back to article MacBooks are so hot right now. And so is Mac OS X malware

There’s been an unprecedented rise in Mac OS X malware this year, according to security researchers at Bit9 + Carbon Black, with the number of samples found in 2015 being five times that seen in the previous five years combined. This year, there have been 948 OS X malware samples, compared with 180 in the years 2011-14 …

  1. Steve Davies 3 Silver badge
    Joke

    That must mean....

    that Apple is doomed.

    see Icon (or not)

  2. Anonymous Coward
    Anonymous Coward

    OS-X has well over 2,000 known security vulnerabilities so far (as per Secunia). That's approaching Linux levels of being Swiss Cheese...

    1. Paul Crawford Silver badge

      And yet Windows users are still being screwed over so much more often by the black-hats, far more than the 10:1 or whatever ratio of users run Windows vs MacOS/Linux. Funny that?

  3. Grikath

    been saying it for decades...

    Mac and Linux have been relatively safe because they were niche OS, and had a generally knowledgeable userbase. Windows was , by far, the largest pool to fish in, with a user population who were mostly not IT/security savvy.

    With the rise of the internet, the predominant server install was ..Linux.. Often ill-maintained, and as such a nice target for those with ill intentions. People soon learned, and given that web servers are generally maintained by people who have a clue about security, collateral damage could be mostly kept in check.

    Then came the Second Coming of Apple... No longer niche, and the preferred toy of mostly clueless idiots who were willing to buy into Bling, and the sense of false security cultivated by the Fanbois, and connected to the Internet...

    And the long-fanged black hats licked their chops, for the Flock was fattened, and ripe for Harvest.

    1. Fitz_

      Re: been saying it for decades...

      Oh fuck off.

      1. Grikath

        Re: been saying it for decades...

        Dear Fitz_.

        So lovely to see a Fanboi reduced to abusive adjectives. Truth hurt much?

        1. Matthew 17

          Re: been saying it for decades...

          decades?

          maybe a decade ;)

          1. Grikath

            Re: been saying it for decades... @Matthew 17

            Nope. There's always been a clear link between the popularity/size of population of an OS, and the amount of malware written for it, almost as soon as we could easily exchange data. So basically since the days of the Floppy Disc. There was stuff that could really mess up Amigas and C64's y'know..

            1. Anonymous Coward
              Anonymous Coward

              Re: been saying it for decades... @Matthew 17

              why do people assume your choice of computer defines your IQ ?

              Can we please get past "mac users are idiots", "Linux is cool", "I'm a sysadmin and therefore all-knowing"

              I have Solaris & Windows machines at work, I run Ubuntu,Windows and Mac at home. I happen to like Macs ....

              sorry, but it's a bit tedious

              1. Anonymous Coward
                Anonymous Coward

                Re: been saying it for decades... @Matthew 17

                why do people assume your choice of computer defines your IQ ?

                Because that is far as their feeble brains can process data. It's a miracle they can even operate a computer, that is after, wiping the drool from it. It's a bit unfair to engage these people in a battle of wits, though, as they are basically unarmed.

            2. Anonymous Coward
              Anonymous Coward

              Re: been saying it for decades... @Matthew 17

              Nope. There's always been a clear link between the popularity/size of population of an OS, and the amount of malware written for it, almost as soon as we could easily exchange data. So basically since the days of the Floppy Disc. There was stuff that could really mess up Amigas and C64's y'know..

              That doesn't seem to correlate with the number of Linux servers out there. Start with the basics: what OS do you still need to build a DMZ for so it doesn't get infected while you're still busy installing it? It's not OSX or Linux. What OS comes by default with the tools to protect yourself? Well, that's again practically any UNIX derived platform. What you're carefully avoiding to mention is which TYPE of malware is prevalent. OSX as well as Linux is (like almost any platform ) as defenceless as Windows against code that is installed via social engineering because that is, after all, what it is supposed to do: trust its user, and the only way that can be addressed is by educating users.

              However, OSX is not as exposed to drive-by infections as Windows where simply looking at a website or an email is enough to screw over the system.

              I would never claim an OS to be safer over another. Where I distinguish is how much effort and resources I have to put in to keep it clean. From that angle, I'm quite OK with OSX. Is it perfect? No, nothing is. But it's still far easier to keep it clean, and that is a fact no amount of astro turfing can get around.

              By the way: I have yet to see any attempt by Linux distros or Apple to ram an OS down my throat as Microsoft has. Or don't you consider it ridiculous that users now have to actively GUARD against an upgrade? Who needs a virus if the manufacturer itself becomes a risk?

              1. Anonymous Coward
                Anonymous Coward

                Re: been saying it for decades... @Matthew 17

                > I have yet to see any attempt by Linux distros or Apple to ram an OS down my throat as Microsoft has

                OSX (at least Yosemite and Mavericks) have now started to produce occasional but annoying app-store pop-ups asking you to upgrade to El Capitan.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: been saying it for decades... @Matthew 17

                  OSX (at least Yosemite and Mavericks) have now started to produce occasional but annoying app-store pop-ups asking you to upgrade to El Capitan.

                  Is that in general or because of some applications that have gone 10.11?

                  So, far the only thing that has failed me on OSX10.11 has been an nmap binary, and that was not El Capitan but two bugs in the binary distribution, one of which has already been fixed. I could have switched to the macports version but I've decided to hang on so I could help with debugging the problem.

                2. Wensleydale Cheese

                  Re: been saying it for decades... @Matthew 17

                  "OSX (at least Yosemite and Mavericks) have now started to produce occasional but annoying app-store pop-ups asking you to upgrade to El Capitan."

                  Mountain Lion too, though I'm seeing ads whenever I fire up App Store rather than pop-ups

              2. Anonymous Coward
                Anonymous Coward

                Re: been saying it for decades... @Matthew 17

                @anon "By the way: I have yet to see any attempt by Linux distros or Apple to ram an OS down my throat as Microsoft has."

                Linux I'll grant you but apple most certinally do push their OS on you... I'd be glad to be corrected and pointed in the direction of the Hardware only (without OS) section on apple.com so I can buy a nice laptop to put mint on....

                1. Anonymous Coward
                  Anonymous Coward

                  Re: been saying it for decades... @Matthew 17

                  Linux I'll grant you but apple most certinally do push their OS on you... I'd be glad to be corrected and pointed in the direction of the Hardware only (without OS) section on apple.com so I can buy a nice laptop to put mint on....

                  That is the normal laptop section. After all, you don't pay for the OS and default apps, and haven't since (I think) 10.9. However, Apple's support is naturally focused on their own OS so it would be silly for them to encourage you to install something else - that would be your problem, not theirs.

                  It runs Mint quite well, BTW, I have it in a VirtualBox :)

              3. Anonymous Coward
                Anonymous Coward

                Re: been saying it for decades... @Matthew 17

                "However, OSX is not as exposed to drive-by infections as Windows where simply looking at a website or an email is enough to screw over the system."

                There have been numerous holes in OS-X that allowed exactly that type of attack. OS-X has actually had more of them than any Windows version...

            3. goldcd

              Yep

              Never got the pox on my PCW

        2. Dave 126 Silver badge

          Re: been saying it for decades...

          @Grikath

          1. You started it. We don't know why.

          2. Fitz used the word 'Fuck' as a verb, specifically in the imperative mood, and not as an adjective. It seems you didn't grasp that.

          - Dave 126 ( not an OSX user myself)

        3. danny_0x98

          Re: been saying it for decades...

          No, but the pointless self-congratulations might.

          As for me, this Mac user was appreciative of the decades old messages being used in service of reducing Mac users. I mean if being a niche was a benefit, then by all means counter my positive messages to friends and family recommending OS X. Thank you for looking out for us in the day.

          As to flocks being fattened, I thought the first assumption among those who had to change the discussion of Windows 2000/XP non-security into grading on a hypothetical curve was that a Mac owner was an idiot with money. Wouldn't that mean the sheep were already fat?

          And all those years of comparing the security gains of Windows in the versions that were never used by 50-75% of the user base as compared with the versions used by 50-60% of the OS X user base that did migrate within a year.

          Any way, everything is better than it used to be, most people are compromised or inconvenienced by their governments or uninspiring security at retail and web sites, and the weakest component in the struggle with on-line threats is the user.

    2. Anonymous Coward
      Anonymous Coward

      Re: been saying it for decades...

      As far as I can tell, the only person less safe than a user of a default Windows installation is a young choir boy in the vicinity of a Catholic priest.

      You don't even need malware for it, Microsoft itself is now trying to install spyware.

    3. Quortney Fortensplibe

      Re: been saying it for decades...

      "...Apple... No longer niche, and the preferred toy of mostly clueless idiots..."

      Fascinating. I love good, solid fact-based research like this. Is your work available in any of the online scientific journals?

    4. simon gardener

      Re: been saying it for decades...

      oh look - a troll - isn't it cute

  4. Mondo the Magnificent
    Go

    It was just a question of time...

    I've been a Mac user for over a decade and most traditional "malware" attacks were self inflicted crap like "Mac Defender" which fooled the naive, non-technical and uninformed into installing this crap onto their systems, but times are a changing....

    More people I know are switching to Macs because they own iPhones and/or iPads. All of a sudden, having a shiny Mac to compliment their IOS devices has become a trend, as have my after hours calls from our friends who often ask me questions like "how do I do..."

    Sadly most newer OS X 'converts' are under the false belief that they are "safer" using a Mac than they are using a Windows system.

    As the Mac Pack grows, those who author malware will adapt and try and find ways to exploit OS X systems. Malware has always been a cat and mouse game between OS security and exploitable areas that are unpatched.

    The golden rules of common sense apply, never install a .DMG file from an untrusted source and do your security updates...

    Hold on a minute, I have reboot, my Mac has just installed Apple's EFI security update...... fuck!

  5. Anonymous Coward
    Anonymous Coward

    Warning : Sample NOT representative

    I've just checked with 2 (yes, TWO) macbook wielding neighbours, and they both claim adamantly their apparatus is invulnerable to outside attack and does not require any user intervention to keep it safe. This is all done automatically by the iCloud (sic)

    YMMV. But first results show reality has not yet pervaded the Walled Garden.

    1. Anonymous Coward
      Anonymous Coward

      Re: Warning : Sample NOT representative

      Hmm. Let me see.

      Firewall: check (built in functionality, default setting)

      uBlock, Ghostery and Incognito: check

      Patched: check (although I feel left out - Windows people get a lot more of that)

      Filevault enabled: check (built in functionality)

      Backup encrypted: check (built in functionality)

      USB sticks encrypted: check (built in functionality)

      Bootup password to stop booting from other media: check.

      Prevent loading of plugged in bootroms: patched, check

      Media soldered in so impossible to reformat after theft: check

      Not permitting unsigned code: check (default setting)

      Display showing owner details & reward offer on bootup: check

      The only thing that is slightly outside standard is that I use Viscosity VPN, VeraCrypt for portable archives and Vivaldi to confuse the crap out of websites I don't trust, and I use macports to pull in stuff such as nmap. Still, a basic macbook comes with all the tools to bolt the doors firmly shut. There is a way to secure Windows machines as well, but that is both more involved and more costly, so if security is your thing I think Windows is not exactly the best starting point.

      As for "not needing any user intervention": if you set upgrades to auto it is indeed pretty OK, also because it defaults to blocking unsigned code.

      1. Anonymous Coward
        Anonymous Coward

        Re: Warning : Sample NOT representative

        "Patched: check (although I feel left out - Windows people get a lot more of that)"

        Windows people tend to have far fewer of those than OS-X or Linux users these days....

        1. David Walker

          Re: Warning : Sample NOT representative

          "Windows people tend to have far fewer of those than OS-X or Linux users these days...."

          Really? FYI Microsoft XP is no longer supported perhaps you should upgrade. Might explain why you aren't getting those patches anymore. I operate Win7-10 and not only is patch Tuesday still patch Tuesday but I reboot fairly frequently for incremental updates to various parts of the OS. Not to mention that after-patch Wednesday is the day new exploits go wild and usually thrive until the next patch Tuesday. There is a good argument from non-system don't-make-us work-hard-more-than-once-a-month" admins that security may benefit from a compressed cycle of updates now and again....

          1. Anonymous Coward
            Anonymous Coward

            Re: Warning : Sample NOT representative

            "Really?"

            Yes really - OS-X is on well over 2,000 known vulnerabilities now. Even XP which is Microsoft's worst to date only has about 700. You need a commercial Linux distribution to beat that (e.g. SUSE 10 > 4,000)

            "you SEE fewer of them."

            Because there are fewer of them.

        2. Anonymous Coward
          Anonymous Coward

          Re: Warning : Sample NOT representative

          Windows people tend to have far fewer of those than OS-X or Linux users these days

          Correction: you SEE fewer of them. Usually because they are packed together (to massage the statistics many people are so fond of quoting) or to stop you from realising just how many GB you download on a monthly basis just to keep up.

          For OSX and Linux users a patch is still a noteworthy event instead of the routine it has become for Windows users, and few of these updates are for the actual OS itself.

          1. d3vy

            Re: Warning : Sample NOT representative

            @anon..."For OSX and Linux users a patch is still a noteworthy event instead of the routine it has become for Windows users."

            That just means MS are fixing bugs, apple might be sweeping them under the carpet.

        3. Paul Crawford Silver badge

          Re: Warning : Sample NOT representative

          Windows people tend to have far fewer of those than OS-X or Linux users these days

          Really? Any figures/citations to back that up?

          Even if they are getting more patches, they seem to spend a hell of a lot less time applying them and having to reboot.

          1. Anonymous Coward
            Anonymous Coward

            Re: Warning : Sample NOT representative

            > Really? Any figures/citations to back that up?

            Maybe I can help:

            Mac OS X: http://www.cvedetails.com/product/156/Apple-Mac-Os-X.html?vendor_id=49

            Windows 7: http://www.cvedetails.com/product/17153/Microsoft-Windows-7.html?vendor_id=26

            Yes, has fewer vulns discovered than OS X:

            In 2015: Windows:125 vs OS X:335

            In 2014: Windows:35 vs OS X:114

            1. Anonymous Coward
              Anonymous Coward

              Re: Warning : WINDOWS sample NOT representative

              OK, I can't let that stand unchallenged because this is the kind selective quoting of statistics Microsoft tends to pull when they are selling to governments and military (which is why you can never quite get a copy of the exact same presentation from them later).

              TL:DR version: using your statistics (minus the creative bit) it appears that OSX has LESS THAN A THIRD of the exposures of Windows since 1999.

              Well, Mr Microsoft marketing, here is a lesson for you: NEVER try to use statistics if someone can actually check on what you're doing. If you get found out (like in this case) it doesn't just destroy your argument, it takes down your entire credibility.

              Let's have a look at what you were trying to do. The very fact that you even tried is an illustration that you knew damn well you had to fudge the facts, so let's get some reality in there.

              You were not trying to compare like for like, but one SINGLE version of Windows against the whole lifespan of OSX. So, let's leave out the version numbers for Windows as well then, shall we? That way, you end with 1304 vulnerabilities for ALL versions of OSX versus 4135 for ALL versions of Windows. In non-creative maths, that means that OSX has LESS THAN A THIRD of the exposures of Windows since 1999, even when Prince had not been singing about that year.

              But hey, let's be a bit more precise and compare them year by year using the full facts, just to see what remains standing of your "facts" when reality hits them. Ooooh, look, on those same pages: shockingly, OSX has consistently fewer issues, year after year after year. Oops.

              Let me translate that for you: fewer problems, fewer risks, fewer resources spent keeping it safe, fewer interruptions from getting work done - etcetera etcetera, you know, the arguments we provided earlier which you have kindly validated for us. It's a shame the site doesn't show any Linux stats because I reckon they'll be similar, but let's stick to the facts we have at hand - facts you yourself suggested we should use for this comparison.

              For further entertainment, let's not stop there but look at what exactly those bugs represent. As you can see from the raw, unmassaged, clean yet somehow painful facts, Windows fairs EXCEPTIONALLY bad on privilege escalation: you know, the very thing that will install malware and steal your data even if the vendor itself doesn't help it along (as planned in Windows 10, which gave it the name "Slurp").

              Now crawl back to Redmond and tell them you failed: you need something that isn't actually based on facts. I'd use the phone if I were you - your Windows machine is probably hacked already.

              1. Naselus

                Re: Warning : WINDOWS sample NOT representative

                "TL:DR version: using your statistics (minus the creative bit) it appears that OSX has LESS THAN A THIRD of the exposures of Windows since 1999."

                And that from nearly 1/10th of the user base. I'm afraid that your stats basically prove Grikath right; 1/4 of the Mac OS exposures are from the last year alone. OSX has actually improved in security in that time period, and yet is under far, far, far more attacks than previously. So either Mac OS has been getting exponentially more insecure since 1999, or using absolute exposure numbers is a preposterous exercise (for both you and the commentard you're disputing).

                Mac security is a myth. If it's not a myth, then the stats show Apple are rapidly making it one.

      2. d3vy

        Re: Warning : Sample NOT representative

        "Media soldered in so impossible to reformat after theft: check"

        Ahh they're selling that as a security feature now are they?

        Coat? Mines the one with the 5 year old laptop with the new ridiculously large hard drive, additional memory and new battery hanging next to it.

        1. Anonymous Coward
          Anonymous Coward

          Re: Warning : Sample NOT representative

          "Media soldered in so impossible to reformat after theft: check"

          Ahh they're selling that as a security feature now are they?

          No, they don't. But that doesn't make it less true. To be honest, I have not upgraded laptop hardware since somewhere before the year 2000. First of all, I buy higher specs so not "just enough to work", secondly I don't have the time to mess around, thirdly I do not keep a laptop for more than 3 years (which in Apple's case means I get a decent return value).

          I would agree with you that if your aim is to upgrade a machine later having it all soldered in is not helpful, but for my use which involves carrying fairly confidential data around it is pretty much perfect. I wish you luck trying to get to VeraCrypt encrypted data stored on a Filevault encrypted partition on a machine you cannot even reboot on another OS. It's also a big "oh f*ck" if the machine fails, but that's what encrypted backups are for. Added bonus is that it is thus more likely someone will try to claim the reward it advertises than to resell it to someone who cannot use for anything but a doorstop..

  6. ntevanza
    Joke

    Impeccably dishevelled

    With the time they have to spend in the bathroom, on Instagram, or both, it's surprising OSX ne'er-do-wells have the time to hack anything but their own hair.

    1. Dave 126 Silver badge

      Re: Impeccably dishevelled

      You spend time looking at the Instagram accounts of OSX malware authors? Oh well.

      Also: How considerate of them to identify themselves publicly!

  7. Hans 1 Silver badge
    Childcatcher

    So, I remember a few years back, there were less than 10 known threats to OS X, now 1400 or 2000, depending on how you count .... still not in the same league as hundreds of thousands if you go look at MS. So safer, mathematically, of course, however, you are only as safe as your skill allows for.

    I find the malware on Windows to get always harder to remove ... mainly due to brain-dead Windows file locking, mostly.... none of that BS on our UnixyWare© stuff (That is my brand, with the y).

    Now, I have a few macs at home, spend most of my time on Linux though, macs are for the kids ... I am currently using Windows 8.1 (LOL, the more I know you, the more I hate you) ....

  8. chivo243 Silver badge
    Holmes

    Just an observation

    I don't remember "malware" being so widespread on OS X until Chrome came along... Maybe this is coincidental? I know there are many dodgy extensions for Chrome, I assist users with browser problems daily on OS X, and more often than not it's Chrome causing issues. There is one EBay extension in particular that really changes the UI of Chrome... buttons hidden, homepage hijacked, search engine can't be changed etc.

    As far as I know, the <user> has to install malware on OS X. If this is not true, do let me know, I have some fanboi's that need some schooling...

    1. Mondo the Magnificent

      Re: Just an observation

      I don't remember "malware" being so widespread on OS X until Chrome came along...

      And strangely enough, many OS X users flock to Chrome and Firefox as 'alternatives' to Safari..

      I am no Safari fan, but it's the Apple bundled browser that does do the job... just saying...

  9. ecarlseen

    Starting with a UNIX foundation helped

    I don't think it was just being a niche machine that helped Apple stay ahead - the well-tested UNIX heritage certainly was a plus. The changes added in El Capitan (OSX 10.11) should help keep them ahead. Now there are plenty of things that not even "root" can do without booting into a recovery session (similar to runlevel 1 on UNIX / Linux). As mentioned, though, there is still major work to be done.

  10. chivo243 Silver badge

    @Mondo

    Reading between the lines I see... Nicely done, but it is only an observation. I know from experience that I need all of those browsers on OS X. Not every site works in Safari, or Chrome nor Fireferet on OS X, we especially like the sites that say please use Internet Destroyer... Then Safari's delevop menu is great for impersonating IE as other browsers. It doesn't always work, but always worth a try.

    Disclaimer: On this often shared home computer, I use Chrome, only installed extensions are adblock and two googly docs for work. The missus uses Safari. No issues here so far.

  11. kryptylomese

    "Malware" or "New exciting free programs" as I like to call them. Unfortunately, I have to boot into Windows or OSX to obtain these goodies :(

    1. Paul Crawford Silver badge
      Joke

      Didn't you read the instructions?

      tar -xf shaftmybackside.tgz

      cd shaftmybackside

      ./configure

      make

      sudo make install

      1. kryptylomese

        Hmmm, something told me to examine the file before installing it and that spoiled the surprise (like you can do with open source software) you know like you Windows and Mac OSX people can do if you want to with your closed source software right?

  12. Howard Hanek Bronze badge
    Unhappy

    Pervasive Computing

    Take heart. I believe that the simplest devices such as two tin cans connected by a string would be hacked by our culprits despite being labeled a niche system. Good security requires good practices to minimize the vulnerabilites.

  13. Anonymous Coward
    Anonymous Coward

    Easy pckings..........

    Obviously, they are all mainly are using it wrong !

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019