"At the recent ShmooCon hacking conference, an unknown hacker took control of [a] researcher's computer, disabling the firewall and starting up a file server. While such compromises have become common in the Windows world, this time the computer was an Apple PowerBook running the latest version of Mac OS X. The compromise underscores a number of trends that has already caused a shift in focus among flaw finders and could result in more attacks on Mac OS X. "This is almost certainly the year of the OS X exploit," said Jay Beale, an expert in hardening Linux and Mac OS X systems. "The OS X platform may be based on a Unix platform, but Apple seems to be making mistakes that Unix made, and corrected, long ago."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-07-02
Your argument makes sense, and sounds reasonable at first glance.
That's because it is.
But at second glance, what you're saying is akin to "I've never had a car accident, so in reality, I can drive a car and not worry about car accidents."
That's not akin to what I'm saying at all. I'm saying that, until there are sightings of Linux malware "in the wild" that are credible enough to cause concern, then in fact there's little reason to be concerned. As usual, it's good practice to follow security bulletins (because, even though malware isn't a problem for Linux, there are still software vulnerabilities to take care of).
Again, I'm not saying that running Linux/OS X prevents you from getting malware. What I'm saying is that there is no malware for Linux/OS X as of yet. Until there is, there's no reason to worry. When (and if) there is, then we'll take the appropriate steps to protect our boxen.
Note that I added "and if", because in fact the *nix security model is in fact better to prevent virus propagation, and thus will always make *nix viruses less "interesting" to write. To recap, the main elements of this model are:
1) no executable file simply by providing the appropriate extension
2) a more varied OS/App ecosystem (monoculture is BAD)
3) a strong normal user/root user separation
4) generally more computer-savvy users
Member since:2005-07-06
How will the user know when malware finally starts propagating for his/her OS? Will a nice little box show up that says "WARNING! THERE IS NOW MALWARE FOR OS X/LINUX! PLEASE SMARTEN UP FROM NOW ON!"?
No.
You should be consciously aware of malware for *all* platforms *all* the time. Complacency is not security.
Member since:
2005-07-06
Your argument makes sense, and sounds reasonable at first glance. But at second glance, what you're saying is akin to "I've never had a car accident, so in reality, I can drive a car and not worry about car accidents."
That's simply not true. The argument is presented in such a way that makes it seem like running Linux/OS X automatically prevents you from malware. Again, that's just not true.
The whole point of these articles is to illustrate that blind faith/devotion in the "inherent security" of the two OSes is damningly incorrect, and will bite you in the ass. Yes, right now there is nothing to worry about (for the most part), but that has no impact on the future, nor does it have any impact on the actions of the user.