DIdn't MS excise Visual Basic from the Mac years ago? Most macros are based on VB, aren't they?
Nope
Most Infections just use vulnarabilities in the Browser, Flash, Adobe Reader, outdated Java plugins? to do what they want.
the classic "viruses" are not tha common, since the dont make money. Most malware now is just to make some $$$ (getting you online banking account, paypal, using you machine as spam-bot?)
Mac OSX doesn't get virus', worms, adware or spyware, because of it's BSD UNIX foundations. There is no case where a Mac can be infected by merely logging into a web page or reading email.
I don?t think it?s fake and I don?t think that Apple contacted a third party for assistance with virus checking assistance. OS X already indexes on the fly with Spotlight so it wouldn?t be difficult for the few potential malware names to trigger a simple warning like this.
The reason they aren't any viruses for Macs is the hax0rs all own Macs and actually like them.
That said it wouldn't take much to make a crippling virus targetting OS X - especially when they are the FIRST systems routinely cracked during the well publicized hacking contests.
While I certainly agree that the software engineering team needs to step up its game in terms security functionality, I would put much stock in Pwn2Own or Black Hat. The problem is that they're always very poorly reported in the press and quite honestly, Charlie Miller, especially, is kind of a farce.
Eighty percent of the vulnerabilities he finds always require direct access to the system (typically direct terminal input) or are social engineering exploits from things like the Java vulnerability that Apple took too long to plug. Charlie Miller has never once been able to remotely hack into a Macintosh computer without social engineering. Keep in mind, especially at Pwn2Own, he's never been able to hack it until the third day when he gets to instruct someone else.
I will say though, I really don't like scum like him who go to conventions to hack systems for nothing more than notoriety (they get paid very little in comparison) when they could be working for these companies and helping them improve the situation. It's like seeing a person who has the skills to be a world class doctor instead spend his life playing video games.
Yeah... This is a teflon coating over the armor...
we know that even the best suit of armor can have weak spots. and while the hits have been on torrent users and such, malware for the Mac does exist. and the more press the OS gets the more someone might be inclined to try a hand at making some.
so protection is a good thing. and I would much rather it was built in than I have to go and pay someone to get it (lord knows we all paid enough for our computers as it is)
Come on, AI. It was WIDELY reported that that note was in reference to OS 9, was horrendously out of date, and it only resurfaced because it was updated. It's reference in this article is dubious at best.
Get it together.
Wrong. While that tech was a little over a year out of date, it was in reference to OS X.
Don't more people get struck by lightening each year than suffer from Mac malware?
The security isn't perfect. But its good enough that i'll spend my life worrying about other things; like backups... and perhaps getting struck by lightening.
Don't more people get struck by lightening each year than suffer from Mac malware?
The security isn't perfect. But its good enough that i'll spend my life worrying about other things; like backups... and perhaps getting struck by lightening.
I think this is wise. Sure malware isn't a big threat now but what about tomorrow?
Once you get the reputation as susceptible to malware it doesn't go away easily. Witness Windows and all the Apple bashing on the matter.
PS And I'm not out to argue with you although we've been on opposite ends on several debates here lately.
If we ever need to use anti-virus on a Mac then Apple have failed as an OS maker. So far, so good.
And as for trojans, a major problem is that operating systems allow programs to run with the full permissions of the user. This is ridiculous. Software is not a tool like a wrench, whose purpose and actions are transparent to the user. Software should be considered as an avatar of the programmer, whose purpose and actions can only be guessed at. Therefore they should each run with access permissions of a guest, depending on the purpose for which they claim.
Socially engineering is superior to antivirus/malware software. People too often think "I'm protected" because this software will protect them.
just today I had to reply back to warn 7 friends that they were spreading what an old prof called 'social malware'. what is that, some ask. easy. any of those 'forward to everyone you know' emails. 99.9% of the time they are bogus warnings that, if followed, will do more harm than good. like the registry virus on XP a few years ago that was actually a legit file which once removed caused your computer to not start up if you turned it off/back on, restarted etc
Quote:
Originally Posted by fragilex
This feature isn't a rumor, it's specifically mentioned on Amazon.
From Amazon's lengthy description of snow leopard:
Defense against viruses and malware.
Innocent-looking files downloaded over the Internet may contain malicious applications, or malware, in disguise. That's why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, Mac OS X alerts you, then warns you the first time you open one. You decide whether to open the application or cancel the attempt. And Mac OS X can use digital signatures to verify that an application hasn't been changed since it was created.
old feature. As pointed out the diff is that now it is not just looking for executables, it is apparently scanning them for potential malware code. and warning folks if it finds something amiss
Quote:
Originally Posted by pondosinatra
especially when they are the FIRST systems routinely cracked during the well publicized hacking contests.
part of the reason for that is that the base code is public knowledge being that it's from open source projects. so the first step of having to reverse engineer the software is pretty much done.
Quote:
Originally Posted by Quadra 610
Part of the consternation here is that it's assumed that this is an admission of some sort by Apple, that a massive tide of malware is just around the corner, and which is fodder for Windows users who want to cause a stir and intrpret it that way.
Whereas in reality, there is no evidence whatsever that we won't have another 8 years of blissful, virus-free and worry-free computing.
agreed. the base code is very complex and even when you understand it, it is not easy to write Mac OS malware. this difficulty combined with the lower level of chaos compared to the Windows world is why folks aren't writing more malware.
we know that even the best suit of armor can have weak spots. and while the hits have been on torrent users and such, malware for the Mac does exist. and the more press the OS gets the more someone might be inclined to try a hand at making some.
so protection is a good thing. and I would much rather it was built in than I have to go and pay someone to get it (lord knows we all paid enough for our computers as it is)
The correct response to a vulnerability is to fix the weakness in the OS and everywhere a similar weakness can take place. Unix has had this process in place for years and, in spite of the fact that the world's most valuable data is all held on, and passes through, unix servers, it is Windows that gets beaten regularly.
Once commentators start to recommend anti-virus, the pressure will come off Apple to fix their security weaknesses and the vicious cycle of weakness will build. There is a need to be fundamentalist about the core functions of an OS. These include that fact that it is the responsibility of the OS to be in charge, at all times, of its programs, data and users. No excuses, ever.
This feature isn't a rumor, it's specifically mentioned on Amazon.
From Amazon's lengthy description of snow leopard:
Defense against viruses and malware.
Innocent-looking files downloaded over the Internet may contain malicious applications, or malware, in disguise. That's why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, Mac OS X alerts you, then warns you the first time you open one. You decide whether to open the application or cancel the attempt. And Mac OS X can use digital signatures to verify that an application hasn't been changed since it was created.
That feature has existed for a while. It doesn't warn you that a file is specifically malware like this screenshot.
The reason they aren't any viruses for Macs is the hax0rs all own Macs and actually like them.
That said it wouldn't take much to make a crippling virus targetting OS X - especially when they are the FIRST systems routinely cracked during the well publicized hacking contests.
Esp. the part where they guess about the motives by Intego... make people think Mac OS X is just as insecure as Microshit and they won't switch. 99.99% better isn't perfect, as we all know, but if you can sow just a little doubt and fear you'll keep people shelling out $39.99/yr for an AV subscription.
"Based on an analysis of a corresponding preferences file called XProtect.plist, it appears that the feature checks for only two known Mac trojans. And it only flags those files if they were downloaded from the internet using Entourage, iChat, Safari, and a handful of other applications"
Which is kinda what I expected. Apple can update the plist file with any new malware using Software Update. Since Mac malware is so few and far between, it would be no problem for Apple to add the one or two files per year that are discovered. Any application that uses the OS's standard functions for downloading and opening disk image files (Safari, Mail, etc) will get the protection. That should cover the vast majority of threat vectors. Mac malware on optical discs, thumb drives, etc is pretty unlikely.
If we ever need to use anti-virus on a Mac then Apple have failed as an OS maker. So far, so good.
And as for trojans, a major problem is that operating systems allow programs to run with the full permissions of the user. This is ridiculous. Software is not a tool like a wrench, whose purpose and actions are transparent to the user. Software should be considered as an avatar of the programmer, whose purpose and actions can only be guessed at. Therefore they should each run with access permissions of a guest, depending on the purpose for which they claim.
If you honestly believe your first sentence, then you have absolutely no business owning a Macintosh computer. Not having to worry about viruses is certainly nice, but there are numerous other things that make the Mac experience what it is today. Just a few examples:
1) Built-in software that is functional and fun to use with shared libraries to ease workflow, not forty thousand two week trials of nothing bloatware.
2) Service that doesn't require speaking to four different companies to fix even the simplest of problems.
3) An operating system employing intuitive design and good looks that doesn't require one to add everything on in pieces (such as data back-up and language packs) or else upgrade to an even more expensive version. An operating system, that along with the iLife suite, comes on ever Mac top to bottom, so that one doesn't have to decide on software differences on top of hardware options.
4) Hardware that is the definition of form complimenting function (and is gorgeous to look at). I can't even begin to explain how many high end Windows notebooks sacrifice battery life for power (a quad core lap-top is worthless if it can't even hold a two hour charge) and think its acceptable to have a body several inches thick or how many Windows all-in-ones that have piss poor video cards joined together with a small amount of soldered on RAM and sometimes a completely pointless touch screen.
5) Amazing integration and ease of use between both first and third party accessories and all of the improved productivity and lack of stress inherent to that system.
If we were to need to run anti-virus it would certainly mean Apple were slacking off, but it would by no means make it an abject failure.
Comments
So much for the haters that were doggin' on intego for being a "hater"
Golly gosh, Mr. Wizard. If it's posted on Amazon, well then it MUST be true!
DIdn't MS excise Visual Basic from the Mac years ago? Most macros are based on VB, aren't they?
Nope
Most Infections just use vulnarabilities in the Browser, Flash, Adobe Reader, outdated Java plugins? to do what they want.
the classic "viruses" are not tha common, since the dont make money. Most malware now is just to make some $$$ (getting you online banking account, paypal, using you machine as spam-bot?)
Mac OSX doesn't get virus', worms, adware or spyware, because of it's BSD UNIX foundations. There is no case where a Mac can be infected by merely logging into a web page or reading email.
I really wish this was true.
Just have a look at some of the Apple Updates
Take this for QuickTime: http://support.apple.com/kb/HT3591
Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Just embed it into a web page and *boom* you can execute your code as the current user.
Was my feeling as well.
We'll see. Seems suspicious, though.
Intego.
I don?t think it?s fake and I don?t think that Apple contacted a third party for assistance with virus checking assistance. OS X already indexes on the fly with Spotlight so it wouldn?t be difficult for the few potential malware names to trigger a simple warning like this.
The reason they aren't any viruses for Macs is the hax0rs all own Macs and actually like them.
That said it wouldn't take much to make a crippling virus targetting OS X - especially when they are the FIRST systems routinely cracked during the well publicized hacking contests.
While I certainly agree that the software engineering team needs to step up its game in terms security functionality, I would put much stock in Pwn2Own or Black Hat. The problem is that they're always very poorly reported in the press and quite honestly, Charlie Miller, especially, is kind of a farce.
Eighty percent of the vulnerabilities he finds always require direct access to the system (typically direct terminal input) or are social engineering exploits from things like the Java vulnerability that Apple took too long to plug. Charlie Miller has never once been able to remotely hack into a Macintosh computer without social engineering. Keep in mind, especially at Pwn2Own, he's never been able to hack it until the third day when he gets to instruct someone else.
I will say though, I really don't like scum like him who go to conventions to hack systems for nothing more than notoriety (they get paid very little in comparison) when they could be working for these companies and helping them improve the situation. It's like seeing a person who has the skills to be a world class doctor instead spend his life playing video games.
Yeah... This is a teflon coating over the armor...
we know that even the best suit of armor can have weak spots. and while the hits have been on torrent users and such, malware for the Mac does exist. and the more press the OS gets the more someone might be inclined to try a hand at making some.
so protection is a good thing. and I would much rather it was built in than I have to go and pay someone to get it (lord knows we all paid enough for our computers as it is)
Come on, AI. It was WIDELY reported that that note was in reference to OS 9, was horrendously out of date, and it only resurfaced because it was updated. It's reference in this article is dubious at best.
Get it together.
Wrong. While that tech was a little over a year out of date, it was in reference to OS X.
-kpluck
The security isn't perfect. But its good enough that i'll spend my life worrying about other things; like backups... and perhaps getting struck by lightening.
Don't more people get struck by lightening each year than suffer from Mac malware?
The security isn't perfect. But its good enough that i'll spend my life worrying about other things; like backups... and perhaps getting struck by lightening.
I think this is wise. Sure malware isn't a big threat now but what about tomorrow?
Once you get the reputation as susceptible to malware it doesn't go away easily. Witness Windows and all the Apple bashing on the matter.
PS And I'm not out to argue with you although we've been on opposite ends on several debates here lately.
And as for trojans, a major problem is that operating systems allow programs to run with the full permissions of the user. This is ridiculous. Software is not a tool like a wrench, whose purpose and actions are transparent to the user. Software should be considered as an avatar of the programmer, whose purpose and actions can only be guessed at. Therefore they should each run with access permissions of a guest, depending on the purpose for which they claim.
Socially engineering is superior to antivirus/malware software. People too often think "I'm protected" because this software will protect them.
just today I had to reply back to warn 7 friends that they were spreading what an old prof called 'social malware'. what is that, some ask. easy. any of those 'forward to everyone you know' emails. 99.9% of the time they are bogus warnings that, if followed, will do more harm than good. like the registry virus on XP a few years ago that was actually a legit file which once removed caused your computer to not start up if you turned it off/back on, restarted etc
This feature isn't a rumor, it's specifically mentioned on Amazon.
From Amazon's lengthy description of snow leopard:
Defense against viruses and malware.
Innocent-looking files downloaded over the Internet may contain malicious applications, or malware, in disguise. That's why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, Mac OS X alerts you, then warns you the first time you open one. You decide whether to open the application or cancel the attempt. And Mac OS X can use digital signatures to verify that an application hasn't been changed since it was created.
old feature. As pointed out the diff is that now it is not just looking for executables, it is apparently scanning them for potential malware code. and warning folks if it finds something amiss
especially when they are the FIRST systems routinely cracked during the well publicized hacking contests.
part of the reason for that is that the base code is public knowledge being that it's from open source projects. so the first step of having to reverse engineer the software is pretty much done.
Part of the consternation here is that it's assumed that this is an admission of some sort by Apple, that a massive tide of malware is just around the corner, and which is fodder for Windows users who want to cause a stir and intrpret it that way.
Whereas in reality, there is no evidence whatsever that we won't have another 8 years of blissful, virus-free and worry-free computing.
agreed. the base code is very complex and even when you understand it, it is not easy to write Mac OS malware. this difficulty combined with the lower level of chaos compared to the Windows world is why folks aren't writing more malware.
we know that even the best suit of armor can have weak spots. and while the hits have been on torrent users and such, malware for the Mac does exist. and the more press the OS gets the more someone might be inclined to try a hand at making some.
so protection is a good thing. and I would much rather it was built in than I have to go and pay someone to get it (lord knows we all paid enough for our computers as it is)
The correct response to a vulnerability is to fix the weakness in the OS and everywhere a similar weakness can take place. Unix has had this process in place for years and, in spite of the fact that the world's most valuable data is all held on, and passes through, unix servers, it is Windows that gets beaten regularly.
Once commentators start to recommend anti-virus, the pressure will come off Apple to fix their security weaknesses and the vicious cycle of weakness will build. There is a need to be fundamentalist about the core functions of an OS. These include that fact that it is the responsibility of the OS to be in charge, at all times, of its programs, data and users. No excuses, ever.
This feature isn't a rumor, it's specifically mentioned on Amazon.
From Amazon's lengthy description of snow leopard:
Defense against viruses and malware.
Innocent-looking files downloaded over the Internet may contain malicious applications, or malware, in disguise. That's why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, Mac OS X alerts you, then warns you the first time you open one. You decide whether to open the application or cancel the attempt. And Mac OS X can use digital signatures to verify that an application hasn't been changed since it was created.
That feature has existed for a while. It doesn't warn you that a file is specifically malware like this screenshot.
The reason they aren't any viruses for Macs is the hax0rs all own Macs and actually like them.
That said it wouldn't take much to make a crippling virus targetting OS X - especially when they are the FIRST systems routinely cracked during the well publicized hacking contests.
Correct. That is a good point.
Rixstep, as usual, is right on.
http://rixstep.com/2/20090826,00.shtml
Esp. the part where they guess about the motives by Intego... make people think Mac OS X is just as insecure as Microshit and they won't switch. 99.99% better isn't perfect, as we all know, but if you can sow just a little doubt and fear you'll keep people shelling out $39.99/yr for an AV subscription.
"Based on an analysis of a corresponding preferences file called XProtect.plist, it appears that the feature checks for only two known Mac trojans. And it only flags those files if they were downloaded from the internet using Entourage, iChat, Safari, and a handful of other applications"
http://www.theregister.co.uk/2009/08...re_protection/
Which is kinda what I expected. Apple can update the plist file with any new malware using Software Update. Since Mac malware is so few and far between, it would be no problem for Apple to add the one or two files per year that are discovered. Any application that uses the OS's standard functions for downloading and opening disk image files (Safari, Mail, etc) will get the protection. That should cover the vast majority of threat vectors. Mac malware on optical discs, thumb drives, etc is pretty unlikely.
If we ever need to use anti-virus on a Mac then Apple have failed as an OS maker. So far, so good.
And as for trojans, a major problem is that operating systems allow programs to run with the full permissions of the user. This is ridiculous. Software is not a tool like a wrench, whose purpose and actions are transparent to the user. Software should be considered as an avatar of the programmer, whose purpose and actions can only be guessed at. Therefore they should each run with access permissions of a guest, depending on the purpose for which they claim.
If you honestly believe your first sentence, then you have absolutely no business owning a Macintosh computer. Not having to worry about viruses is certainly nice, but there are numerous other things that make the Mac experience what it is today. Just a few examples:
1) Built-in software that is functional and fun to use with shared libraries to ease workflow, not forty thousand two week trials of nothing bloatware.
2) Service that doesn't require speaking to four different companies to fix even the simplest of problems.
3) An operating system employing intuitive design and good looks that doesn't require one to add everything on in pieces (such as data back-up and language packs) or else upgrade to an even more expensive version. An operating system, that along with the iLife suite, comes on ever Mac top to bottom, so that one doesn't have to decide on software differences on top of hardware options.
4) Hardware that is the definition of form complimenting function (and is gorgeous to look at). I can't even begin to explain how many high end Windows notebooks sacrifice battery life for power (a quad core lap-top is worthless if it can't even hold a two hour charge) and think its acceptable to have a body several inches thick or how many Windows all-in-ones that have piss poor video cards joined together with a small amount of soldered on RAM and sometimes a completely pointless touch screen.
5) Amazing integration and ease of use between both first and third party accessories and all of the improved productivity and lack of stress inherent to that system.
If we were to need to run anti-virus it would certainly mean Apple were slacking off, but it would by no means make it an abject failure.
Been running various versions of macosx for over 8 years now, never once caught a virus or spyware, and I am not running antivirus programs or such.
But how can you catch them if you don't have any tools installed?