 1, 2006
    #1
    1. Advertisements

  2. xerxes

    Wayne Guest

    Wayne, May 1, 2006
    #2
    1. Advertisements

  3. Wayne committed to the eternal aether...:
    maybe m$ write them - do you think anyone there would be capable?
     
    Damien McBain, May 1, 2006
    #3
  4. xerxes

    steam3801 Guest

    steam3801, May 1, 2006
    #4
  5. xerxes

    ShazWozza Guest

    What do you mean 'becoming'? Macs were a virus playground in the days of
    the Mac operating system (before OS X). This was thanks to code resources
    called 'INIT's.
     
    ShazWozza, May 1, 2006
    #5
  6. They'd be buggy, take forever to load and execute, and charge you for
    the privelege.
     
    Puss in boots, May 1, 2006
    #6
  7. xerxes

    Ernest Guest

    no they can't be writing them - their programers are not that good.
    But they may be paying someone to write them.

    Regards,

    Deadly Ernest
    (all typos fault of server or
    other gremlins)
     
    Ernest, May 2, 2006
    #7
  8. Puss in boots committed to the eternal aether...:
    They'd also span many CDs and take heaps o hdd space. But at least you'd be
    able to update them for free on the ms website
     
    Damien McBain, May 2, 2006
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.