Linked by Hadrien Grasland on Sat 25th Jun 2011 08:55 UTC, submitted by John
Mac OS X "Using a Mac may certainly be a safer choice for a lot of people as despite being vulnerable they are not targeted. However this is not the same as Macs being secure, something Eric Schmidt erroneously advised recently. I may be able to browse impervious to malware on a Mac at the moment, however I personally would not be comfortable using a platform so easily compromised if someone had the motivation to do so. In this article I address just why OS X is so insecure including the technical shortcomings of OS X as well as Apples policies as a company that contribute to the situation."
Thread beginning with comment 478546
To read all comments associated with this story, please click here.
Just another article
by wocowboy on Sat 25th Jun 2011 11:42 UTC
wocowboy
Member since:
2006-06-01

The referenced article is an interesting read, but ultimately means nothing to the average consumer. All OS's are far more secure now than they were a few years ago. We are no longer hearing about outbreaks of such things as the Melissa, Storm Worm, Mydoom, Nimda, Sobig, I Love You, and the thousands of others that wrought havoc back then.

And while I do agree that OS X might be "insecure", and even "Horribly Insecure" as the author suggests, there has still to date been NO outbreak of a virus or malware of the scale of any of the above-mentioned viruses that has affected Mac computers.

One can say it is due to there only being a very few Apple computers out there and they are not targeted, but there are millions more now than there were back in even 2000, and yet there have been no attacks. I don't buy this argument at all. I think the simple fact that you have to enter an Administrator password for these things to gain access to your Mac is a pretty good deterrent against a widespread attack. I may be wrong, but I think Mac users are pretty wise to such tactics.

One can ramble all one wants to about technical shortcomings, architecture flaws, anything you want as a reason an OS is "insecure", but the fact there are and has never been, any attacks, trumps all that hoohaa.

Reply Score: 2

RE: Just another article
by pantheraleo on Sat 25th Jun 2011 15:12 in reply to "Just another article"
pantheraleo Member since:
2007-03-07

I think the simple fact that you have to enter an Administrator password for these things to gain access to your Mac is a pretty good deterrent against a widespread attack.


Except you don't have to enter the admin password for many attacks to work on a Mac. For example, I could send you a trojan'd executable that when you run it, will email me everything in your Documents directory. You wouldn't be required to enter any password because it does not need admin permission to do that. I could also email your Apple Mail folders to myself and then harvest email addresses, emails from your bank, etc. Again, no admin permission required because these directories and files only need user permission to be able to access.

Also, keep in mind that the latest versions of MacDefender do not require you to enter the admin password in order to do their dirty work.

I may be wrong, but I think Mac users are pretty wise to such tactics.


You actually are wrong about that. A study conducted by Evan's Data I think it was found that Mac users are actually more vulnerable to being tricked by social engineering attempts than Windows users are. They are more likely to fall for phishing attempts for example. The reason appears to be that many Mac users don't seem to realize the difference between phishing scams, trojans that try trick you into entering admin passwords, etc., and actual "viruses". And Apple has been spending so long telling them that their Macs don't get viruses, and are secure, that many Mac users believe they are immune from phishing attacks and trojans as well.

There definitely needs to be more education of Mac users when it comes to this.

One can ramble all one wants to about technical shortcomings, architecture flaws, anything you want as a reason an OS is "insecure", but the fact there are and has never been, any attacks, trumps all that hoohaa. [/q]

Edited 2011-06-25 15:14 UTC

Reply Parent Score: 7

RE[2]: Just another article
by jack_perry on Sat 25th Jun 2011 17:18 in reply to "RE: Just another article"
jack_perry Member since:
2005-07-06

Except you don't have to enter the admin password for many attacks to work on a Mac. For example, I could send you a trojan'd executable that when you run it, will email me everything in your Documents directory. You wouldn't be required to enter any password because it does not need admin permission to do that. I could also email your Apple Mail folders to myself and then harvest email addresses, emails from your bank, etc. Again, no admin permission required because these directories and files only need user permission to be able to access.

Fair enough. How does any OS defend against such an attack?

Reply Parent Score: 3

RE[2]: Just another article
by brichpmr on Sat 25th Jun 2011 19:36 in reply to "RE: Just another article"
brichpmr Member since:
2006-04-22

"I think the simple fact that you have to enter an Administrator password for these things to gain access to your Mac is a pretty good deterrent against a widespread attack.


Except you don't have to enter the admin password for many attacks to work on a Mac. For example, I could send you a trojan'd executable that when you run it, will email me everything in your Documents directory. You wouldn't be required to enter any password because it does not need admin permission to do that. I could also email your Apple Mail folders to myself and then harvest email addresses, emails from your bank, etc. Again, no admin permission required because these directories and files only need user permission to be able to access.

Also, keep in mind that the latest versions of MacDefender do not require you to enter the admin password in order to do their dirty work.

I may be wrong, but I think Mac users are pretty wise to such tactics.


You actually are wrong about that. A study conducted by Evan's Data I think it was found that Mac users are actually more vulnerable to being tricked by social engineering attempts than Windows users are. They are more likely to fall for phishing attempts for example. The reason appears to be that many Mac users don't seem to realize the difference between phishing scams, trojans that try trick you into entering admin passwords, etc., and actual "viruses". And Apple has been spending so long telling them that their Macs don't get viruses, and are secure, that many Mac users believe they are immune from phishing attacks and trojans as well.

There definitely needs to be more education of Mac users when it comes to this.

One can ramble all one wants to about technical shortcomings, architecture flaws, anything you want as a reason an OS is "insecure", but the fact there are and has never been, any attacks, trumps all that hoohaa.
" [/q]


Most Mac users are either former Windows users or current users of both platforms....nothing to indicate that a Mac user is less savvy.

Reply Parent Score: 0

RE: Just another article
by BallmerKnowsBest on Sat 25th Jun 2011 18:02 in reply to "Just another article"
BallmerKnowsBest Member since:
2008-06-02

And while I do agree that OS X might be "insecure", and even "Horribly Insecure" as the author suggests, there has still to date been NO outbreak of a virus or malware of the scale of any of the above-mentioned viruses that has affected Mac computers.


So you're okay with rampant security vulnerabilities, just so long as no one can be bothered to exploit them? That's like getting diagnosed with Herpes and saying "it doesn't matter because I haven't had an outbreak yet!"

One can say it is due to there only being a very few Apple computers out there and they are not targeted, but there are millions more now than there were back in even 2000, and yet there have been no attacks.


Uh, yes Virginia, there have been attacks.

I don't buy this argument at all.


Yeah, I guess it would be a difficult argument to swallow... if you're completely ignorant of how viruses & worms spread and the actual factors that make it possible for them to propagate.

Reply Parent Score: 2

RE[2]: Just another article
by wocowboy on Sun 26th Jun 2011 10:27 in reply to "RE: Just another article"
wocowboy Member since:
2006-06-01

You say there have been attacks. Would you please cite them? Just exactly what attacks on Macs have there been in the past on the scale of Melissa, I Love You, Nimda, and the others I cited in my post? Hmmm? What attacks? I and everyone else on here are waiting to see this supposedly massive list of attacks that have been perpetrated on Macs in the past that demonstrates their vulnerability and ostensibly ridiculously horrible security.

Reply Parent Score: 1

RE: Just another article
by Soulbender on Mon 27th Jun 2011 16:23 in reply to "Just another article"
Soulbender Member since:
2005-08-18

One can ramble all one wants to about technical shortcomings, architecture flaws, anything you want as a reason an OS is "insecure", but the fact there are and has never been, any attacks, trumps all that hoohaa.


Right, because if it hasn't happened yet there's no need to worry.

Reply Parent Score: 2

RE[2]: Just another article
by Neolander on Mon 27th Jun 2011 19:38 in reply to "RE: Just another article"
Neolander Member since:
2010-03-08

Right, because if it hasn't happened yet there's no need to worry.

Also known as : "I've never got AIDS, so I don't understand all the fuss about condoms".

Reply Parent Score: 1

RE[2]: Just another article
by Alfman on Tue 28th Jun 2011 03:00 in reply to "RE: Just another article"
Alfman Member since:
2011-01-28

Soulbender,

"Right, because if it hasn't happened yet there's no need to worry."

Many apple users are ridiculously insecure about their OS (pun intended).

Reply Parent Score: 2