Linked by Thom Holwerda on Tue 1st Mar 2011 00:28 UTC
Mac OS X It's sad to see that even after all these years, we still have to write articles like this one. It's all over the web right now: a new backdoor Mac OS X trojan discovered! Code execution! Indicative of rise in Mac malware! Until, of course, you actually take a look at what's going on, and see that not only is it not in the wild, it can't really do anything because it's a beta.
Permalink for comment 464838
To read all comments associated with this story, please click here.
RE[7]: Comment by larwilliams
by nej_simon on Sun 6th Mar 2011 01:29 UTC in reply to "RE[6]: Comment by larwilliams"
nej_simon
Member since:
2011-02-11

Woah, you should really do something about that temper. Getting angry at random people on the internet that you disagree with is pointless.

Thank you for showing the typical fanboy lack of mathematical prowess and reading comprehension.


Really, so what kind of fanboy am I? Apple fanboy? I don't own anything produced by apple.

You made a few comments about fanboys in your last post as well. I don't think categorizing people as fanboys when they disagree with you will help you prove your point.

Firstly you seem to have ignored the second part of my comment and I never said OSX was easy to exploit, just that it hasn't really been tested yet.


Why would I have commented on that part? It was something about whether mac owners are richer than PC owners, I don't know where you got that from.

And there are trojans and viruses for macs, nothing that widespread though. But the OP said that the only reason why there are “no Mac OSX malware” is due to the market share, and I think that's incorrect hance my comment on windows security.

Secondly, the flat numbers of computers don't really matter as we are discussing the fact that a malware writer can write one program and has a huge target, whereas if he aims at Macs he has a much smaller target. He has to learn a new set of programming skills and a new platform architecture for a much smaller chance of success and a much smaller payoff. Like aiming at an elephant instead of a bee. So which is he going to choose?


Sure, but that doesn't mean it wont happen. The reason why there are less malware for OSX is not only due to the market share.

XP hasn't autoexecuted CDs in years, it gives you a dialogue box asking what you want to do. Any antivirus worth its salt has blocked autoruns on USB too. I've seen this argument now several times because it pops up as one of the top search results for Windows security flaws. Pity that the article linked dates back to 2002.


Good thing they finally took care of that problem then.

Macs don't have ActiveX but they still have Java and Flash, which aren't exactly saintly. Apple used to maintain updates of these for the user, and weren't averse to installing their own version even if it was less up-to-date (and therefore less secure) than the user installed version. Any extension to a web browser is almost certain to have security flaws, there is always some tradeoff between ease of use or functionality for the user and security. Again it comes down to the fact that Internet Explorer was on more machines.


Well, neither java nor flash has been as widely exploited as ActiveX used to be, despite the fact that they are widespread technologies.

Safari (or more accurately Webkit) is integrated into OSX hence the need to reboot whenever it is updated.


I guess it's because some applications embed safari, it's not like the tight integration of IE.

This whole Admin by default thing is not a useful argument until you can demonstrate that the average user won't give his password to any little box that pops on his screen. Trust me, the average user either doesn't know or care enough about security to stop himself. Do you think that Steve Jobs had security foremost in his mind when he based NextStep on BSD or did he just use it because it was freely available? Do you think he predicted the virus and malware threat early? OSX security is a pleasant side effect, and as we have stated, will hardly be tested so long as there are so few machines to attack. It's easy with hindsight to blame the default admin account but at the time it was seen as making things easier for users.


If you're logged in as an admin then the applications you run will also have admin rights. There are reasons why you are discuraged from logging in as root on unix-boxes.

At least apple got a lot of thing right from the beginning, probably due to OSX:s Unix heritage.

Likewise, Microsoft can't be blamed for the number of pirated copies that serve to host malware, or the user who doesn't patch his system. Did you know there was a patch for Conficker a month before it became widespread?


Of course not. And Microsoft have been getting better at delivering patches now.

The majority of exploits now don't attack the browser they attack a plugin e.g. Java since even Internet Explorer has got itself up to scratch with security. This is probably the reason malware attacks against Firefox have not proliferated in proportion to its popularity.


Again, Microsoft have improved.

Fanboys quote outdated facts, poor statistics and just good old fashioned prejudice.


“Everyone who doesn't agree with me is a fanboy!”

Besides, my comment was mainly about XP which is an outdated OS.

Reply Parent Score: 1