"Using a Mac may certainly be a safer choice for a lot of people as despite being vulnerable they are not targeted. However this is not the same as Macs being secure, something Eric Schmidt erroneously advised recently. I may be able to browse impervious to malware on a Mac at the moment, however I personally would not be comfortable using a platform so easily compromised if someone had the motivation to do so. In this article I address just why OS X is so insecure including the technical shortcomings of OS X as well as Apples policies as a company that contribute to the situation."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2011-01-28
Jennimc,
"Sorry, Leap.A was at best (worst?) Malware. (not a worm or virus) "
Wasn't Leap.A this the virus which propagated through a jpeg decoder vulnerability? The executable payload was run whenever the remote user's thumbnail was displayed, at which point one's own jpeg thumbnail became infected. Why doesn't that qualify as a computer virus to you?
"This is the only example where you have a point and even this worm had flaws that made it highly unlikely to be seen in the wild."
It sounds funny to me to hear people downplay security vulnerabilities in this manor. If researchers successfully write a working proof of concept virus, but it is never released into the wild, then I'd still argue that it should still be considered evidence against a platform's security.
Look at recent security updates for OSX.
http://support.apple.com/kb/HT4723
"Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution"
This is one of many arbitrary code execution vulnerabilities mentioned. Hopefully this is fixed now, but I can guaranty that there was some mac chap somewhere boasting mac os as invulnerable, even though this was wrong. The lack real world attacks, if anything, demonstrates a lack of motivation.
No operating system has a perfect track record. Don't deny it, just fix it and move on.
Member since:2007-03-07
Ah. Another Mac fanboy who either doesn't want to admit it was a worm, or doesn't know what the definition of a worm is. Leap.A took advantage of a JPEG decoder vulnerability in iChat as others pointed out. And propegated by sending itself to other people in your iChat contact list. So yes, by definition, it was a worm.
It was a worm because one of the fake updates that it was possible to inject through it was the exploit tool itself, which would then turn the infected Mac into a fake update server that could infect other Macs. Again, it meets the definition of a worm.
It was seen in the wild. But as I said, not very often because Macs were not very common in the wild. It mostly infected corporate networks that had a lot of Macs running on them.
Member since:
2011-06-22
Sorry, Leap.A was at best (worst?) Malware. (not a worm or virus)
This exploit toolkit was a low threat-level multiplatform exploit tool that allows it to take advantage of poor upgrade implementations by injecting fake updates. (not a worm or virus)
Sorry, Leap.A was at best (worst?) Malware. (not a worm or virus)
This is the only example where you have a point and even this worm had flaws that made it highly unlikely to be seen in the wild.
Edited 2011-06-25 23:45 UTC