Linked by David Adams on Tue 29th Jun 2010 17:18 UTC, submitted by fran
Bugs & Viruses AVG has launched free security software for Mac OS X, which includes tools for Safari and Firefox. AVG's CEO JR Smith, says, "Mac users have traditionally been less vulnerable to attacks because of their lower market share, but that is quickly changing." That's the age-old question of to what extent the scourge of malware on Windows is a symptom of Microsoft's sloppy security decisions vs. due to Windows' popularity and the fact that malware authors can get "more bang for their buck" targeting the most popular platform.
Order by: Score:
jabbotts
Member since:
2007-09-06

Less market share may mean less effective blanket attacks but a targeted attack will always be tailored to the user and/or OS. I personally think antivirus and antimalware for osX can't come fast enough. Get on top of what is already out there and enabled by Apple's questionable update policy. Even if it doesn't target one's osX machine, detect everything so as not to be an immune carrier passing on malware to systems that are affected by it.

If it's got a network connection, it's under attack, all day and every day. Be responsible and help filter out what you can.

For us *nix based system users; SSH bruteforce is on the rise again. Do you have your firewall in place and strong passwords if not certificate authentication only?

Reply Score: 2

Lennie Member since:
2007-09-22

It always is, but so is FTP and so on, use fail2ban or similair already and be done with it.

Reply Score: 2

jabbotts Member since:
2007-09-06

ftp? F no.. anything I can do to purge cleartext protocols from my systems. Doesn't stop other's from using them though or leaving themselves open to SSH exploitation because of the mis-perception of "I'm invulnerable"

Reply Score: 2

leech Member since:
2006-01-10

I only allow internal network connections to SSH and one IP address from outside (my work place).

Of course you can always put ssh on a different port, only allow certain users, certain hosts, etc.

SSH is rather secure by itself, but yes, some people figure they throw it up, stick it on the net and they should be fine.

Fail2ban rules though, psad is another one that is great.

Reply Score: 2

jabbotts Member since:
2007-09-06

These days any manual attack is going to scan ports and find your SSH off port 22. Automated malware will also be smart enough to discover services away from standard ports. I can't personally put any value in this kind of obscurity.

Now, the firewall rules, allow specific users and such I'm all about as real security mechanisms. Unless your one of the few accepted IP, port 22 does not exist. And certificate login; disable the password after ssh-copy-id or move the certificate manually. I can't build a *nix system without SSH and still wish Microsoft would provide a native daemon rather than the third party stuff. I'd love to just ssh in behind a user and do my work without having them interupted.

Bastille and PSAD are a must also. I'd like to see the Bastille package for Debian Squeeze tuned up for use. It may actually be working now as the last time I tried it was over a year ago. At the time, it chewed the system and sent me back to my clean install and build script.

Actually if it's Debian specificly; harden harden-client harden-server harden-nids harden-environment psad bastille chkrootkit rkhunter openssh-client openssh-server openssh-blacklist openssh-blacklist-extra keychain (for starters).

Reply Score: 2

ichi Member since:
2007-03-06

Fail2ban rules though, psad is another one that is great.


I haven't used it myself, but I've always found port knocking to be a funny idea.

Reply Score: 2

Comment by Kroc
by Kroc on Tue 29th Jun 2010 18:59 UTC
Kroc
Member since:
2005-11-10

Company that sells AV products implies that an untapped market requires its products. News at 10.

The _last_ thing we need is their crapware on our platforms. Toolbars? Shoot me now.

Reply Score: 2

RE: Comment by Kroc
by WorknMan on Tue 29th Jun 2010 19:43 UTC in reply to "Comment by Kroc"
WorknMan Member since:
2005-11-13

Company that sells AV products implies that an untapped market requires its products. News at 10.

The _last_ thing we need is their crapware on our platforms. Toolbars? Shoot me now.


Welcome to the real world, Mac users. You wanted a bigger slice of the pie? You get all the baggage that comes with it. And you thought it was going to be all rosey ;)

Reply Score: 4

RE: Comment by Kroc
by Soulbender on Tue 29th Jun 2010 20:50 UTC in reply to "Comment by Kroc"
Soulbender Member since:
2005-08-18

Increased market share = Increased exposure = more malware. News at 11.

Reply Score: 3

RE[2]: Comment by Kroc
by Kroc on Tue 29th Jun 2010 21:48 UTC in reply to "RE: Comment by Kroc"
Kroc Member since:
2005-11-10

What malware? AVG are scaremongering here, nothing more.

Reply Score: 3

RE[2]: Comment by Kroc
by Bill Shooter of Bul on Wed 30th Jun 2010 19:53 UTC in reply to "RE: Comment by Kroc"
Bill Shooter of Bul Member since:
2006-07-14

I think the link scanning's best use, has nothing to do with platform native malware. Cross site scripting and/or cross site request forgery is by far the easier and more lucrative exploit channel these days. I'm guessing many of the sites that are banned are just known sites with dangerous javascript.

Reply Score: 2

New Headlines Needed
by gorgar on Tue 29th Jun 2010 21:22 UTC
gorgar
Member since:
2006-04-03

I am SOOOO tired of the worn out excuse about market share meaning lower targets. Let's try ... a lesser target because of difficulty in writing and infecting a specific platform. If Mac users are diligent in checking their firewalls, passwords etc. and learning how to keep their system locked down, then viruses are less likely to penetrate the mac WITHOUT user interaction... give the program your admin password, not likely. They didn't mention the only known viruses in the wild were socially engineered and didn't infect the mac without that interaction. ALL computer systems are vulnerable and not all Mac users are totally stupid. Most of us to keep tabs on this stuff but so far the sky hasn't fallen. Until it does I'll just keep being careful and NOT give all my money to anti virus companies. ALL of the PCs I "disinfect" were infected without ANY idea of the user and thru, McAfee, Nortons and AVG. Lots of money was spent on these programs and they DIDN'T help. Now lets say, welcome to the real world!

Reply Score: 1

RE: New Headlines Needed
by Lennie on Tue 29th Jun 2010 22:22 UTC in reply to "New Headlines Needed"
Lennie Member since:
2007-09-22

However you slice or dice it, it's always good to have a good (security) architecture, hopefully before the OS get's big. :-)

Reply Score: 4

RE: New Headlines Needed
by fanboi_fanboi on Wed 30th Jun 2010 14:05 UTC in reply to "New Headlines Needed"
fanboi_fanboi Member since:
2010-04-21

"If Mac users are diligent in checking their firewalls, passwords etc. and learning how to keep their system locked down, then viruses are less likely to penetrate the mac WITHOUT user interaction"

Methinks you don't know Mac users very well. I've never met one that even knew what a firewall was.

Reply Score: 1

Prevent the pwn2own attack?
by bousozoku on Wed 30th Jun 2010 01:59 UTC
bousozoku
Member since:
2006-01-23

Would this have prevented the pwn2own winning attack? I don't think so, so what good is it? Even Safari 4.x has anti-phishing support for known problem sites.

Mac users should be aware and awake and using a browser that already incorporates what the AVG link scanner does. Apple is already hiding some other sort of malware protection in the operating system.

The only exploits I've seen are those people were fully willing to authorise and in those cases, they deserved it.

I really can't feel too sorry for someone wanting to pirate software when they know better and the pirated version (whether it really was what they wanted) had a trojan exploit.

Reply Score: 3

What do you think?
by shashank_hi on Wed 30th Jun 2010 02:07 UTC
shashank_hi
Member since:
2009-08-27

This is more of a question than a comment for this site's audience.

I agree that there is the bang of buck concept with Windows, but Mac users in general have been more affluent. You'd think that since one in 20 users (or 10) buy a mac, one in 20 malwares should be written for OS X. It's quite an unspoiled market after all. But this isn't the case. In fact, Mac malwares are disproportionately few. Does this have something to do with OS X's underlying architecture that makes writing a malware more difficult (not impossible; although Pwn2Own contradicts this)? If malwares for OS X are imminent, would it be better for Apple to write an anti-malware application (similar to Microsoft Security Essentials for Windows)?

Reply Score: 1

RE: What do you think?
by nt_jerkface on Wed 30th Jun 2010 02:52 UTC in reply to "What do you think?"
nt_jerkface Member since:
2009-08-26

You'd think that since one in 20 users (or 10) buy a mac, one in 20 malwares should be written for OS X. It's quite an unspoiled market after all.


That's only for the US and some parts of Europe though.

Windows users are also more likely to have updates turned off which makes them a better target. A big part of this has to do with all the pirated installs.

Malware writers don't even have to look for new exploits in Windows when they can use existing ones. It's not just about market share, there is also the question of how much effort is required to leverage that market share. As I have pointed out before there are plug-n-play hack kits for Windows exploits.

Reply Score: 3

RE[2]: What do you think?
by lemur2 on Wed 30th Jun 2010 03:25 UTC in reply to "RE: What do you think?"
lemur2 Member since:
2007-02-17

Windows users are also more likely to have updates turned off which makes them a better target. A big part of this has to do with all the pirated installs.


I have also come across a few other attitudes amongst Windows users (other than pirated installs) that may contribute:

(1) Don't turn updates on and don't install WGA because if you do then Microsoft will stop your computer,

(2) Anti-virus is just companies asking you for money for updates over and over again, and anyway it just sits there and does nothing except slow your computer down,

(3) You won't get hit with a virus if you run Firefox, and

(4) Look, a free anti-virus scanner (or whatever) program, just download it from this new flashy website I just found!

Edited 2010-06-30 03:25 UTC

Reply Score: 1

RE[2]: What do you think?
by vodoomoth on Wed 30th Jun 2010 12:16 UTC in reply to "RE: What do you think?"
vodoomoth Member since:
2010-03-30

Windows users are also more likely to have updates turned off which makes them a better target. A big part of this has to do with all the pirated installs.

Another mention: I consciously disabled the updates for some time. Because I have a Parrot DS 3120 bluetooth audio system that, as I discovered, can act as a remote control using a certain bluetooth profile. One day in January, my Vista SP1 refused to start: BSOD, reboot, BSOD, etc.

The problem was caused by a driver for the bluetooth remote control profile installed by Windows Update in the automatic install mode. That driver was impossible to remove from the Windows driver cache to the point that I had to reformat the system disk since, as I discovered, some filesystem folders can't be modified even by an admin user. System restoration didn't help: Vista reinstalled the latest drivers from its cache. I recovered the system, turned the wifi connection off before disabling the updates for some time.

There's been at least two other instances in the past six months when Windows Update would have automatically installed driver updates (Realtek Ethernet Gigabit and NVidia card) which, after searching for the appropriate documentation on the web, were not suited to my specific system!

The worst in Windows Update is that such updates come without any documentation about what's new or fixed. Even the links provided in the sidebar lead to a "windows hardware qualification" (or similar, don't remember the exact wording) website which is, quite obviously for affiliated manufacturers or OEMs. Totally useless; that's something that should be copied from the Apple and Linux worlds.

Now, I manually choose all security updates and nothing more.

Reply Score: 1

RE: What do you think?
by darknexus on Wed 30th Jun 2010 11:32 UTC in reply to "What do you think?"
darknexus Member since:
2008-07-15

Let's answer a question with a question: What would be better, getting the information for 1/20 users or getting the information for the other 19? Put it another way: Which is more, five people with a thousand dollars or 200 people with 50 dollars?

Reply Score: 2

RE: What do you think?
by vodoomoth on Wed 30th Jun 2010 11:59 UTC in reply to "What do you think?"
vodoomoth Member since:
2010-03-30

Just want to mention that Microsoft Security Essentials is not the exemplary light-on-resources app I heard it was. It ate a good 200 MB on an XP SP3 laptop with 512 MB. I couldn't launch any browser with half a dozen tabs without swapping coming into play. I had to revert to Antivir.
The irony is that most of that memory was used by Windows Defender... which, when uninstalled, prevented MSSE from running.

If Apple come up with something, I hope it'll be better.

Reply Score: 1

Antiviruses are futile
by Neolander on Wed 30th Jun 2010 08:42 UTC
Neolander
Member since:
2010-03-08

Apple have to recognize that computer security *is* an issue and update their security model to the latest standards. No antivirus will do the job for them, they will just help worsen performance and battery life of the macs up to the point where they act like Windows PCs.

But since Apple benefit much more from iDevices, I bet that they won't be doing anything about the security issue. To the contrary, they'll help Mac security to sink even further, coding malware themselves if they need to. Then they'll use it as an argument to tell people that they should upgrade to the latest 15" iPad Sun, which runs iOS-optimized versions of all the Mac apps they're used to...

Reply Score: 2

RE: Antiviruses are futile
by vodoomoth on Wed 30th Jun 2010 11:53 UTC in reply to "Antiviruses are futile"
vodoomoth Member since:
2010-03-30

Apple have to recognize that computer security *is* an issue and update their security model to the latest standards.

What are these standards and how different is the Mac model from them?

No antivirus will do the job for them, they will just help worsen performance and battery life of the macs up to the point where they act like Windows PCs.

No need for that. Snow Leopard served that purpose very well: my MacBook Pro is so much slower that if I weren't leaving my job (and that professional laptop) in the coming days, I would go back to 10.5.8. The speed increase that had been advertised was... not present.

To the contrary, they'll help Mac security to sink even further, coding malware themselves if they need to.

Hilarious.

Reply Score: 1

RE[2]: Antiviruses are futile
by Neolander on Wed 30th Jun 2010 13:29 UTC in reply to "RE: Antiviruses are futile"
Neolander Member since:
2010-03-08

What are these standards and how different is the Mac model from them?

Sorry, I somehow forgot something when I typed this, probably because I was very tired this morning. It's not about written, ISO-like standards in security like the ones you see in the military world, but about quality standards. I forgot the quality world.

Today, a good OS must have automatic security updates (caution : only the security-oriented ones. No new features, they break things and make the user disable updates altogether.) and firewall on as a default setting. There must also be some kind of capability-based security (like on Android's Market or with AppArmor if I understand well how the former works) including minimal user data protection, phishing protection in Safari, and spoofing prevention in system windows like the Ctl+Alt+Del in login windows of Windows since 2K...

"No antivirus will do the job for them, they will just help worsen performance and battery life of the macs up to the point where they act like Windows PCs.

No need for that. Snow Leopard served that purpose very well: my MacBook Pro is so much slower that if I weren't leaving my job (and that professional laptop) in the coming days, I would go back to 10.5.8. The speed increase that had been advertised was... not present.
"
Really ? I thought that at least the speed improvement worked as advertised according to some reviews... Looks like I should read more mac-oriented news, even though I feel that there's already more than enough macs in my house and around.
Well, then the "help" word in my original post takes an interesting new sense ^^

"To the contrary, they'll help Mac security to sink even further, coding malware themselves if they need to.

Hilarious.
"
You know, I wrote thet as a joke, but it's one of the oldest form of conspiracy theory in the security world to suspect security professional of creating malware themselves to make themselves useful.

And as much as my scientific instinct tells me that unfalsifiable theories are bad, I can't help but think that it really could be true...

Edited 2010-06-30 13:30 UTC

Reply Score: 2

RE: Antiviruses are futile
by wirespot on Wed 30th Jun 2010 13:34 UTC in reply to "Antiviruses are futile"
wirespot Member since:
2006-06-21

But since Apple benefit much more from iDevices, I bet that they won't be doing anything about the security issue.


What security issue? ;) AVG is just spreading FUD and trying to sell something that nobody needs. Mac market share continues to grow and yet there's next to no malware for it in the wild.

On another note, antiviruses, as security measures go, are a completely stupid approach. Maintaining blacklists is a never-ending game of catch-up with the malware. And always losing. And becoming dependent on the antivirus vendor's updates. It was a good idea back 20 years when there were a couple hundred viruses around. Now that there are tens of millions and growing exponentially... not so much.

Thanks but no thanks. If Apple ever decides they need stronger security measures I hope they'll go with something like AppArmor from Linux rather than the braindead antivirus idea from Windows. (That is, if they don't already have something like that in place.)

Reply Score: 2

AVG doesn't work
by Barnabyh on Wed 30th Jun 2010 15:25 UTC
Barnabyh
Member since:
2006-02-06

Even if you believe the hype do yourself a favour and do not get AVG but a real AV-scanner.
It's not bad, but in this business being average is not good enough. It only takes one shot to slip past the goalie, and that's it. When still on Windows all these years ago I was almost anal about updating the database, still got infected with no less than 3 different Trojans. Releasing updates just once or twice a week is not good enough. Not able to scan deep into compressed files is not good enough.
Do your research and get a good AV scanner that deserves your money. It's the one piece of software I have no problem paying for. And, as often in life, the best are not even the most expensive.

Reply Score: 2

f*ck that
by Bit_Rapist on Wed 30th Jun 2010 20:14 UTC
Bit_Rapist
Member since:
2005-11-13

The ONE thing I love most about my mac is that I don't have a bunch of security bullshit running in the background asking for DAT updates or making my system dog slow as a large folder is scanned.

Windows is nothing more than a never ending series of security warnings and anti-virus updates. Seriously I spend most of my time at work dealing with this crap. Its always in the way.

The day I have to run antivirus software on my mac is the day I'll start looking for another computing platform.

Reply Score: 1