Linked by Thom Holwerda on Tue 26th Jun 2012 09:34 UTC, submitted by tomcat
Mac OS X "In the wake of the Flashback botnet which targeted Mac computers, Apple has removed a statement from its messages on its website that Mac operating system X (OS X) isn't susceptible to viruses." It was an untenable statement anyway. Security is an illusion.
Order by: Score:
How to Get My Money Back/
by JeeperMate on Tue 26th Jun 2012 09:58 UTC
JeeperMate
Member since:
2010-06-12

I bought a Mac because Apple claimed it's insusceptible to viruses. Does anyone know how to get my money back?

I already have two computers running two different operating systems that have security built-in. I don't need another one.

Reply Score: 7

v RE: How to Get My Money Back/
by MOS6510 on Tue 26th Jun 2012 10:28 UTC in reply to "How to Get My Money Back/"
RE[2]: How to Get My Money Back/
by Laurence on Tue 26th Jun 2012 15:35 UTC in reply to "RE: How to Get My Money Back/"
Laurence Member since:
2007-03-26

I think he was joking ;)

Reply Score: 2

RE[3]: How to Get My Money Back/
by MOS6510 on Tue 26th Jun 2012 15:58 UTC in reply to "RE[2]: How to Get My Money Back/"
MOS6510 Member since:
2011-05-12

They thought Hannibal was joking when he went to the local circus to borrow some elephants. We all know what happened!

Reply Score: 3

RE: How to Get My Money Back/
by areks on Tue 26th Jun 2012 10:41 UTC in reply to "How to Get My Money Back/"
areks Member since:
2008-11-10
RE: How to Get My Money Back/
by moondevil on Tue 26th Jun 2012 11:38 UTC in reply to "How to Get My Money Back/"
moondevil Member since:
2005-07-08

Since any user from OSNews should know that there are no 100% secure OS, you are to blame yourself for believing in such hype.

Security is hard, and most normal users don't bother with it.

Even if they get a proper configured OS, there are many stupid users that will just "Press this to..." when asked, regardless how good the OS is in regards to security.

Reply Score: 3

RE[2]: How to Get My Money Back/
by CapEnt on Tue 26th Jun 2012 11:52 UTC in reply to "RE: How to Get My Money Back/"
CapEnt Member since:
2005-12-18

I think that he is being sarcastic. ;)

Reply Score: 7

RE[2]: How to Get My Money Back/
by reez on Tue 26th Jun 2012 11:59 UTC in reply to "RE: How to Get My Money Back/"
reez Member since:
2006-06-28

Even if they get a proper configured OS, there are many stupid users that will just "Press this to..." when asked, regardless how good the OS is in regards to security.

Fun fact: This isn't true for Windows and other updates. ;)

Edited 2012-06-26 11:59 UTC

Reply Score: 2

RE[3]: How to Get My Money Back/
by moondevil on Tue 26th Jun 2012 12:25 UTC in reply to "RE[2]: How to Get My Money Back/"
moondevil Member since:
2005-07-08

"Even if they get a proper configured OS, there are many stupid users that will just "Press this to..." when asked, regardless how good the OS is in regards to security.

Fun fact: This isn't true for Windows and other updates. ;)
"

In what sense?

Since the NT early days, if you have a proper configured Windows NT system, it is as secure as UNIX (discounting possible not patched exploits).

If the user is running as administrator, or knows the administrator password, then it is as secure as his/her can make use of the respective brain.

Edited 2012-06-26 12:26 UTC

Reply Score: 3

Bill Shooter of Bul Member since:
2006-07-14

It depends on your definition of "properly configured" and disregards the frequency of zero day exploits for the system. Prior to Vista, many programs required the user to be an admin and did not prompt for serious modifications to the system configuration. All of the above, contributed terrible security for the end user until Vista.

Reply Score: 3

UltraZelda64 Member since:
2006-12-05

It depends on your definition of "properly configured" and disregards the frequency of zero day exploits for the system. Prior to Vista, many programs required the user to be an admin and did not prompt for serious modifications to the system configuration. All of the above, contributed terrible security for the end user until Vista.

After which, UAC contributed terribly by making Vista a massive pain in the ass. And to this day, I still see "modern" Windows systems (Vista, 7) infested out the ass with malware. Despite UAC. In other words, Vista didn't fix shit.

As badly as it'll make Windows blow, Microsoft forcing Windows on ARM to break 100% compatibility with x86 programs will at least "protect" the OS from malware, in the sense that there won't be much (if any) written for it in a while. It'll be relatively safe just long enough for the OS to get a foothold on the ARM market, which is currently dominated by Linux/Android and iOS. But it'll still be just another version of the same Windows; give the dumbass masses time to switch to it and the software writers to follow, and malware will be as plentiful as traditional x86 Windows versions.

Edited 2012-06-28 06:38 UTC

Reply Score: 1

RE[6]: How to Get My Money Back/
by moondevil on Thu 28th Jun 2012 09:19 UTC in reply to "RE[5]: How to Get My Money Back/"
moondevil Member since:
2005-07-08

Despite UAC. In other words, Vista didn't fix shit.


No operating system can fix the lack of brain of most computer users that install every crap they land their hands on.

Reply Score: 2

UltraZelda64 Member since:
2006-12-05

Yes, and as I said, I expect it to be only a matter of time after release that Windows 8 virtual dominates the ARM architecture. And it will bring all the traditional dumb Windows users with it.

Reply Score: 1

RE[4]: How to Get My Money Back/
by REM2000 on Tue 26th Jun 2012 14:31 UTC in reply to "RE[3]: How to Get My Money Back/"
REM2000 Member since:
2006-07-25

I totally agree, Windows NT was really well designed, i agree that if it's used correctly however i would also say the problem with NT Security can also be blamed on application creators and i put Microsoft at the top of the list.

I say this as it was quite evident that the OS team didn't work at all with the applications team, that Office and pretty much all Microsoft software requires administrator rights to install and in some cases run, the escalation part of windows administration was completely forgotten about until it became standard practice to setup standard user accounts with administrative privileges, something we are paying for and trying to unwork in the present.

No man made device is flawless, especially something as complex as an Operating System.

Reply Score: 5

umccullough Member since:
2006-01-26

"Even if they get a proper configured OS, there are many stupid users that will just "Press this to..." when asked, regardless how good the OS is in regards to security.

Fun fact: This isn't true for Windows and other updates. ;)
"

If you mean, they refuse to "click here to install updates", then you're probably correct. The worst part about windows updates is that they often require a reboot (even under windows 7!).

How is it that malware writers are able to build malware that can dig into the deepest parts of the OS immediately after a user clicks a button (or even without that), while Microsoft can't even live-update their own OS properly and requires a full reboot?

Reply Score: 3

RE[4]: How to Get My Money Back/
by tanzam75 on Wed 27th Jun 2012 04:46 UTC in reply to "RE[3]: How to Get My Money Back/"
tanzam75 Member since:
2011-05-19

How is it that malware writers are able to build malware that can dig into the deepest parts of the OS immediately after a user clicks a button (or even without that), while Microsoft can't even live-update their own OS properly and requires a full reboot?


A live update that succeeds on 99% of systems is an enormous success for a malware author.

In contrast, a live update that hoses 1% of systems unbootable is a disaster for Microsoft.

Reply Score: 3

RE[5]: How to Get My Money Back/
by darknexus on Wed 27th Jun 2012 16:55 UTC in reply to "RE[4]: How to Get My Money Back/"
darknexus Member since:
2008-07-15

In contrast, a live update that hoses 1% of systems unbootable is a disaster for Microsoft.


This isn't strictly limited to live updates. Ever tried to troubleshoot a failed update in Windows 7 that installs, reboots, starts configuring, then locks? Not fun. Live update or no live update, it still rendered the install unbootable until it could be fixed.
However, as a Mac user myself, I feel obligated to point out that Apple isn't all that great at live updating either. There are some updates, sometimes for OS X-provided applications, that still require a restart when they really shouldn't need one. I will say that Apple at least packages updates more cleanly. Ever done a Windows update that installed some security patches and then, on the next reboot, you need to run windows update again to get yet more security patches to fix problems in the security patches you've just applied? One would think that Microsoft would at least packages these in a more coherent fashion. Granted, they do occasionally have "cumulative security updates" but even those often don't have the latest patches and require a few rounds of updates to get them all. Aside from being a general pain to those of us who have to maintain them and resulting in a machine having more down time than it really needs, this does eventually leave a lot of files lying around the system. They have gotten a bit better with this since the days of XP sp3 but still nowhere near Apple or the various Linux distributions. I can only hope this will be one area addressed in Windows 8.

Reply Score: 2

RE[6]: How to Get My Money Back/
by zima on Sun 1st Jul 2012 13:00 UTC in reply to "RE[5]: How to Get My Money Back/"
zima Member since:
2005-07-06

Yet OTOH, OSX updates tend to have silly size (even stranger, some of Apple fans seem to boast about any supposed network problems this brings); while, on the plus side, MS patches tend to be smaller, more manageable.

And still, those "staged" updates also most likely stem from possible implications of a failed update (even if very rarely, that would still end up in a massive number of end-user machines with Windows) - less testing when the process is more strictly specified like that, I imagine.

Reply Score: 2

RE: How to Get My Money Back/
by laffer1 on Tue 26th Jun 2012 12:28 UTC in reply to "How to Get My Money Back/"
laffer1 Member since:
2007-11-09

Apple was selling security through obscurity. Security experts will tell you this never works. In reality, it may stop some script kiddies, but never anyone who wants to do real harm to you.

Any OS can get a virus. It's simple to write one in whatever language is commonly used by that OS. With OS X, I could write one as a bash script even. It is fairly hard to gain root on an OS X box without user approval, but one doesn't need root necessarily. Some of the best viruses on Windows infect the user profile and spread through infected documents on the network or get injected into the browser as a plugin, etc.

I'm typing this on a Mac. i do like them, but frankly I never felt invincible. if anything, my laptop is more secure because it dual boots Linux and MidnightBSD and both of those have much less marketshare for desktop use. It's only more secure because no one cares enough to write a virus for it. Mac OS X is now very popular if you count iOS variants. There are a lot of people trained to write Cocoa apps and can now write malware too. On the bright side, there are few viruses so far for OS X compared to Windows.

There are several free antivirus solutions for OS X including Avast, Sophos, etc.

Reply Score: 4

lol
by Risthel on Tue 26th Jun 2012 12:08 UTC
Risthel
Member since:
2010-12-22

And now they will replace the statement with an AD, to <insert_famous_anymalware_here> that will be installed by default on your MacOS with a 30 day demo license.

¬¬

Reply Score: 1

Comment by lucas_maximus
by lucas_maximus on Tue 26th Jun 2012 12:14 UTC
lucas_maximus
Member since:
2009-08-18

Finally

Reply Score: 4

RE: Comment by lucas_maximus
by Bill Shooter of Bul on Tue 26th Jun 2012 13:51 UTC in reply to "Comment by lucas_maximus"
Bill Shooter of Bul Member since:
2006-07-14

Yes, but you know they're going to eventually release a version of OSX that only allows applications from the app store, at which point they'll declare it virus free again.

Reply Score: 6

Good news
by fretinator on Tue 26th Jun 2012 16:43 UTC
fretinator
Member since:
2005-07-06

Obi-Wan: "I semse a great disturbance in the Force."

Luke: "Millions of voices suddenly crying out in terror, and then suddenly silenced?"

Obi-Wan: "No, a disruption in the Reality Distortion Field."

Edited 2012-06-26 16:49 UTC

Reply Score: 8

Comment by marcp
by marcp on Tue 26th Jun 2012 18:25 UTC
marcp
Member since:
2007-11-23

Well, no wonder they pulled out this statement. It's a false statement now. I actually think it is quite honest move and I don't consider it to be bad. They acknowledged a problem [for once].

"Security is an illusion."

Now, I can't agree with you, Thom. At least not entirely.
Security is definitely NOT a product [like MacOSX/Linux/Windows/whatever]. It is a PROCESS [quoted after Bruce Schneier]. Thus, as long as you have good platform [good implementations and good quality of code], good maintainance of the whole project and system processing you can basically avoid some serious problems, although they are not unavoidable. As we all know zero day vulnerabilities happen anyway.
The difference here would be that in Apple's case it was a VIRUS and it could had been prevented, while in zero day vulnerabilities it is basically unavoidable.

Reply Score: 2

About time
by darknexus on Wed 27th Jun 2012 16:59 UTC
darknexus
Member since:
2008-07-15

I'm a Mac user myself, but I'm not affected by the rdf. I'm glad Apple finally removed the spurious virus-free claim. I can't count the number of people who've seen me using my Mac and go "so you can't get viruses on that thing?" Any os can get a virus or other malware, no matter how secure and OS X isnot secure by default. As long as there are enough users to make your platform of choice a target, there will be malware for it. Even *NIX has had a few malware attacks, anyone remember Code Red? You are not secure by default, no matter what you use. There's only one real defense against these types of things, and that is good, old-fashioned and yet scarce, common sense.

Reply Score: 2