IS OSX more secure to spyware than windows 7?
 

Is macosx more secure to spyware malware than windows inherently?
Or is it because nobody cares to hack it?

Are you thinking about trying to do that?

The presence of virus or trojans or other forms of malware on OS X has been heavily posted here, and other support sites. You'll find plenty of threads, from ultra 'Macs don't do that stuff' to fairly extreme paranoic threads involving gov. activity or 'super-undetectable back-doors deeply imbedded in all computer hardware'. Do a search, and take your pick on the direction of the thread.

The short answer is no, OS X is not really more secure. This is why. Most attacks involve user interaction of some sort. OS X uses a POSIX standards for permissions. Meaning if something wanted to escalate itself to execute malicious code you would have to put in an admin password to do so. This stops almost all attacks from self executing. However, that doesn't mean they cannot social engineer the end user.

Since most attacks fool the user into installing malicious software to begin with, really the biggest security threat is the end user and not the OS itself. However, on paper, OS X is a bit more secure. Windows still allows drivers direct kernel access via kernel hooks and APIs. This was apparently fixed in Windows 7, but I do think the Microsoft's monolithic approach to building an OS is old and busted and does need to change.

I am both a Windows and OS X user, and my windows box is secure and runs fine.

On the other hand, I've had clients pay me to do this removal three times in the past 3 weeks, whereas I haven't dealt with malware on a Mac in over 10 years.

Well, other than Apple-provided bugware on occasion. :rolleyes:

But in general, the user is indeed the weakest link in the security chain. They just need to figure out how to replace us.

A little bit of both.
I don't even know of any spyware created for OS X, although I'm sure it exists somewhere. They want to target the largest audience, get as many PC's as possible to fulfill their goal. The Apple userbase is still not large enough to warrant the time and effort for them. Most true "spyware/adware" is commercially driven; someone is making money from it somehow, and they want as much exposure as possible with minimal expense.
Add to that, that previous versions of IE were security disasters, and the fact that 90% of Windows users stay logged on to admin accounts at all times meant that Windows was a wonderful target.

Now, truly malicious hackers/crackers certainly target OS X, as they see the potential and enjoy the challenge. It's worth the effort. There's not as many of them, so it's not such a huge deal yet.

Point is, no matter what computer you use, do not take security for granted, do not assume you are safe simply due to the platform you're on.

I knew a security guy who put it this way:

Think of a neighborhood, and pretend you're wanting to rob one of the houses. On the left you see a very large, clearly expensive house where the front door is conveniently just slightly open. On your right is a moderately sized house with a man standing out front with a rifle. Which one would you rob?

The big house is Windows, the smaller house is OSX (and the little shanty on the corner is Linux :D). You can probably break into the smaller house, and people have hacked OSX, but what's the point when you can more easily break into the bigger house?

All of that being said (I like using that phrase lately), I'm not sure how well the "security through obscurity" argument is going to hold up in the near future. I know security firms that are switching businesses over to OSX in order to create a more secure network. I've heard that Google is making that switch as well, and that's a pretty big target. Not to mention the fact that Apple itself is a pretty huge company and, obviously, they all use Macs as well.

I think Apple's going to have to stay on it's toes, because their house is getting much bigger and, if the the reports I'm reading are right, the Windows house has at least shut it's door these days...

PS -- And all of that being said. I can't help but ask a question that might throw everything I said out the window: What is the nature of hacking these days? I'm under the impression that it's less like "Sneakers" these days (ie., hacking into large companies, despite a few high profile identity theft problems lately), and more along the lines of taking over home computers for the sole purpose of spam botting. Anyone here have some insight on what hackers are trying to accomplish these days?

.
I think one of the best protections is Little Snitch, which gives you pretty darned good control of who your Mac communicates with.

In addition, of course, there is a compelling need to upgrade users, as Tom and Craig and others have pointed out. ;)
.

The motive behind most malware these is money, either through taking over machines to serve spam email, or from transmitting personal information back to a bad guy. Or simply registering that you exist, and selling lists to marketeers.
The days of the virus that just spreads itself and wipes your hard drive on 25th September are over.

I don't buy the argument that Macs are left alone because there are fewer of them. If I were evil, I would suggest that the Mac audience would yield good results. I don't think it's outrageous to suggest that the average Mac owner is slightly better off financially than the average PC owner. Mac users are perhaps more trusting, because they assume that their OS will protect them.

I find it very hard to believe that criminals have not even bothered to target Macs. It seems likely that some have tried, but found a level of difficulty that outweighs the potential rewards. Everyone seems to be waiting for the tipping point, when the number of Mac users makes the effort worthwhile.

Macs offer a good level of security to the user. Whether the user takes up that offer, is another matter.

Macs have been targeted. Remember the iLife torrent issue? How about the QuickTime exploit? All of those attacks fooled a user into installing non legit software, or in some cases pirated software.

I am not a software developer but I could easily slip in a launchd item and some shell scripts and bundle them into an existing package, say iLife, and then upload them on some torrent trackers. Then when someone downloads my pirated software and installs it, sure they get the app, but it also payloads some malicious launch daemons I wrote. That isn't hard at all, and in fact I do it at work all the time for legit purposes.

Now, I would never do that, because I have no desire to be malicious. However, given my very limited ability to write code, and the fact that I could pull this off; tells me that a really good hacker could probably do it way better and sneakier than myself.

In the end the biggest security deterrent is the end user. So, you cannot really hold the OS as accountable as you could in the past. Now, the one major thing Apple lacks, is getting on the ball with their security updates. Do you all remember how long the ARD agent glitch existed? The one that allowed any user to root a machine? Granted, it could be not executed remotely (well it probably could through a web browser and malicious site perhaps) but it was a security hole that sat there for many months. A known security hole.

I would be quite interested to hear the experiences of anyone who's had to deal with any real world impact of any of these exploits.

I would too, as I never downloaded them to "test them out." However, the ARD agent exploit was easy.

It would result in 'root,' every time. Since the ARD agent executes Unix commands as a root user. They have since patched that exploit, but it took Apple a long time. Regardless if anyone suffered from it or not, Apple should have been on the ball on that one.

The question I have is this: Was this thread start with the intent of creating a flame war? Because these kinds of topics always go south at some point.

@Anti -- WHATEVER! Clearly you don't understand how threads work at MACOSXHINTS.com. We never fight around here, in fact I've never seen an argument since I joined in 2004, EVER! And I have proof right here: proof.

And your mother was a hamster, and your father smelt of elderberries!

(More nonsensical chitter chatter, just be generally insulting...not feeling creative enough to actually fill it in, blah blah blah, are you insulted yet? I could try to be more insulting if this isn't insulting enough...)

Jay, i think you've lost it. ☺

The do shell script hack doesn't work anymore. (whoami in ARDAgent) Not even in my own apps. It does this in the Result pane (I have my AppleScript Editor tiled perfectly to my taste):

Yes it has been patched for about a year now, and it only worked with the ARDagent.app. However, my point was, it was super easy to do, and it existed for a really long time, and it was commonly known. Apple took like 10 months to a year to patch it. Microsoft would have patched that loop hole immediately. So, my point is, Apple needs to get on the ball when it comes to security updates.

Absolutely. If you look at the last 200 or so patches, more then 90% allow code execution. Sure they're patched but it took them long enough. And judging by quite some posts here I noticed not everyone installs the latest patches.

Yup; if someone fixes the bug the wise person installs the update. Well, at least as long as it doesn't break some other piece of mission critical software they run.

Considering there are still lots of people (probably at this very moment) conducting business over open public WiFi networks I don't know that most folks pay the attention to security updates that they could.

Personally, this is the sort of thing I'm more likely to be worried about.

I have not had great experience with apple updates in enterprise environments. 10.5.2 broke 50+ different things but fixed one of our previous problems. Of course it worked great in a small sandbox environment, but once you got it outside in the whole enterprise, bam all your clients were then now screwed.

Think? ;).

Anyway, it looks like an actual discussions is starting to take place again so I'll refrain from any more vuvuzela laden hijacking...

Give 100 people Macs, and give 100 people PCs (like many companies today are setup) and I guarantee the PCs will get infected with virii/spyware/malware before the OS X systems.

For a long time now people have used the "no one wants/cares to hack the Mac OS" excuse...but if you could be the first person to write an actual virus for the iPlatform you'd be an instant celeb.

Exploits and vulnerabilities alone aren't enough to make me install an AV client on my Mac. I would venture to guess that at least 50% of the people on this discussion board do not have any AV software on their Mac. I'd like to see a group of Windows enthusiasts who can claim the same.

Let's start new. Close off that environment. There's no malware there, clean environment. Create one worm for PC and one for mac. It's fairly trivial on both to create something that will mail itself around to the others. Even without abusing any bugs in the system or requiring admin privileges. Both systems will create an equal mess of things.

I'm sure I can whip up something within a few days for a Mac, even though it's been years since I programmed anything. Last thing I wrote for anything Apple related was on an Apple ][. Why haven't I done it? I don't want to get arrested for doing research. The only way to make the Mac zeolots (my Mac is more secure then your pc types) shut up about it would be to release it into the wild. And that will definitely get me arrested, if the wrong kind of people get hit they'll even try me for 'terrorism' :eek:

True. But what happens when no intervention is taken?

The average person in the typical setting would be safer using a Mac than a PC.

Of course there are exceptions to the rule...and anyone who says the Mac platform can't be hacked in kidding themselves

I take exception to that characterization, even were it spelled correctly. ;)

You don't frighten us, English pig dogs. Go and boil your bottoms, you sons of a silly person. I blow my nose at you, so-called "Arthur King," you and all your silly English K-nig-hts.

(Also, Rick Roll? Really?)

Anti, Jay, Calm Down!! You're just being annoying and cluttering the thread up

I hate to say this, but as a Mac user myself, the macheads do tend to get on my nerves a bit. I see a Mac and a PC as tools, that is it. Tools humans use to get certain tasks or jobs done, and for entertainment purposes. At the end of the day, if your computer does what you want it to do, then you accomplished your goals.

To outright say one is better or more secure is a mere matter of opinion when you come down to the bottom line of it. The days of outright virus attacks are over, and almost all security exploits and malicious software revolves around the user now.

I work in a 1:1 environment. That means every student and teacher has their own Macbook. Total of 6,000 at my job. I have the task of managing them. Not a week goes by that I get an email or a phone call telling me that their Mac got a virus and they tried to download some random AV software to fix it, which the AV software itself was in fact malware (or highjack ware I guess?) which wanted to sell the end user a license to some magical software that will get rid of all your problems.

Luckily, most, if not all of that crap is written for Windows and will not execute on a Mac. Some staff have admin rights to their machines too, so they could have totally installed it. They would have installed it. Then their mac would have been rooted if it only ran on the Mac.

We have a small number of machines that run CrossOver to run a stupid testing app, and a few of those got infected since it installed via crossover.

Having a Mac does not make you immune to committing bad practices as a computer user. If you ever read Mitnick he always says the human element is the weakest link, and I would say that man knows a thing or two about social engineering.

True. I'd also posit it's true that a sound social engineering method to get people to dislike you is to start calling them names. It displays a level of maturity in the tech industry and the tech press that doesn't do it any favors.

In my opinion. Of course I'm an old guy. :cool:

I was pointing out that the fundamentalist mac users tend to rub me the wrong way. I wouldn't consider anyone who is regular on this forum to that level. In fact, this forum is very civil and for it being Mac centric there is not a lot of bashing the other guys that goes on here. Which is why I have stuck around for such a long time.

I did not mean to come off as immature, and apologize if I did.

Nah, you're all fine. And yes, we do try to keep this a no-bash zone.

I've been frequenting too many other sites lately and it must be affecting my brain. Which could be considered yet another kind of social engineering, I suppose.

Ah...glad to see someone understands me. And yes, a rickroll, even though its several years out of being "hip". I was just trying to ratchet up the annoyance quotient :).

@renaultsoftware -- Yeah, you're probably right. We're just pulling a prank for the most part. Perhaps we should just stop hijacking the thread.

Please understand, we've seen this kind of thread topic pop up repeatedly over the last few years. And each time we see it, it turns into some giant flame war. Fortunately, this time, most of the major flame throwers are MIA. So perhaps this conversation, if tired, will at least remain civil (at least now that it's reclaimed it's civility, that was a close one tlarkin & Craig! ;)).

I just think the whole argument of "Macs are better than PCs" or vice versa is childish and stupid, at best.

I have no problem defending Macs when a stupid PC pundit goes out of their way to say something stupid like "OMG, ONE BUTTON MOUSE?!" or some stupid statement that holds no water.

Topics like these displease me, because pretty much anything's vulnerable. There's holes in everything. One is not better than the other.

As for why the Mac doesn't get attacked as much? The user base has a zero-tolerance for viruses and spyware. If it's found, it's reported and dealt with. The Mac user base sticks together much like a community. The Windows users not so much. Just a theory. Not fact.

Oh, yuck. In servers, no less.

Hardware based trojan horses.

This one could definitely affect everybody, since none of them actually produce their own components anymore.

Typical Dell.

Yes, typical Dell… my grandpa has one and it's so slow and ancient. TBH I don't get why we use like 5 different virus scanners and all that. On my great-aunt's ancient Gateway the Norton tools are so consuming that the computer was running 100% of the CPU. Nothing left for internet browsing.

Someone made the argument that Dell is nothing, their computers are just comprised of components manufactured by other companies, and it's only a brand.

Doesn't matter, Dell has poor choice of these "other manufacturers".

I wonder if there was a farmer in those servers.. harvesting data.. in the Dell.

What bugs me is that anyone could write an app that could potentially delete everything, in a line of system() or whatever. The code is hidden from the user so we'd never know, until everything's gone…

Yeah, typical Dell. Apple would never be so incompetent as to sell hardware preinfected with malware, and even if they did, they would certainly own up to it and deal with the situation with class.

Oh wait...
http://www.apple.com/support/windowsvirus/

haha... it's been several years, but there was a point at which some disks were coming from Apple containing the ancient auto-start worm. (I'm talking early-mid 90's here)
It was quickly cleared up, but still.

I have PROOF that somehow, someone wrote a spyware app. Here it is:
Attachment 3937
Whew, just kidding. I made that using AppleScript (do shell script "foo -bar" with administrator privileges). Good though

Uh so is Apple. They don't make components. In fact for a long time Asus was making all of Apple's logic boards. Probably still are.

Except for the A4 in the current iPhones (and iPad?). And all the R&D that they put into developing new hardware designs and components. The actual manufacturing of those components may be performed by other companies, but Apple tech is far more than just other's components.

Several of their old inkjet printers were indeed just re-branded HP DeskJets.

So does HP and everyone else. They have engineers design the hardware to specification and then hand those specs to a company like Asus and they manufacture the parts. If you crack open a HP computer you will see that Asus silk screen stamp on the boards, and it is a board you cannot buy retail.

The only real difference is that Apple definitely has their "own way," of engineering their products, and they also write all the software for it. Where as HP is purely hardware and they have other companies code software for their product.

I was a warranty repair tech for years for a company that did consumer and business sales of technology. We did all the warranty work for our clients. I have probably done hardware repair on over 20,000 machines in my life time. No company actually make parts. They provide specifications to the manufacturers that make them. They may specify I want this type of capacitor, this type of resistor, and this type of wiring, but they don't actually make anything tangible. They do it through CAD-like programs to engineer hardware components.

You crack open an Apple product you will see LG, Hitachi, and Asus stamped all over their parts. I will say that no one designs anything like Apple. They are definitely unique, but higher quality of components is a very moot argument. They all use the same components. I can't tell you how many HDs I have fail every week in our macbooks here at work.

Absolutely.

But, the point being made was that Dell is a brand slapped on top of commodity components that they've assembled, but had no part in designing. Apple and, as you point out, many others have a hand in the design of those components.

No one is saying that Apple is designing and manufacturing their own hard drives, RAM, LCDs, etc. Or even manufacturing their own motherboards. The claim was that Dell doesn't do either. (Though I'd be marginally surprised if even the motherboards were COTS.)

Plus, it's an incredible stretch to claim that the A4 or Unibody case and manufacturing process aren't "Apple's" own components.

I wasn't counting cosmetic parts. Like I said, Apple engineers their products in their own unique way, but the actual components are the same as any other computer. Whether or not Apple hardware engineers are better and making combination of specifications work better on a greater scale compared to any other major manufacturer is probably up for debate.

I am biased though, and have been repairing all sorts of electronics for years (11 years now to be exact) and I have seen many models of many different manufacturers have high failure rates. I can think of 4 different models of Macs in the past 6 years I'd never own due to their rate of hardware failure.

I think Apple makes a great product, and I think their laptops are the best out there period. Having owned, repaired, maintained, and given tech support for every major brand of laptop, the Macbook Pro is currently my favorite. It is also, I think, the best laptop I have ever owned. It is a work horse. However, on a component level it is the same as every other laptop out there. The design makes up some of the differences and the engineering. However, as far as parts go, it has the same "guts," as every other laptop out there. That is a fallacy in logic many people have when looking at Apple products. It is a sales pitch I often hear that is totally incorrect is all. Many companies have the same business model as Apple when it comes to hardware design. However, I think Apple does the design part a lot better. Apple also puts in tons of "little things," that make an overall big difference.

A mac is a tool just like a PC. you use your tools to get the task done. Different tools for different jobs, and different people prefer different tools.

To be honest the era of the virus is probably gone. Most malicious attacks use user interactions, since they are now the weakest link in security of a computer user.

I also think Apple has a higher quality control, when releasing their products (minus the iPhone thing, and a few models of macs that were very prone to fail) and if you buy 2nd or 3rd generation of a model of a Mac, it is going to be solid. Just try not to buy 1st gen stuff is my advice.

Since when is the A4 a cosmetic part?

I meant the unibody case for cosmetic part:D The A4 I believe is manufactured by Samsung, so it sort of falls under what I have been saying. Though, the A4 is completely designed by Apple as far as I can tell. I haven't read too much into it. ARM architecture though was not designed by Apple.

You're splitting hairs.

The original claim was that Dell simply slaps a label on commodity hardware.
You said Apple does the same because they don't make their own components. I take it you were arguing the manufacturing quality point more than the in house component development?
I think there's quite a bit of difference between assembling COTS components and putting R&D into new technology, even if that technology is eventually built by other companies.

If you're talking about the physical build quality, sure, technology is pretty advanced and everybody generally makes quality products with the occasional bad batch, design flaw, etc. In that sense, Apple is going to sometimes run into the same problem that Dell might, when quality control fails to catch manufacturing defects.

Just as users, to bring this back to spyware, are a greater threat than is the OS.

Granted, this article isn't about Windows 7 per se, but I found it fairly informative: Is Windows inherently more vulnerable to malware attacks than OS X?

Spoiler: the answer is yes.

"Launchd."

Spoiler: the admin doesn't know what the hell he's doing.

Ah. Dumbass forgot to install the latest patches.

No admin in their right mind would do such a stupid thing.

All *nix processes/daemons are spawned from a single hyper-privileged process called init. What's the difference?

Wrong. Even in the W2000/XP days.

Wrong.

Wrong. Even in the W2K/XP days.

Wrong because of the bad assumption everything runs as SYSTEM.

True but MS doesn't advise third parties to do that. They do that on their own accord. That's hardly MS's fault.

Wrong. Probably never heard of Windows File Protection. OS-X certainly doesn't protect anything.

Wrong, everything is signed.

There's no need for it. And why would Windows check third-party software?

Yes, that's how it's supposed to work, except using privileged accounts for d2d usage. On the other hand OS-X allows admin users to add applications to /Applications without authentication. And that's supposed to be better?

It's freaking easy to do. Never heard of netstat?

Not really.
Go blame the DMCA.

Yes. And plists and dictionaries are sooo much easier. NOT.

Taking ownership of the key resets the ACL. Big deal.

Yes, because secondary streams shouldn't be needed. And it's actually a feature to make Windows servers more Mac friendly!

They are not difficult to employ. They are however difficult to understand by a n00b sysadmin. I'd say get some training!

You don't need anything exceeding root. Root can do everything. Try keeping root out of something. It's rather easy to block access to administrators on Windows.

Wrong, services.exe has absolutely no problems running services on different accounts with different profiles/logins/resource limits/whatever.

Go visit MSDN.

Unless the man page is out of date or otherwise incomplete (it happens).

Windows File Protection

Wrong on so many levels I don't even know where to begin.

Which is easily edited/modified/deleted by anyone with enough privileges.

Another lovely file that can easily be modified/deleted by an attacker.

And how many people will actually know what's supposed to be in there so they can detect what's new?

And how does this increase security?

Not always.

Great, same as on Windows.

Very, very wrong. Guess where 'rootkits' started and guess why they're called "root" kits? Exactly, the technique originated on Unix.

It's also fairly trivial to write something that doesn't show up in that list. It's also trivial to hook the APIs needed to get that info. This can be used to hide processes and other things.

Unless the infection went unnoticed for some time. Rendering all your backups useless.


The clueless moron does nothing but spread false and inaccurate information.

For my nickel, from the day they decided to put the Window Manager and the GDI into Ring 0 (in NT 4, via the Win32 API, done so the graphics performance could equal DOS and surpass OS/2), Microsoft was walking down the malware path.

GDI+ has improved on this, and DWI further, by catching up with the hardware and making it do more of the work. But since the legacy code is still there they have had to jump through a lot of extra hoops to deal with it, and finally Windows 7 has pushed all the GDI-related code into software abstracted rendering only.

Apple did not make that choice, and as a consequence the gaming performance of Mac OS X has suffered, but many other headaches have been avoided.

There are very sound historical reasons that things have turned out the way they are.

Feel free to Google up a storm for references; you can start here.

And then compare it with the XNU kernel of Mac OS X, perhaps starting here.

Apple (and NeXT) had the benefit of seeing other peoples' mistakes. ;)

Change some words and that looks like a ton of proverbs: "a fool spreads folly"

And I thought the file Lock (uchg) from Terminal kept root out too.

Nope, root can set that flag but it can also be removed again.

Also note that in 10.5 (I don't know about 10.6), even the 'schg' and 'sappnd' flags can be unset by "root", without booting into "single-user mode" because 10.5 runs at a lower "securelevel" than in the past (you can bump it back up if you are aware of the need to).

It's funny because the author of the article gushes about Apple's documentation, yet where did Apple document this significant change to the treatment of these flags, to warn admins that might be using them as a part of their security strategy?

You know what? I feel the same way. I read through the Directory Services book for the ACSA certs, and thought I had a pretty good understanding of how Directory Services works. Then I have an issue an use Apple Enterprise support and we are running commands involving slapd, slurp, and taking peeks at all these combined services and files under-the-hood the book never touches on. I think I learned more from that enterprise support call than I did reading the book.

Some of the Apple specific manuals for their specific Unix binaries are unclear or perhaps even completely lacking at times.

While, I think Apple makes a great product, in fact it is my favorite commercial OS, I do think they are lacking in some areas. Security documentation is one of them. I usually read the NSA security guides and try to teach my users best practices when using their computers.

I however, have yet to see, any OS X servers infected due to lack of security patches or documentation that a sys admin may over look. Apple keeps it simple on the top level, so sys admins of OS X server usually have simple set ups. The more you complicate it, the bigger security risk you are taking, in my opinion.

These days it's not the server itself that gets attacked, it's the (web) applications that are running on it that are the most vulnerable. Web applications like CMS or forum software regularly have big holes in them. Custom made web applications are even worse.

Usually those servers are infected in such a way that it doesn't 'damage' the server. However any unsuspecting (windows) user that browses to that site gets a crap load of malware installed. Sure, it's mainly windows users that get attacked this way but there's no reason why a similar attack vector couldn't also attack Mac users. There are plenty of bugs to exploit.

And yes, I agree. Documentation is sparse. Especially good, detailed, technical, information.

Yeah I agree with you. However, some things aren't necessarily the fault of Apple and Microsoft. Some of them are the fault of whatever web based product or API, or application they are using. Java is filled with security holes that only Java can fix.