Apple is a famously secretive company. Its hush-hush culture makes it impossible for employees to talk about their work, even with spouses or family members. Today’s the Day. This may help keep new products a surprise, but it has a downside: In the past few weeks widely publicized security holes in OS X were discussed everywhere and by everyone, except Apple, says Wired.
I believe this whole thing was just blown WAY out! Apple acknowledged there was a problem and fixed it in a – somewhat – timely fashion. Why must they go into greater detail then, we know of a security whole with such and such procedure of the operating system, and we are currently addressing the issue.
Personally, if you were smart you would have not selected for Safari to handle downloads in that fashion. A workaround was brought to the community, it was their choice to implement it or not.
True Apple could have handled this whole thing a little better, but hey you live and learn. Why take it any further! They probably will sing a different tune with the next security hole is found.
yah……..all i can say about the hype! Anyone who has used OS X for a while already knows how secure it is. I run 2 pcs running xp in my house and one mac running os x. I have spent hours ridding my pc’s from viruses and worms this year. Both my pc’s are running ant-virus too!
but is ur anti-virus software upto date? im a WinXP, and Linux user primarily, but i have dabbled in MacOsX when im at my uncles house, and it is more secure than XP because of its *BSD base, coupled with the Mach Kernel, and the worms and viruses thing its a case of distribution and user base, windows has a far larger user base so its bound to get more attacks, but that said XP is less secure than Unix akin systems
Mac OS X keeps getting better and better!
you do the math Youlle: 95% install base for windows, ~4% for OS X. OS X has no viruses or spyware. windows has infinitely more. does that mean windows has infinitely more users? no, 91% more users, but 23948203984% (or insert any other absurdly large or small number here) more viruses, spyware, and malware then OS X. almost 1000 windows worms/etc. were put in the wild just last month, shouldn’t there be at least 40 equivelent OS X exploits? but there’s not.
how come people don’t say the same thing about apache? apache runs more then 60% of web sites, but i’ve often read it is less vulnerable (especially a default install) then IIS. in this case, a microsoft product with a smaller user base has more exploits (if anyone has metrics on this, please post).
while user base is a factor, user base vs. exploits has little to no correlation when microsoft is involved
I don’t care “why” os X has fewer viruses, all I know is that it just does. I like the fact that my home machine is practically maintendance free. I have never had a virus on my system. BTW I do have a firewall and antivirus running on OSX just to be sure
“OS X has no viruses or spyware.”
There has been at least one trojan for OS X in the news lately. Maybe you meant it has no worms?
Every OS has the ability to be plagued with spyware, although alot of that problems comes with full *featured* browsers and everyone running as an Admin; but even in Linux/BSD a user can install personal applications that are his only. So if you are silly enough to install it, you’re gonna get it.
I’ve known XP users who almost never get spyware. The reason is because they don’t click yes on every little app they find around.
Worms, now those I blame on the platform and/or the network program. I think if Windows could rid themselves of their worm issues they might look a bit better on security.
And anti-virus programs are an obnoxious waste of hard disk accesses. I can’t stand having them run constantly, it should be a full system scan on a cron setup; not just all the time.
Trojan? I don’t know of a trojan. If you’re referring to the Office-program-as-a-script-instead then that’s a malware, not a trojan.
There was also that MP3 file. I don’t know if that was a trojan, but I don’t remember exactly what it did, either. Of course, it was never more than a proof-of-concept anyway.
>>> There has been at least one trojan for OS X in the news lately. Maybe you meant it has no worms?
you’re mistaken. the trojan floating around was software disguised to look like a pirated copy of office 2004. i would hardly consider that a trojan. the user got what they deserved for downloading pirated software!
all vulnerabilities to date have been discovered in safe environments, by security groups, etc, and, to the best of my knowledge, no known worms, viruses, etc that take advantage of these exploits have been found in the wild.
i’m not saying OS X doesn’t have the ability to be plagued by spyware, i’m just saying it isn’t. and because of things like lowered user permissions (even for the main user of the system), requiring elevated permissions to do anything that will affect more users then yourself, not allowing a web browser to execute arbitrary remote programs without user intervention, and not opening ports/services to the wild internet by default, you’re giving users a safer environment to start with.
you do the math Youlle: 95% install base for windows, ~4% for OS X. OS X has no viruses or spyware. windows has infinitely more. does that mean windows has infinitely more users? no, 91% more users, but 23948203984% (or insert any other absurdly large or small number here) more viruses, spyware, and malware then OS X. almost 1000 windows worms/etc. were put in the wild just last month, shouldn’t there be at least 40 equivelent OS X exploits? but there’s not.
Congratulations – that’s a statistically AND logically-fallacious argument.
where can i pick up my award?! ^_^
the point was that you can’t use install base to show which operating systems will get hit. my math was sloppy, but the principle remains, user base, at best, shows a weak correlation to numbers of viruses, worms or exploits created for a particular piece of software.
you’re mistaken. the trojan floating around was software disguised to look like a pirated copy of office 2004. i would hardly consider that a trojan. the user got what they deserved for downloading pirated software!
Please read up on the origin of the word trojan, specifically how it relates to a trojan horse.
Here, I’ll give you a hint:
http://dictionary.reference.com/search?q=trojan%20horse
you’re mistaken. the trojan floating around was software disguised to look like a pirated copy of office 2004.
er… isn’t that what a trojan is?
Well sorry mister “i work at apple” (ah really?) because you don’t
This link exists since YEARS and I used it so many times already.
Damn Wired liars!
Wow, did you actually read the article? The paragraph above what you quoted:
“We think it was very, very valid feedback that we received from customers,” Bereskin said. “We’ve had a wealth of information, but people haven’t known it existed.” Detailed information is available at the company’s security website, and even some security companies aren’t aware of it, Bereskin said.
He specifically says that it isn’t new so don’t be calling the wired a liar. Overall the article is pretty positive towards apple (and correctly so in this case) – it’s simply the truth OS X isn’t 100% secure, but nothing is, and it’s certainly far ahead Microsoft in the security department.
Almost forgot one more thing…he does work at apple, and how can I prove this…apple’s website:
http://216.239.53.104/search?q=cache:54ucmPceZ2YJ:www.apple.com/hot…
I’ve known apple employees that are very outspoken….
a Trojan is a piece of software that that not only masquerades as something it is not (the ana_cornacova trojan is an example) but it also must self propagate through the mail system, otherwise it is just malware.
malware is a piece of software that the user runs and that does a negative action on the system. most of the time, this is done in a trojan like way by having the file name obscure what it really is, however, the difference between a trojan and malware is that malware must be actively downloaded from a server that is on the internet and it can not propagate itself from one infected machine to another.
Trojans make use of system vulnerabilities and user stupidity. one allows it to propigate, the other allows it to do its damage.
Malware only relies on user stupidity, and cannot propagate on its own.
almost 1000 windows worms/etc. were put in the wild just last month, shouldn’t there be at least 40 equivelent OS X exploits? but there’s not.
It needs critical mass. It’s not a simple x:y relationship.
how come people don’t say the same thing about apache?
Because it isn’t a valid comparison.
apache runs more then 60% of web sites, but i’ve often read it is less vulnerable (especially a default install) then IIS. in this case, a microsoft product with a smaller user base has more exploits (if anyone has metrics on this, please post).
It’s not a valid comparison because even combined, IIS and Apache make for a tiny chunk of marketshare. Apache being 60% of the webserver market, when the webserver market is about 2% of internet connected machines (numbers made up, but seem reasonable to me) still means it’s a minority target.
Not to mention apache would indicate a unix machine, more than likely run by a competent and technically skilled user – in other words a poor target for exploitation.
You can’t just pick out one aspect of a system and compare against that. It’s like sorting vehicle theft rates by tyre type – just not valid bits of data to compare.
while user base is a factor, user base vs. exploits has little to no correlation when microsoft is involved
Again, it’s not a simple, linear, x:y relationship. Look at how biological viruses and infections spread, it’s the same principle.
come on. Viruses and trojans and worms can be written to be harmful for ANY operating system. Linux and Mac included.
my Mac running OS 10.2.8, has seen the beachball and blue screen twice.
The reason I suspect, was a piece of software I downloaded, then tried to delete.
This application was the only common thread between the two crashes, other than they occurred, at approx the time of both so called concept virus’.
The appearance of my trash window changed, my modem was communicating when none of my internet related apps were active. This app changed appearance,then created it’s own folder and made itself and the folder property of the root, and regardless of what I tried, it would not go away. At one point it made a duplicate of itself.
I played with it until it crashed my machine and had to unplug then restart from a disk. I loaded a new system, backed up my files,then erased my HD and did a fresh install. This is the only way I could get rid of it.
I won’t mention the name of the app,(it was a media player), because I don’t know absolutely for sure, but it caused me a lot of frustration and grief.
The bright side is I relearned some things that I forgot, because I don’t have to do them on a regular basis.
You know, this is just nuts…..really. Is MS behind this or do the non-Apple users have this big of an inferiority complex when it comes to security?
Microsoft releases a patch bundle…..yes, thats BUNDLE….every damn month. In the 3+ years that its been on the market OSX finally has its first critical vulnerability found and the IT press goes ape s–t. And that wasn’t enough though. Now that everyone has completely over reacted to something that was never exploited we have to beat the dead horse.
OMG give us a break journalists…..find something better to write about.
You’d think though, that given how much hype there is about OS X security and how articles about patches and proof of concept get attention, at least one rectal unit out there would try his hand at creating an OS X virus just for the sheer “neener” factor of it, plus the bragging rights on some private forums.
The closest we’ve got are some ethical proof of concept demonstrations from some people who really went rooting around in the OS. And, there’s only been about 2 or 3 of those.
OSX has a high “media share” and the fact that we’ve not yet had an evil virus is probably because it’s pretty damn hard. Well above the knowledge level of the average windows script kiddie.
One MOSX vulnerability gets major play, but how come there’s no news of the linux kernal exploit recently announced?
<http://arstechnica.com/news/posts/1087227185.html>