At first blush, the past two weeks have not been good for the image of Apple's Mac OS X: Public descriptions of two worms and a trivial exploit for a serious software issue in the operating system appeared on the internet. However, the three programs are hardly a threat to systems running Mac OS X, according to security professionals. CNet covers the same topic.
To read all comments associated with this story, please click here.
Member since:2005-07-06
I'm trying to figure what "good thing" these 'threat' articles are trying to accomplish. And who is it is good for? The AV companies trying to enhance their marketshare across platforms? Or the users?
Anybody remember the worm on Windows that spread through an e-mail message that wasn't a program or script at all? Essentially it alarmed the unsuspecting user to delete a critical system file from their C:WINDOWSSYSTEM32 folder and reboot their machine. I'm sure you can figure out the result.
Was that really a security flaw in Windows, or was it USER ignorance? And really how can you PATCH your operating system from such ignorance? These Academic worms only exploit USER ignorance, not a security flaw in the operating system.
When you run Windows XP as an administrator, it is the same as logging into a Unix system as root. That ALONE is absurd from a security standpoint. When you are logged in as an administrator on OS X, you are not root still. You are just allowed to launch system-changing applications/documents--and you are still required to enter a password (akin to the RunAs service on WinXP).
This is a real worm:
W32.Bugbear@mm is a mass-mailing worm. It can also spread through network shares. It has keystroke-logging and backdoor capabilities. The worm also attempts to terminate the processes of various antivirus and firewall programs.
I've had a similar worm on my XP system. I clicked on a suspicious file downloaded from a P2P program which turned out to be a Trojan.downloader. Before 60 seconds had passed this downloader pulled down Adbars, a keystroke logger, some firewall program, and many other malware programs that infected my system and undermined my highly heralded AV/Spyware software. I watched as my protection failed miserably to stop the trojan.
Was it XP's fault that this happened? Nope. This was all on me because I was an administrator on this system and I should have known better.
So, in essence, how are these AV companies (Sophos and others) going to account for this? Simply saying 'you are complacent' won't cut it.
Member since:
2005-07-06
I have maintained for the 2 1/2 years I have used a Mac that the users are too complacent about security. The time to learn about security is before you have a real problem and not afterwards. I will say that it has been my experience that most OS X users do use the auto update feature. This is one area where Windows is finally catching up starting with XP.
None of these issues would have been able to affect my system because I came from a Windows world where being proactive was a necessity and had previously dealt with the issues. The main point I want to make is that Mac users are no more immune from Social Engineering that are most Windows users. The latest happenings will be a good thing if it makes users more security conscious.