Spyware, Adware and such
I was having a conversation with an XP colleague of mine, and he said that he was about to buy a new software that completely masked his internet browsing and other things, so that his computer was completely invisiable to the net.
Is it true that Macs don't have spyware, adware, worms, viruses, and such windows ailments?
Is it true that Macs don't have spyware, adware, worms, viruses, and such windows ailments?
Comments
Originally posted by bborofka
Yep.
As a new Mac (since the PB commercial with Yao ming and Mini Me) I have heard that is true. I just don't see how it CAN BE true though?
os x doesn't have that, it's configuration is more secure.
if lot's of people change to mac, they'll try to make spyware and stuff for mac too, they will succeed at some point, but not so fast thanks to the way the system is built and open source.
Originally posted by pbaker05
So, I guess that when someone really wants to, there will be plenty of bad stuff for Mac too. Though probably not untill Mac OS has a larger market share, which I don't think Apple wants.
It's not even that easy; the whole market share argument is a fallacy. The only issue is system security. OS X is well-secured right out of the box. Windows (and, sadly, many versions of UNIX and Linux) are not.
Some examples: A while back, Apple rolled out a feature for Mac OS (the old Mac OS) called "AutoStart," that would automatically run the executable on an inserted CD-ROM. This was in answer to the similar feature on Windows, and as with Windows, it was turned on by default. That last little detail made it a gaping security hole. This was in the Bad Old Days, but despite the shrinking popularity of, and complete lack of buzz around, the old Mac OS, it took no time at all before the QuickTime AutoStart Worm was making the rounds. It even got onto a CD distributed by MacAddict magazine, infecting thousands of machines. Apple shipped a new version of QuickTime that had the feature off by default, and the worm eventually vanished into obscurity.
Also a while back, and also with the old Mac OS: The Army's home page on the web, www.army.mil, ran on a Windows server, and it was constantly getting hacked. They worked with Microsoft on security, they tried everything, and their home page was always getting defaced and compromised, within days and sometimes hours of their rolling out a new security model. So they finally went to the W3C, and asked what the most secure platform was. So they ended up running www.army.mil on Mac OS 9 with WebStar. Despite being a very high profile target under constant assault, and despite the fact that these assaults had easily foiled Microsoft's best efforts to secure their own platform, the Army site has not been hacked once since then. It now runs Mac OS X, and it still has not been hacked once.
You don't get system security through obscurity. Even if you did, the Mac isn't obscure enough to benefit. You get system security through design and configuration. Windows was, and to a large extent remains, poorly designed and poorly configured (out of the box) for security, all the way down to the kernel. Mac OS X is very carefully designed to be secure, and well configured out of the box to be secure.
What a lot of people don't understand is how tiny little things can make a huge difference. AutoStart on by default gets you a worm. AutoStart off by default (slowly) kills it. Windows shipped (and, I believe, still ships) with all network services on by default. OS X ships with all network daemons (the UNIX equivalent) off by default. It's a single line in a config file somewhere, but it's the difference between a platform that gets owned 30 seconds after it gets on the net, and a platform that doesn't—regardless of the relative popularities of the platforms in question.
Originally posted by Amorph
It's not even that easy; the whole market share argument is a fallacy. The only issue is system security. OS X is well-secured right out of the box. ...
platforms in question.
Hey Amorph thank you for the insightful
post. And for the link of course.
Additionally, unlike Windows, programs can not just go and install themselve in Mac OS X without the user authenticating with an Admin ID and password. There's also 3 layers of security.
The operating system itself is accessible only if you have "root" access. By default, root access is disabled in OS X and if you want to enable it, you have to dig that information out. This means that no one can mess with the core OS files. Windows, on the otherhand, allows programs full access to the core OS through its messaging system. That's how all that spyware and adware gets installed simply by a user visiting a web site --- its called a drive-by shooting -- the programs install without the users knowledge and embed themselves into the operating system. That's why some of them are so hard to remove. This can not happen in OS X.
This design method is what keeps OS X so safe for the internet. If you want to test your machine to see how secure it is, go to http://www.grc.com/x/ne.dll?rh1dkyd2 -- it's the Sheilds-Up web site. You can then go through some of the tests to see how your machine fares on the internet. Mine tested as fully stealth.
I was a Windows user since 2.1 came out and switched to Mac around Windows 2000. I couldn't take the constand tweaking, repair, debugging necessary to keep Windows operational -- it wore me out -- I refused to have to keep that up when I only wanted to use the computer for a tool. Now, i am a happy camper and when my neighbors have these big conversations of all the trouble they have with their computers, I just smile. i'm no longer wasting my time and energy trying to keep the O/S operational. Mac -- it just works!
Originally posted by pbaker05
Awesome, thanks for the wonderfully insiteful reply. I dont have any antivirus, etc., so how do I make sure that I am doing what I should to be secure as possible, since I use my PB for banking?
You should be fine as long as you can muster a secure connection to your bank (https rather than http). If you find yourself sending passwords or account numbers in the clear then it doesn't matter how hard your machine is to hack.
Fortunately, most banks are really good about this, for obvious reasons, and you can check anyway by looking at the URL: If it says https at the front (for Secure HTTP) you're good to go.
There are reasons to get antivirus software for the Mac. First of all, there's the old Just In Case argument—nobody's perfect, and even Apple, who have a pretty solid record, did ship a system with AutoStart on by default once. Second, if you use MS Office:mac, you can receive Office files with viruses and transmit them to other Windows users when you send them those files. Your own machine will be unaffected, but your copy of Office might be compromised (since it runs VBScript) and at minimum, the file with the macro virus will still have it when you send it back out. Antivirus software can strip out those macro viruses.
Otherwise, I enjoy double-clicking on virus attachments in email and looking at them: I've set my Mac up so that they open in a text editor by default.
Originally posted by pubguy
As was articulated much better than I could, Mac OS X is secure by design, not by obscurity. The UNIX that OS X is built on has been around for years. The majority of web servers are UNIX-based. So, it's not all that obscure.
Additionally, unlike Windows, programs can not just go and install themselve in Mac OS X without the user authenticating with an Admin ID and password. There's also 3 layers of security.
The operating system itself is accessible only if you have "root" access. By default, root access is disabled in OS X and if you want to enable it, you have to dig that information out. This means that no one can mess with the core OS files. Windows, on the otherhand, allows programs full access to the core OS through its messaging system. That's how all that spyware and adware gets installed simply by a user visiting a web site --- its called a drive-by shooting -- the programs install without the users knowledge and embed themselves into the operating system. That's why some of them are so hard to remove. This can not happen in OS X.
This design method is what keeps OS X so safe for the internet. If you want to test your machine to see how secure it is, go to http://www.grc.com/x/ne.dll?rh1dkyd2 -- it's the Sheilds-Up web site. You can then go through some of the tests to see how your machine fares on the internet. Mine tested as fully stealth.
I was a Windows user since 2.1 came out and switched to Mac around Windows 2000. I couldn't take the constand tweaking, repair, debugging necessary to keep Windows operational -- it wore me out -- I refused to have to keep that up when I only wanted to use the computer for a tool. Now, i am a happy camper and when my neighbors have these big conversations of all the trouble they have with their computers, I just smile. i'm no longer wasting my time and energy trying to keep the O/S operational. Mac -- it just works!
I did not see anything to do on this site???
Originally posted by pbaker05
I am glad you brought that up, I use the file vault, and my keychain is password protected, is that good?
pasword protected keychain might be a little paranoid but if you don't mind it, it's more secure than secure
i used to use filevault but i quit using it because in a session i tend to move large amounts of data and edit them... logging out takes a while then because filevault has to clear its temporary used space and stuff...
What I would like more is that you could select filevault on seperate folders...
Originally posted by pubguy
I was a Windows user since 2.1 came out and switched to Mac around Windows 2000. I couldn't take the constand tweaking, repair, debugging necessary to keep Windows operational -- it wore me out -- I refused to have to keep that up when I only wanted to use the computer for a tool. Now, i am a happy camper and when my neighbors have these big conversations of all the trouble they have with their computers, I just smile. i'm no longer wasting my time and energy trying to keep the O/S operational. Mac -- it just works!
I run Win2K SP2 (on three machines) with no additional service paks or "critical updates". I have a hardware firewall in place allthe less secure OS services turned off, and my machines show up as fully stealth as well. What REALLY helps is that my wife is technically savvy enough to not run email attachments or be fooled by phishing attempts, so I don't have to worry about surprises.
Staying secure while connected to the net is only about 20% related to hardware and software. The remaining 80% is end-user common sense and education.
I'm considering buying a MacMini but the wife used logic questions on me, like "Do you *need* it?"
I had no choice but to answer no to that.
At the same time, she said I could get one if I want one.
Originally posted by pbaker05
I did not see anything to do on this site???
Try going to their home page and scrolling down to "ShieldsUp!".
Heh, it was fun. My computer is "very cool" because it has "advanced computer and port stealthing capabilities" and is "well hardened to Internet NetBIOS attack and intrusion".
I wonder if the Linux and the router/firewall have anything to do with that?
Originally posted by jsimmons
Staying secure while connected to the net is only about 20% related to hardware and software. The remaining 80% is end-user common sense and education.
That might be how it is, in most cases, but it is not how it should be.
There is absolutely no excuse, in this day and age, for shipping a system that turns on all the services by default. If the secure thing to do is turn them off, then they should all be turned off out of the box. User education then becomes about when or why you might want to turn a feature on, and for how long, but the only consequence of blissful ignorance is that the user is running a reasonably secure system.
In OS X, the firewall is on by default. All services are off by default. All ports run in stealth mode by default. Remote login is disabled by default. Login as root is disabled by default. Daemons run in special accounts that limit their access to the system, so even if they are activated and compromised, the amount of damage they can do is limited. User accounts can't do bad things in /System. Etc. All by design, and by default. That means that far less user education and participation is required, and frankly that's the only way to ship a consumer product.
Even for professional systems, it's a best practice. I remember being surprised to read a few years ago that 60% of Solaris systems were booted up in their default (insecure) config and put out on the internet. You can rail against incompetent admins all you want, but think about it from this angle: Does it make more sense for thousands (or millions in the case of a consumer product) or people to go through the exact same arcane, low-level configuration process just to be able to view a frickin' web page without getting owned? or for the vendor to go through that configuration process once, and ship the system configured properly? Does everyone who wants to use broadband have to become a network and a systems engineer? Why is it suddenly unreasonable to expect the vendor of a product to have set it up so that you can actually use it? And people wonder why web and internet use are showing signs of decline now...
At the same time, she said I could get one if I want one.
Cool! Get it. Once she sees it, she'll want one too, and then good luck using logic.
Additionally, unlike Windows, programs can not just go and install themselve in Mac OS X without the user authenticating with an Admin ID and password. There's also 3 layers of security.
You obviously don't know much about Windows. A restricted user account can not install software. Administrator password is required.
Windows, on the otherhand, allows programs full access to the core OS through its messaging system.
See above again.
Software firewall, be it Windows or OSX is a bunch of crap and it doesn't take much to get through.
Any system can be penetrated. Just hope that Mac PCs doesn't gain share in the market. Otherwise there will be a bunch of hacks for OSX as well.
I run Windows. I run MAC OSX. I don't problems with both in terms of security.
It reminds me of an old question: What's wrong with the car? Answer: The driver!
Uh, also, you missed a few points in there about default configs, user types and permissions, stealth and closed ports and some examples of tested Mac servers that have yet to be cracked. The software firewall is only one aspect of the equation, and we do have some evidence that low marketshare is not the only reason to think that OS X is more secure from malware.
Considering the Mac's high profile/mindshare and the way people flaunt the claim of better security on the platform, you would have thought someone would have done something pretty malicious by now to prove a point. There have been vulnerabilities, and there have been so-called proofs of concept. But nothing's really gone further. None of this is to say that the platform is invincible, it's just a whole lot better than Windows and for technical and non-technical reasons.
Actually, John Gruber points out another reason (read: human factor) for the lack of malware on the platform: intolerance.
Originally posted by skatman
You obviously don't know much about Windows. A restricted user account can not install software. Administrator password is required.
Perhaps, it would interest you to know that Windows accounts are completely unrestricted by default. Out of the box, Windows does not even require a password. There is no requirement that any Windows account, including administrative accounts, be password protected.