MacBooks are so hot right now. And so is Mac OS X malware There’s been an unprecedented rise in Mac OS X malware this year, according to security researchers at Bit9 + Carbon Black, with the number of samples found in 2015 being five times that seen in the previous five years combined. This year, there have been 948 OS X malware samples, compared with 180 in the years 2011-14 …
Mac and Linux have been relatively safe because they were niche OS, and had a generally knowledgeable userbase. Windows was , by far, the largest pool to fish in, with a user population who were mostly not IT/security savvy.
With the rise of the internet, the predominant server install was ..Linux.. Often ill-maintained, and as such a nice target for those with ill intentions. People soon learned, and given that web servers are generally maintained by people who have a clue about security, collateral damage could be mostly kept in check.
Then came the Second Coming of Apple... No longer niche, and the preferred toy of mostly clueless idiots who were willing to buy into Bling, and the sense of false security cultivated by the Fanbois, and connected to the Internet...
And the long-fanged black hats licked their chops, for the Flock was fattened, and ripe for Harvest.
Nope. There's always been a clear link between the popularity/size of population of an OS, and the amount of malware written for it, almost as soon as we could easily exchange data. So basically since the days of the Floppy Disc. There was stuff that could really mess up Amigas and C64's y'know..
why do people assume your choice of computer defines your IQ ?
Can we please get past "mac users are idiots", "Linux is cool", "I'm a sysadmin and therefore all-knowing"
I have Solaris & Windows machines at work, I run Ubuntu,Windows and Mac at home. I happen to like Macs ....
sorry, but it's a bit tedious
why do people assume your choice of computer defines your IQ ?
Because that is far as their feeble brains can process data. It's a miracle they can even operate a computer, that is after, wiping the drool from it. It's a bit unfair to engage these people in a battle of wits, though, as they are basically unarmed.
Nope. There's always been a clear link between the popularity/size of population of an OS, and the amount of malware written for it, almost as soon as we could easily exchange data. So basically since the days of the Floppy Disc. There was stuff that could really mess up Amigas and C64's y'know..
That doesn't seem to correlate with the number of Linux servers out there. Start with the basics: what OS do you still need to build a DMZ for so it doesn't get infected while you're still busy installing it? It's not OSX or Linux. What OS comes by default with the tools to protect yourself? Well, that's again practically any UNIX derived platform. What you're carefully avoiding to mention is which TYPE of malware is prevalent. OSX as well as Linux is (like almost any platform ) as defenceless as Windows against code that is installed via social engineering because that is, after all, what it is supposed to do: trust its user, and the only way that can be addressed is by educating users.
However, OSX is not as exposed to drive-by infections as Windows where simply looking at a website or an email is enough to screw over the system.
I would never claim an OS to be safer over another. Where I distinguish is how much effort and resources I have to put in to keep it clean. From that angle, I'm quite OK with OSX. Is it perfect? No, nothing is. But it's still far easier to keep it clean, and that is a fact no amount of astro turfing can get around.
By the way: I have yet to see any attempt by Linux distros or Apple to ram an OS down my throat as Microsoft has. Or don't you consider it ridiculous that users now have to actively GUARD against an upgrade? Who needs a virus if the manufacturer itself becomes a risk?
> I have yet to see any attempt by Linux distros or Apple to ram an OS down my throat as Microsoft has
OSX (at least Yosemite and Mavericks) have now started to produce occasional but annoying app-store pop-ups asking you to upgrade to El Capitan.
OSX (at least Yosemite and Mavericks) have now started to produce occasional but annoying app-store pop-ups asking you to upgrade to El Capitan.
Is that in general or because of some applications that have gone 10.11?
So, far the only thing that has failed me on OSX10.11 has been an nmap binary, and that was not El Capitan but two bugs in the binary distribution, one of which has already been fixed. I could have switched to the macports version but I've decided to hang on so I could help with debugging the problem.
@anon "By the way: I have yet to see any attempt by Linux distros or Apple to ram an OS down my throat as Microsoft has."
Linux I'll grant you but apple most certinally do push their OS on you... I'd be glad to be corrected and pointed in the direction of the Hardware only (without OS) section on apple.com so I can buy a nice laptop to put mint on....
Linux I'll grant you but apple most certinally do push their OS on you... I'd be glad to be corrected and pointed in the direction of the Hardware only (without OS) section on apple.com so I can buy a nice laptop to put mint on....
That is the normal laptop section. After all, you don't pay for the OS and default apps, and haven't since (I think) 10.9. However, Apple's support is naturally focused on their own OS so it would be silly for them to encourage you to install something else - that would be your problem, not theirs.
It runs Mint quite well, BTW, I have it in a VirtualBox :)
"However, OSX is not as exposed to drive-by infections as Windows where simply looking at a website or an email is enough to screw over the system."
There have been numerous holes in OS-X that allowed exactly that type of attack. OS-X has actually had more of them than any Windows version...
No, but the pointless self-congratulations might.
As for me, this Mac user was appreciative of the decades old messages being used in service of reducing Mac users. I mean if being a niche was a benefit, then by all means counter my positive messages to friends and family recommending OS X. Thank you for looking out for us in the day.
As to flocks being fattened, I thought the first assumption among those who had to change the discussion of Windows 2000/XP non-security into grading on a hypothetical curve was that a Mac owner was an idiot with money. Wouldn't that mean the sheep were already fat?
And all those years of comparing the security gains of Windows in the versions that were never used by 50-75% of the user base as compared with the versions used by 50-60% of the OS X user base that did migrate within a year.
Any way, everything is better than it used to be, most people are compromised or inconvenienced by their governments or uninspiring security at retail and web sites, and the weakest component in the struggle with on-line threats is the user.
I've been a Mac user for over a decade and most traditional "malware" attacks were self inflicted crap like "Mac Defender" which fooled the naive, non-technical and uninformed into installing this crap onto their systems, but times are a changing....
More people I know are switching to Macs because they own iPhones and/or iPads. All of a sudden, having a shiny Mac to compliment their IOS devices has become a trend, as have my after hours calls from our friends who often ask me questions like "how do I do..."
Sadly most newer OS X 'converts' are under the false belief that they are "safer" using a Mac than they are using a Windows system.
As the Mac Pack grows, those who author malware will adapt and try and find ways to exploit OS X systems. Malware has always been a cat and mouse game between OS security and exploitable areas that are unpatched.
The golden rules of common sense apply, never install a .DMG file from an untrusted source and do your security updates...
Hold on a minute, I have reboot, my Mac has just installed Apple's EFI security update...... fuck!
I've just checked with 2 (yes, TWO) macbook wielding neighbours, and they both claim adamantly their apparatus is invulnerable to outside attack and does not require any user intervention to keep it safe. This is all done automatically by the iCloud (sic)
YMMV. But first results show reality has not yet pervaded the Walled Garden.
Hmm. Let me see.
Firewall: check (built in functionality, default setting)
uBlock, Ghostery and Incognito: check
Patched: check (although I feel left out - Windows people get a lot more of that)
Filevault enabled: check (built in functionality)
Backup encrypted: check (built in functionality)
USB sticks encrypted: check (built in functionality)
Bootup password to stop booting from other media: check.
Prevent loading of plugged in bootroms: patched, check
Media soldered in so impossible to reformat after theft: check
Not permitting unsigned code: check (default setting)
Display showing owner details & reward offer on bootup: check
The only thing that is slightly outside standard is that I use Viscosity VPN, VeraCrypt for portable archives and Vivaldi to confuse the crap out of websites I don't trust, and I use macports to pull in stuff such as nmap. Still, a basic macbook comes with all the tools to bolt the doors firmly shut. There is a way to secure Windows machines as well, but that is both more involved and more costly, so if security is your thing I think Windows is not exactly the best starting point.
As for "not needing any user intervention": if you set upgrades to auto it is indeed pretty OK, also because it defaults to blocking unsigned code.
"Windows people tend to have far fewer of those than OS-X or Linux users these days...."
Really? FYI Microsoft XP is no longer supported perhaps you should upgrade. Might explain why you aren't getting those patches anymore. I operate Win7-10 and not only is patch Tuesday still patch Tuesday but I reboot fairly frequently for incremental updates to various parts of the OS. Not to mention that after-patch Wednesday is the day new exploits go wild and usually thrive until the next patch Tuesday. There is a good argument from non-system don't-make-us work-hard-more-than-once-a-month" admins that security may benefit from a compressed cycle of updates now and again....
"Really?"
Yes really - OS-X is on well over 2,000 known vulnerabilities now. Even XP which is Microsoft's worst to date only has about 700. You need a commercial Linux distribution to beat that (e.g. SUSE 10 > 4,000)
"you SEE fewer of them."
Because there are fewer of them.
Windows people tend to have far fewer of those than OS-X or Linux users these days
Correction: you SEE fewer of them. Usually because they are packed together (to massage the statistics many people are so fond of quoting) or to stop you from realising just how many GB you download on a monthly basis just to keep up.
For OSX and Linux users a patch is still a noteworthy event instead of the routine it has become for Windows users, and few of these updates are for the actual OS itself.
> Really? Any figures/citations to back that up?
Maybe I can help:
Mac OS X: http://www.cvedetails.com/product/156/Apple-Mac-Os-X.html?vendor_id=49
Windows 7: http://www.cvedetails.com/product/17153/Microsoft-Windows-7.html?vendor_id=26
Yes, has fewer vulns discovered than OS X:
In 2015: Windows:125 vs OS X:335
In 2014: Windows:35 vs OS X:114
OK, I can't let that stand unchallenged because this is the kind selective quoting of statistics Microsoft tends to pull when they are selling to governments and military (which is why you can never quite get a copy of the exact same presentation from them later).
TL:DR version: using your statistics (minus the creative bit) it appears that OSX has LESS THAN A THIRD of the exposures of Windows since 1999.
Well, Mr Microsoft marketing, here is a lesson for you: NEVER try to use statistics if someone can actually check on what you're doing. If you get found out (like in this case) it doesn't just destroy your argument, it takes down your entire credibility.
Let's have a look at what you were trying to do. The very fact that you even tried is an illustration that you knew damn well you had to fudge the facts, so let's get some reality in there.
You were not trying to compare like for like, but one SINGLE version of Windows against the whole lifespan of OSX. So, let's leave out the version numbers for Windows as well then, shall we? That way, you end with 1304 vulnerabilities for ALL versions of OSX versus 4135 for ALL versions of Windows. In non-creative maths, that means that OSX has LESS THAN A THIRD of the exposures of Windows since 1999, even when Prince had not been singing about that year.
But hey, let's be a bit more precise and compare them year by year using the full facts, just to see what remains standing of your "facts" when reality hits them. Ooooh, look, on those same pages: shockingly, OSX has consistently fewer issues, year after year after year. Oops.
Let me translate that for you: fewer problems, fewer risks, fewer resources spent keeping it safe, fewer interruptions from getting work done - etcetera etcetera, you know, the arguments we provided earlier which you have kindly validated for us. It's a shame the site doesn't show any Linux stats because I reckon they'll be similar, but let's stick to the facts we have at hand - facts you yourself suggested we should use for this comparison.
For further entertainment, let's not stop there but look at what exactly those bugs represent. As you can see from the raw, unmassaged, clean yet somehow painful facts, Windows fairs EXCEPTIONALLY bad on privilege escalation: you know, the very thing that will install malware and steal your data even if the vendor itself doesn't help it along (as planned in Windows 10, which gave it the name "Slurp").
Now crawl back to Redmond and tell them you failed: you need something that isn't actually based on facts. I'd use the phone if I were you - your Windows machine is probably hacked already.
"TL:DR version: using your statistics (minus the creative bit) it appears that OSX has LESS THAN A THIRD of the exposures of Windows since 1999."
And that from nearly 1/10th of the user base. I'm afraid that your stats basically prove Grikath right; 1/4 of the Mac OS exposures are from the last year alone. OSX has actually improved in security in that time period, and yet is under far, far, far more attacks than previously. So either Mac OS has been getting exponentially more insecure since 1999, or using absolute exposure numbers is a preposterous exercise (for both you and the commentard you're disputing).
Mac security is a myth. If it's not a myth, then the stats show Apple are rapidly making it one.
"Media soldered in so impossible to reformat after theft: check"
Ahh they're selling that as a security feature now are they?
Coat? Mines the one with the 5 year old laptop with the new ridiculously large hard drive, additional memory and new battery hanging next to it.
"Media soldered in so impossible to reformat after theft: check"
Ahh they're selling that as a security feature now are they?
No, they don't. But that doesn't make it less true. To be honest, I have not upgraded laptop hardware since somewhere before the year 2000. First of all, I buy higher specs so not "just enough to work", secondly I don't have the time to mess around, thirdly I do not keep a laptop for more than 3 years (which in Apple's case means I get a decent return value).
I would agree with you that if your aim is to upgrade a machine later having it all soldered in is not helpful, but for my use which involves carrying fairly confidential data around it is pretty much perfect. I wish you luck trying to get to VeraCrypt encrypted data stored on a Filevault encrypted partition on a machine you cannot even reboot on another OS. It's also a big "oh f*ck" if the machine fails, but that's what encrypted backups are for. Added bonus is that it is thus more likely someone will try to claim the reward it advertises than to resell it to someone who cannot use for anything but a doorstop..
So, I remember a few years back, there were less than 10 known threats to OS X, now 1400 or 2000, depending on how you count .... still not in the same league as hundreds of thousands if you go look at MS. So safer, mathematically, of course, however, you are only as safe as your skill allows for.
I find the malware on Windows to get always harder to remove ... mainly due to brain-dead Windows file locking, mostly.... none of that BS on our UnixyWare© stuff (That is my brand, with the y).
Now, I have a few macs at home, spend most of my time on Linux though, macs are for the kids ... I am currently using Windows 8.1 (LOL, the more I know you, the more I hate you) ....
I don't remember "malware" being so widespread on OS X until Chrome came along... Maybe this is coincidental? I know there are many dodgy extensions for Chrome, I assist users with browser problems daily on OS X, and more often than not it's Chrome causing issues. There is one EBay extension in particular that really changes the UI of Chrome... buttons hidden, homepage hijacked, search engine can't be changed etc.
As far as I know, the <user> has to install malware on OS X. If this is not true, do let me know, I have some fanboi's that need some schooling...
I don't remember "malware" being so widespread on OS X until Chrome came along...
And strangely enough, many OS X users flock to Chrome and Firefox as 'alternatives' to Safari..
I am no Safari fan, but it's the Apple bundled browser that does do the job... just saying...
I don't think it was just being a niche machine that helped Apple stay ahead - the well-tested UNIX heritage certainly was a plus. The changes added in El Capitan (OSX 10.11) should help keep them ahead. Now there are plenty of things that not even "root" can do without booting into a recovery session (similar to runlevel 1 on UNIX / Linux). As mentioned, though, there is still major work to be done.
@Mondo
Reading between the lines I see... Nicely done, but it is only an observation. I know from experience that I need all of those browsers on OS X. Not every site works in Safari, or Chrome nor Fireferet on OS X, we especially like the sites that say please use Internet Destroyer... Then Safari's delevop menu is great for impersonating IE as other browsers. It doesn't always work, but always worth a try.
Disclaimer: On this often shared home computer, I use Chrome, only installed extensions are adblock and two googly docs for work. The missus uses Safari. No issues here so far.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
