or Connect
AppleInsider › Forums › Software › Mac OS X › Apple tones down language touting OS X security measures
New Posts  All Forums:Forum Nav:

Apple tones down language touting OS X security measures - Page 3

post #81 of 108
Quote:
Originally Posted by GTR View Post

And he's gone (Maybe).

LL

He will be back. He can't help himself.

Some people are forced by their ego to self-affirmation of their poor decisions due to ignorance. This despite his apparently not being able to comprehend any basic information security concepts or choosing to ignore such.

"More software updates means they must be doing something right. My contractor, electrician and plumber have made trips every week to make repairs to the house they built for me seven years ago. My house must be better than everyone else's."
Edited by MacBook Pro - 6/25/12 at 9:48pm
post #82 of 108
Quote:
Originally Posted by kustardking View Post

Ho hum - I'll be back in a year, maybe you'll have woken up by then. Once you do, read the link I posted, it'll still be more current than what you presented.

Tell me, mister kustardking… how will you be back in a year if… you are unable to post…?

202

Of course, I joke.
post #83 of 108
Quote:
Originally Posted by Tallest Skil View Post

Tell me, mister kustardking… how will you be back in a year if… you are unable to post…?
202
Of course, I joke.

Well ... I did report him for insulting other members. I am not sure why he is still here.
post #84 of 108
Quote:
Originally Posted by MacBook Pro View Post

Aside from said person not reading my posts which clearly indicate that (although Apple has rarely needed the ability to push security updates daily) they have the capability to push security updates daily. As most of us know, there is a vast difference between having the ability to push security updates every day and needing to push security updates every day.

His whole premise of marketshare drives the number of viruses is simply irrational and stupid. He makes no effort to consider how the OS could have an effect on the efforts needed. He gives no explanation why Apple has increased their viruses by 1% for each 1% gain in PC marketshare. He gives no explanation as how Macs had more viruses in the 90s with less marketshare.

By his definition the installed base has absolutely nothing to do with the interest in targeting a platform. It's all about marketshare! That the only relevant metric is how much one has in comparison to another.

Win7 has less infections than WinXP but there are more viruses for Windows than ever before. There hasn't been a drop in the number of viruses just an improvement with MS being able to prevent them. But in his mind there is no protection except to have low marketshare, except that Mac OS X doesn't even have a comparable number of active malware much less viruses.

Finally, where are all the iOS viruses? There were over 150 million iOS-based devices in 2011. Where are all the viruses for it? You count Mac and Apple TV having the same core OS and you have about half the number of Windows licenses sold worldwide. So that's 33% marketshare to 66% between the two and yet I've seen no viruses that are bringing iOS to its knees.

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply
post #85 of 108
Quote:
Originally Posted by SolipsismX View Post

His whole premise of marketshare drives the number of viruses is simply irrational and stupid. He makes no effort to consider how the OS could have an effect on the efforts needed. He gives no explanation why Apple has increased their viruses by 1% for each 1% gain in PC marketshare. He gives no explanation as how Macs had more viruses in the 90s with less marketshare.
By his definition the installed base has absolutely nothing to do with the interest in targeting a platform. It's all about marketshare! That the only relevant metric is how much one has in comparison to another.
Win7 has less infections than WinXP but there are more viruses for Windows than ever before. There hasn't been a drop in the number of viruses just an improvement with MS being able to prevent them. But in his mind there is no protection except to have low marketshare, except that Mac OS X doesn't even have a comparable number of active malware much less viruses.
Finally, where are all the iOS viruses? There were over 150 million iOS-based devices in 2011. Where are all the viruses for it? You count Mac and Apple TV having the same core OS and you have about half the number of Windows licenses sold worldwide. So that's 33% marketshare to 66% between the two and yet I've seen no viruses that are bringing iOS to its knees.

Considering that Apple's customer demographic is more urban, more educated and earns more money as a result, Apple systems should be a prime target for exploits. Of course, there are many possible explanations why Apple customers aren't exploited via malicious software but, given the ever broadening demographics as well as considerable and increasing market share, the privacy and security measures provided by Apple is the most likely explanation.
Edited by MacBook Pro - 6/25/12 at 10:09pm
post #86 of 108
Quote:
Originally Posted by GadgetCanada View Post

I'm sure after the Australia 4G advertising lawsuit, Apple's lawyers scoured all of the promotional material to see what could be future lawsuit material. If anyone lost any data to a Mac virus and Apple is saying "to protect your data, do nothing", it's an automatic lawsuit. Going forward, I'm sure all advertising will be going through the lawyers for a final check.

There are NO Mac viruses in the wild!

Quote:
Originally Posted by Quadra 610 View Post

PR. They had to. 

 

The average user doesn't know the difference between "trojan" and "virus" and "malware." In fact, Joe Lunchbox lumps everything into the "virus" category. 

 

Next time a trojan shows up for OS X (we get one or two every few years, Lol) they'll scream "virus!!!"  and there goes the neighbourhood.

And whereas media coverage about the precious few pieces of OS X malware in the past was next to nonexistent, Apple's brand name has

garnered more attention over the past few years than ever. Count on the news about next trojan (maybe sometime next year)

to clog tech news sites and mainstream news outlets. 

 

Apple doesn't need to deal with that kind of bullish*t. Can't blame them for modifying the PR blurb.

It wasn't necessary, but the possibility for negative PR arising from consumer misunderstanding (or rather, ignorance) is far too great. 

Exactly!

Quote:
Originally Posted by elmsley View Post

It's perfectly reasonably for Joe Lunchbox to think so.  Whether it's a worm or virus, or an STD, he doesn't care, "It just doesn't work, fix it" he yells.

 

Regardless, his understanding should be that "OS X doesn't need extra anti-viral software, because Apple will issue a security update ASAP if there is anything wrong".  It really doesn't make sense that they would need to teach us anything too technical. 

 

Should I be worried about my iOS running on 'unsecure wireless networks' yet?

No it's not so reasonable. I'm an administrator for my small office and i have to deal with a few people constantly telling them how to best behave or how to do common sense computing, and guess what those people are exactly the ones that are technologically challenged. Those people always disregard my suggestions or advice and thus i had to proceed to lock down even more. So in conclusion if the average Joe,"doesn't care" i say f$*$@ him and his problems sometimes because he didn't care from the get go. Now he's just paying for his own stupidity, recklessness and lack of decent IT knowledge.

 
 
Back to topic:
 
I'll post some great resources for everybody that still thinks that OS market share has a direct correlation to the malware pool for it:
 
post #87 of 108
Secunia has issued a total of 4 Secunia advisories in 2012 for Apple Macintosh OS X. Currently, 0% (0 out of 4) are marked as unpatched. Notably, in the case of Apple Mac OS X, advisories are compiled together.


Secunia has issued a total of 15 Secunia advisories in 2012 for Microsoft Windows 7. Currently, 0% (0 out of 15) are marked as unpatched.

Secunia has issued a total of 15 Secunia advisories in 2012 for Microsoft Windows Vista. Currently, 0% (0 out of 15) are marked as unpatched.

Secunia has issued a total of 11 Secunia advisories in 2012 for Microsoft Windows XP Home Edition. Currently, 0% (0 out of 11) are marked as unpatched.

Secunia has issued a total of 16 Secunia advisories in 2012 for Microsoft Windows XP Professional. Currently, 19% (3 out of 16) are marked as unpatched with the most severe being rated Less critical


You simply don't need as many patches when your product isn't riddled with vulnerabilities.
Edited by MacBook Pro - 6/26/12 at 5:20am
post #88 of 108
270




270

270

270

270
post #89 of 108
Quote:
Originally Posted by nicolbolas View Post

Apple needs to get serious about security fast.  At least they are not being so crazy about how safe it is.

 

I hope Apple gets security build back up to when it had a smaller market-share.

 

Sadly i think it will not happen.

 

My bigger concern is now that most OSX users are much less careful than most Windows users....

 

:(

Yeah... no. You clearly don't know what you are talking about. Since the release of Lion Apple has been so serious about security I'm wondering if they have obsessive compulsive disorder.

 

Older versions of OSX back when Apple had a smaller market share had the worst security you could imagine and were far easier to break into. Windows 7 and even Ubuntu had better security than OSX Leopard and Snow Leopard by a considerable degree.

 

OSX Lion, on the other hand, has had all of its security features go through a Major overhaul. ASLR in OSX was vastly improved and is now on par with the implementations in Windows7. The Non-Executable bit has had some little tweaks made to it and, of course, you have the BSD-UNIX permissions system. Even if you manage to get past the ASLR you'll end up in the Application Sandbox and it is nearly impossible to get out of a sandboxed environment (like Google Chrome, only for the entire OS).

 

This is why I upgraded to OS Lion the day it came out.

 

To put it simply:

Lion is Fort Knox inside another Fort Knox.

Snow Leopard is a car parked on the street where the owner forgot to lock the door. But you're not quite sure if its unlocked or not when you walk past it.

Leopard is your house with a neon sign above it saying "We don't lock our doors or own an alarm. Keys to the Audi are in the vase in the hall".

... at night.

Reply

... at night.

Reply
post #90 of 108
Quote:
Originally Posted by benanderson89 View Post

To put it simply:
Lion is Fort Knox inside another Fort Knox.
Snow Leopard is a car parked on the street where the owner forgot to lock the door. But you're not quite sure if its unlocked or not when you walk past it.
Leopard is your house with a neon sign above it saying "We don't lock our doors or own an alarm. Keys to the Audi are in the vase in the hall".

Now that's not the case… lol.gif Not a bad analogy, though.
post #91 of 108
Quote:
Originally Posted by ChiA View Post

 

If Windows was so battle hardened and perfect it would be impenetrable.  Yet with Windows 7 still requires antivirus because Windows 7 vulnerable to 8 out of 10 viruses.

 

Even Microsoft acknowledges that its current Windows 7 requires anti-virus software: 

 

How can I help protect my computer from viruses?

 

Yet after 10 years and millions of users, we're yet to see a single virus affect Mac OS X.  True it has been affected by malware, but not the deluge that engulfs the Windows world.

 

The real problem is this:

many (most?) OSX users have never had to deal with viruses/moved from PC and have stopped dealing with them.  

 

People who use OSX are *generally* not very well prepared to deal with an influx of viruses.

People who use Windows are *generally* prepared to deal with the viruses.

 

Also note, Many Windows users have AV programs, which stop viruses.... not so many for OSX.

 

The thing about Windows, is that Microsoft issues patches very frequently for viruses. I believe the last huge one that hit OSX had been patched in Windows for a month or something before Apple did anything about it.  

It is an issue of users who in general are less prepared to deal with viruses, and a company which does not have a much experience in dealing with viruses.

 

The issue becomes a problem because OSX is gaining enough market share that it may become more profitable to target solely OSX. Why?

1. in general people with OSX are richer as most Windows machines are cheaper than Macs.

2. in general people using OSX are more likely to be tricked by viruses/not worry about them

3. Apple is very slow (so far) in responding to viruses that affect many people.

 

 

If you want to debate this further please PM me :)!

 

EDIT: added reply to this post:

 

 

Quote:
Originally Posted by benanderson89 View Post

Yeah... no. You clearly don't know what you are talking about. Since the release of Lion Apple has been so serious about security I'm wondering if they have obsessive compulsive disorder.

 

Older versions of OSX back when Apple had a smaller market share had the worst security you could imagine and were far easier to break into. Windows 7 and even Ubuntu had better security than OSX Leopard and Snow Leopard by a considerable degree.

 

OSX Lion, on the other hand, has had all of its security features go through a Major overhaul. ASLR in OSX was vastly improved and is now on par with the implementations in Windows7. The Non-Executable bit has had some little tweaks made to it and, of course, you have the BSD-UNIX permissions system. Even if you manage to get past the ASLR you'll end up in the Application Sandbox and it is nearly impossible to get out of a sandboxed environment (like Google Chrome, only for the entire OS).

 

This is why I upgraded to OS Lion the day it came out.

 

To put it simply:

Lion is Fort Knox inside another Fort Knox.

Snow Leopard is a car parked on the street where the owner forgot to lock the door. But you're not quite sure if its unlocked or not when you walk past it.

Leopard is your house with a neon sign above it saying "We don't lock our doors or own an alarm. Keys to the Audi are in the vase in the hall".

 

I do not upgrade OSX often.... so yes, you may be right about newer version.

 

however, is the majority of OSX running Lion?

 

and being on Par with Windows 7 is nothing special... my bigger concern as noted above is that Apple took so much longer to fix the vulnerability, I believe it was about a month after Microsoft fixed the problem, and announced it in its patch....

 

As a note, if i ever stop using a thinkpad for work (cough when i have to buy another computer.... WHY YOU STOP USING 16:10 LENOVO!!!) I will be sure that any Mac i get will have Lion or better :)


Edited by nicolbolas - 6/26/12 at 12:01pm

PC means personal computer.  

i have processing issues, mostly trying to get my ideas into speech and text.

if i say something confusing please tell me!

Reply

PC means personal computer.  

i have processing issues, mostly trying to get my ideas into speech and text.

if i say something confusing please tell me!

Reply
post #92 of 108
Quote:
Originally Posted by nicolbolas View Post

 

The real problem is this:

many (most?) OSX users have never had to deal with viruses/moved from PC and have stopped dealing with them.  

 

People who use OSX are *generally* not very well prepared to deal with an influx of viruses.

People who use Windows are *generally* prepared to deal with the viruses.

 

Also note, Many Windows users have AV programs, which stop viruses.... not so many for OSX.

 

The thing about Windows, is that Microsoft issues patches very frequently for viruses. I believe the last huge one that hit OSX had been patched in Windows for a month or something before Apple did anything about it.  

It is an issue of users who in general are less prepared to deal with viruses, and a company which does not have a much experience in dealing with viruses.

 

The issue becomes a problem because OSX is gaining enough market share that it may become more profitable to target solely OSX. Why?

1. in general people with OSX are richer as most Windows machines are cheaper than Macs.

2. in general people using OSX are more likely to be tricked by viruses/not worry about them

3. Apple is very slow (so far) in responding to viruses that affect many people.

 

 

If you want to debate this further please PM me :)!

 

EDIT: added reply to this post:

 

 

I do not upgrade OSX often.... so yes, you may be right about newer version.

 

however, is the majority of OSX running Lion?

 

and being on Par with Windows 7 is nothing special... my bigger concern as noted above is that Apple took so much longer to fix the vulnerability, I believe it was about a month after Microsoft fixed the problem, and announced it in its patch....

 

As a note, if i ever stop using a thinkpad for work (cough when i have to buy another computer.... WHY YOU STOP USING 16:10 LENOVO!!!) I will be sure that any Mac i get will have Lion or better :)

 

Every single one of these points has been covered earlier by a post in this very thread.

 

Did you even read before posting?

Smoke me a kipper. I'll be back for breakfast.
Reply
Smoke me a kipper. I'll be back for breakfast.
Reply
post #93 of 108
Quote:
Originally Posted by nicolbolas View Post

People who use Windows are *generally* prepared to deal with the viruses.

No, they generally aren't. I've found that most people think that having AVS installed means they are protected. They don't realize that they need to keep the app and virus definitions up to date. You'd be amazed by how many companies I've been to that don't even have up to date definitions on their AVS.
Edited by SolipsismX - 6/27/12 at 12:30am

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply
post #94 of 108
Quote:
Originally Posted by SolipsismX View Post

No, they generally aren't. I've found that most people think that having AVS installed means they are protected. They don't realize that they need to keep the app and virus definitions up to date. You've be amazed by how many companies I've been to that don't even have up to definitions on their AVS.
Not only this but people forget that AV software just like any kind of software has it's own vunerabilities that can be exploited. That's one of the reason i don't encourage AV on Macs
post #95 of 108

To be honest I am surprised that Apple managed to make such misleading "virus" claims for such a long time.

 

The earlier campaigns that mentioned the 114000 windows viruses were disingenuous in the extreme. In one sentence Apple define all windows malware as viruses but in the following sentance that definition changes to virus in its strictest sense when saying that there were no OSX viruses.

 

The flaw in such a strategy was that if they wanted to be honest abut the relative merits of security on both platforms, they would have had to say, for example, "windows has a lot of malware but we have much less". That doesn't sound as reassuring as "buy a MAC, you don't need to do anything to be 100% safe"

 

Sure there are no known OSx viruses but the marketing department were chopping and changing the meanings of words in an attempt to convince owners that OSx is bullet proof when Apple knew it wasn't.

 

The recent rewording is welcomed but still stretches the truth. Apple now claim that it is not possible to become a victim of malware without one intentionally installing malicious code. If I were a Flashback victim I'd be pretty hacked off at the suggestion that I infected my MAC intentionally.

 

I don't know if there will ever be a true OSx virus but until Apple start to be honest about exploits/worms/trojans etc, owners will refuse to take adequate steeps to protect themselves. Perhaps the amendments are part of a gradual move to be more open and honest about security with Apple slowly digging themselves out of the "OSX is bullet proof" hole.


Edited by hungover - 6/27/12 at 1:53am
post #96 of 108
Quote:
Originally Posted by SolipsismX View Post


Win7 has less infections than WinXP but there are more viruses for Windows than ever before. There hasn't been a drop in the number of viruses

 

With out the aid of a time machine, how could the number of viruses ever drop?

post #97 of 108
Quote:
Originally Posted by AndreiD View Post


Not only this but people forget that AV software just like any kind of software has it's own vunerabilities that can be exploited. That's one of the reason i don't encourage AV on Macs

Not sure what you mean when you say that AV can be exploited, do you have any examples?

 

I guess another problem with AV is that owners don't realise that no one product will suffice (nor that there are lags). Different firms will treat "suspect" software differently, for example when the scumbags at Micro Billing Systems started to hijack the PCs of people that had visited porn sites, none of the big AV vendors were willing to treat it as malware, even though it rendered the PC unusable, because MBS argued that users had agreed to the ToCs and it was therefore not malware.

 

That said, I personally think one is morally obliged to secure their computer.

post #98 of 108
Quote:
Originally Posted by hungover View Post

Not sure what you mean when you say that AV can be exploited, do you have any examples?

I guess another problem with AV is that owners don't realise that no one product will suffice (nor that there are lags). Different firms will treat "suspect" software differently, for example when the scumbags at Micro Billing Systems started to hijack the PCs of people that had visited porn sites, none of the big AV vendors were willing to treat it as malware, even though it rendered the PC unusable, because MBS argued that users had agreed to the ToCs and it was therefore not malware.

That said, I personally think one is morally obliged to secure their computer.


Here is a quick, easy list of 47 known exploits of various anti-malware software implementations, in particular this is the results of a search for "Sophos" which offers a well known security suite for Mac OS X.

Are you suggesting that Mac users should be obligated to use software that removes malware targeted at Microsoft Windows operating systems thus causing Mac users to experience performance issues and open potential exploits on their systems as well?
Edited by MacBook Pro - 6/27/12 at 5:11am
post #99 of 108
Quote:
Originally Posted by hungover View Post

Not sure what you mean when you say that AV can be exploited, do you have any examples?

 

I guess another problem with AV is that owners don't realise that no one product will suffice (nor that there are lags). Different firms will treat "suspect" software differently, for example when the scumbags at Micro Billing Systems started to hijack the PCs of people that had visited porn sites, none of the big AV vendors were willing to treat it as malware, even though it rendered the PC unusable, because MBS argued that users had agreed to the ToCs and it was therefore not malware.

 

That said, I personally think one is morally obliged to secure their computer.

Read this paper pls! The net is abundant of such papers or publications regarding AV software vulnerabilities and exploits.

 

Your second paragraph captures a small part of AV software weakness. Other vulnerabilities are more technically oriented.

 

Your last statement is a no brainer though! Of course everyone is morally obliged to secure their computer but that's an ideal statement. Not everyone is capable by itself of securing their own computer and not everyone cares about it or has the power to let an expert do it (e.g. a technologically challenged secretary). Moreover, everyone should first practice safe computing, common sense, reality awareness etc. before weighing the benefits and disadvantages of using AV products or other scanners/malware.

post #100 of 108
Quote:
Originally Posted by AndreiD View Post

Read this paper pls! The net is abundant of such papers or publications regarding AV software vulnerabilities and exploits.

Your second paragraph captures a small part of AV software weakness. Other vulnerabilities are more technically oriented.

Your last statement is a no brainer though! Of course everyone is morally obliged to secure their computer but that's an ideal statement. Not everyone is capable by itself of securing their own computer and not everyone cares about it or has the power to let an expert do it (e.g. a technologically challenged secretary). Moreover, everyone should first practice safe computing, common sense, reality awareness etc. before weighing the benefits and disadvantages of using AV products or other scanners/malware.

Frankly, I feel I am morally obligated to help disadvantaged users of poor quality software truly understand how their poor choices have made them vulnerable. The best way to help those individuals is to not use any software on my system designed to protect those individuals rather than myself.
post #101 of 108
Quote:
Originally Posted by MacBook Pro View Post


Here is a quick, easy list of 47 known exploits of various anti-malware software implementations, in particular this is the results of a search for "Sophos" which offers a well known security suite for Mac OS X.
Are you suggesting that Mac users should be obligated to use software that removes malware targeted at Microsoft Windows operating systems thus causing Mac users to experience performance issues and open potential exploits on their systems as well?

Thanks for the link MBP

 

From reading the info contained in your link, most of the so called exploits seem to related to the inability of AV software to scan compressed files (unless I missed something). I had initially assumed that you were refering to exploits which actively manipulated the software to do the bidding of others. Sorry I don't understand which exploits will occur as a result of MAC users having AV installed- could you elaborate please. 

 

Never-the-less though, I don't see why accepting that AV programs will not always find malware is justification for never using them. surely something that catches 99.9% is better than no protection.

 

I don't accept that you are being asked to install AV just for the benefit of windows users, MAC malware exists, as evidenced by FlashBack. Had more MAC owners had AV then the problem might have been dealt with quicker. On a wider note perhaps AV software should indeed target all malware, irrespective of the target OS. Knowing that AV software will target your malware might make the scapegraces think twice about hacking web and ,mail servers.

 

Refusing to have AV, as a matter of principle, because the users of an alternative OS might gain some benefit sounds extremely childish.  I agree that AV software did have a noticeable impact on computers years ago but if you are concerned that it will be akin to pouring treacle on your machine then perhaps it is time you upgraded.

post #102 of 108
Quote:
Originally Posted by AndreiD View Post

Read this paper pls! The net is abundant of such papers or publications regarding AV software vulnerabilities and exploits.

 

Your second paragraph captures a small part of AV software weakness. Other vulnerabilities are more technically oriented.

 

Your last statement is a no brainer though! Of course everyone is morally obliged to secure their computer but that's an ideal statement. Not everyone is capable by itself of securing their own computer and not everyone cares about it or has the power to let an expert do it (e.g. a technologically challenged secretary). Moreover, everyone should first practice safe computing, common sense, reality awareness etc. before weighing the benefits and disadvantages of using AV products or other scanners/malware.

Hi Andre

 

i did read through your link, tbh I probably still don't know what fuzzy is, err.. other than the sensation related to excess alcohol consumption.

 

I wasn't trying to suggest that AV scanners are the be all and end all of security but that they should be part of it.  

 

With regard to the wider question of personal responsibility, it is regrettable that it is socially acceptable to proudly pronounce that one is IT illiterate, by contrast we would mock anyone that says "I don't read so gud". Hopefully if all of the major OS vendors were more honest about the weaknesses in their systems, we, as the public would eventually become more proactive and alert. When one of the biggest players in the market uses slight of hand to make it look as though they provide an option that is impregnable people will believe them and flock to them under the impression that they can be as cavalier as they want.

 

As with insurance scams, we are all the victims of malware, either directly or indirectly, it hits all of our wallets to a degree

post #103 of 108
Quote:
Originally Posted by hungover View Post

Hi Andre

i did read through your link, tbh I probably still don't know what fuzzy is, err.. other than the sensation related to excess alcohol consumption.

I wasn't trying to suggest that AV scanners are the be all and end all of security but that they should be part of it.  

With regard to the wider question of personal responsibility, it is regrettable that it is socially acceptable to proudly pronounce that one is IT illiterate, by contrast we would mock anyone that says "I don't read so gud". Hopefully if all of the major OS vendors were more honest about the weaknesses in their systems, we, as the public would eventually become more proactive and alert. When one of the biggest players in the market uses slight of hand to make it look as though they provide an option that is impregnable people will believe them and flock to them under the impression that they can be as cavalier as they want.

As with insurance scams, we are all the victims of malware, either directly or indirectly, it hits all of our wallets to a degree

I agree. So sad that Google has so many robots convinced that Android and Google Play are safe when they clearly are not.

How is this not clear, "Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function."

You seem to not understand that anti-malware applications actually have vulnerabilities themselves.

By the way, what is MAC? Are you referring to a MAC Address?
Edited by MacBook Pro - 6/27/12 at 7:10pm
post #104 of 108
Quote:
Originally Posted by MacBook Pro View Post


Frankly, I feel I am morally obligated to help disadvantaged users of poor quality software truly understand how their poor choices have made them vulnerable. The best way to help those individuals is to not use any software on my system designed to protect those individuals rather than myself.

I agree!

 

@hungover: You have to take into account that AV software in itself as MacBook Pro stated can open doors to exploits (vulnerabilities). Don't think as AV or any other malware scanner for that matter, is a "magical barrier" as those companies that created them would like you to think of. It's not anything magical neither barrier neither shield or anything, it's just a pice of software, just as the OS itself but scaled a lot down and with a more focused purpose. Having said that you have to understand that software, just as everything else in nature is not perfect, is not without flaw and without vulnerabilities. So given those arguments even if one decides to install and run AV software on a computer, even for the 0,0001% potential threats that are out there NOW  he in fact opens up another door to other potential exploits. I't like trying to patch a whole in the tire but in the mean time when applying the patch possibly create another hole in the patch itself (if that's easier to comprehend as an analogy).

 

Moreover, please read this well put article also. Especially focus on the Prophylaxis not Always a Panacea. Better yet i'll quote the article directly:

 

 

 

Quote:

Similarly, because there are no known signatures for Mac viruses (because no viruses yet exist), there is no way to prevent infections that might be developed. The security software would have to be updated to provide any protection, but that update mechanism also serves as a potential vector for distributing elements of malicious attacks, either directly or by opening up potential new vulnerabilities.

Were there some real, plausible risk of Mac viruses being developed (say, you operated a large lab of Macs that served as a valuable target for attackers), it might make some sense to install anti-virus tools so that you could mitigate damage once a threat was discovered. It also might make some sense for some institutions to install tools that limit what software its users can install.

However, for home users, Mac anti-virus makes no sense whatsoever. All it can possibly do is slow down the system, add some irritating interruptions, and provide a false sense of security while actually undermining real security by adding new layers of potential vulnerabilities. Very targeted attacks, ones that might exploit a vulnerability to gain access to your system, are not preventable with anti-virus software that only scans for known patterns of malicious software.

Really, how useful is it to install anti-virus software that can realistically only stop you from installing software you should know better than to attempt to install in the first place, whether it’s the pirated version of Photoshop or the pirated version of iWork or an unknown anti-virus package from the web? Yes, those are the four fearsome malware examples Goodin cited as his “rising tide” of Mac malware, and which, coincidentally, Intego cites as the reasons to buy its Mac software.

Of course, the security experts at Kaspersky, Symantec, Intego, and others don’t want you to know that. They want you to read scary articles like those that regularly appear on CNETWired, and the Register, which are based on press releases issued by those vendors, all suggesting that Macs are really damn close to being dangerous to use, and that their products are really critical for your continued safety.

Because when you’re in the business of fear, an educated population is the worst thing you can imagine, and a lazy media content with republishing your press releases is your only hope in preventing that from happening.

That's the same story with the Flashback trojan. When it hit some macs (i highly doubt it was anything close to 600.000) please understand AV software couldn't do squat about it because there were no signatures of the trojan available. As the quoted article states:  imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn’t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.

 

post #105 of 108
Quote:
Originally Posted by AndreiD View Post

I agree!

 

@hungover: You have to take into account that AV software in itself as MacBook Pro stated can open doors to exploits (vulnerabilities). Don't think as AV or any other malware scanner for that matter, is a "magical barrier" as those companies that created them would like you to think of. It's not anything magical neither barrier neither shield or anything, it's just a pice of software, just as the OS itself but scaled a lot down and with a more focused purpose. Having said that you have to understand that software, just as everything else in nature is not perfect, is not without flaw and without vulnerabilities. So given those arguments even if one decides to install and run AV software on a computer, even for the 0,0001% potential threats that are out there NOW  he in fact opens up another door to other potential exploits. I't like trying to patch a whole in the tire but in the mean time when applying the patch possibly create another hole in the patch itself (if that's easier to comprehend as an analogy).

 

Moreover, please read this well put article also. Especially focus on the Prophylaxis not Always a Panacea. Better yet i'll quote the article directly:

 

 

 

That's the same story with the Flashback trojan. When it hit some macs (i highly doubt it was anything close to 600.000) please understand AV software couldn't do squat about it because there were no signatures of the trojan available. As the quoted article states:  imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn’t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.

 

Would you advocate that people keep their life savings under their bed, afterall we know that safes and banks have vulnerabilites that can be exploited. Having to visit the ATM or turn the tumbler on a safe might be an added inconvinience but IMO it is a "neccessary evil".

 

I don't recall suggesting that AVS is a magic bullet but I still contend that it should be part of a wider approach to security.

 

It is interesting that you quote an out of date article; the (flawed) crux of which is that AVS is not neccessary because the only way to infect a Mac is via pirated software. It points to the fact that AVS definition updates can be hijacked, such AVS vulnerabilities have been cited on numberous occassions throughout this thread yet to date no one has been able to provide a recent real world example of AVS corrupting a computer after having been comprimised in such a way.

 

I disagree that AVS would have offered no protection at all from FlashBack. With any brand new "virus" there will initially a number of owners running AVS that are infected but other users will be protected once the definitions are released. In the example of FlashBack the major AV vendors were able to offer Mac owners protection long before Apple.

 

The way in which viruses are spread has changed over the years; initially via floppies and later via email. The email threat has been reduced by the use of AV software at both the the server and desktop level. Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits). Malware is the responsibility of not just end users but also OS vendors and service providers. It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive, fortunately this is a philosophy that apple seem to be adopting but until they take that extra step and say we recommend that you, the owner, use some kind of malware protection the wider Mac community will  continue to wheel out the same tired arguments.   

 

The entrenched position of some owners is a akin to the freeloading principle adopted by parents who refuse to inoculate their infants. Why risk the health of your child when you know that odds of contracting a disease is mitigated by the other parents who have taken that risk for the collective good?

post #106 of 108
Quote:
Originally Posted by MacBook Pro View Post


I agree. So sad that Google has so many robots convinced that Android and Google Play are safe when they clearly are not.
How is this not clear, "Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function."
You seem to not understand that anti-malware applications actually have vulnerabilities themselves.
By the way, what is MAC? Are you referring to a MAC Address?

???

 

savonaccessfilter.sys - Local Users Gain Elevated Privileges
 

I thought that the conversation was about viruses. All of a sudden you are concerned about someone using your computer locally. At the risk of bursting your bubble, anyone with local access can harvest your personal data... regardless of which OS you have.

 

Do you really need to ask what a MAC is or are you incredibly insecure? Should I ask you to clarify whether your use of the word Mac is a reference to Apple computers or apparel commonly worn by men who like to expose themselves?

post #107 of 108
Quote:
Originally Posted by hungover View Post

Would you advocate that people keep their life savings under their bed, afterall we know that safes and banks have vulnerabilites that can be exploited. Having to visit the ATM or turn the tumbler on a safe might be an added inconvinience but IMO it is a "neccessary evil".

 

I don't recall suggesting that AVS is a magic bullet but I still contend that it should be part of a wider approach to security.

 

It is interesting that you quote an out of date article; the (flawed) crux of which is that AVS is not neccessary because the only way to infect a Mac is via pirated software. It points to the fact that AVS definition updates can be hijacked, such AVS vulnerabilities have been cited on numberous occassions throughout this thread yet to date no one has been able to provide a recent real world example of AVS corrupting a computer after having been comprimised in such a way.

 

I disagree that AVS would have offered no protection at all from FlashBack. With any brand new "virus" there will initially a number of owners running AVS that are infected but other users will be protected once the definitions are released. In the example of FlashBack the major AV vendors were able to offer Mac owners protection long before Apple.

 

The way in which viruses are spread has changed over the years; initially via floppies and later via email. The email threat has been reduced by the use of AV software at both the the server and desktop level. Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits). Malware is the responsibility of not just end users but also OS vendors and service providers. It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive, fortunately this is a philosophy that apple seem to be adopting but until they take that extra step and say we recommend that you, the owner, use some kind of malware protection the wider Mac community will  continue to wheel out the same tired arguments.   

 

The entrenched position of some owners is a akin to the freeloading principle adopted by parents who refuse to inoculate their infants. Why risk the health of your child when you know that odds of contracting a disease is mitigated by the other parents who have taken that risk for the collective good?

Haha don't even get me started with the banking sector d-bate. In many ways keeping your money under the sofa in those troubled times can be safer than depositing them to a bank. Ask Lehman Brothers! :) Not a very good analogy though and for the sake of not entering the banking sector d-bate let's discuss on another analogy.

 

Quoting an out of date article is still better than not quoting anything in the first place (i.e.: smacking around words). Nobody said the article is fresh as home cooked bread and nor does it have to be. With regard to your request for a "real world example" this thing can spin both ways meaning no one has been able to show a real world example of why Apple computers need AV software. 

 

Regarding your definitions comments, i'm telling you again: the definitions will only help you if your lucky enough to be susceptive to get infected after you get the AV definitions updated.That's sometimes days or weeks after a 0 day malware is out on the market and widely known. 

 

Can you please provide some facts to this statement: 

 

Quote:
Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits).

?

 

 

I agree with this: It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive; HOWEVER proactive doesn't really mean or rely on AV software. For me proactive defines avoiding social engineering techniques (what recently happened for some Macintosh users) by practicing common sense, reality awareness and others such measures. In fact if you're not proactive with those things first, it's kind of useless to having AV installed, as if you're fooled into installing something that you should know it's strange or fishy or forbidden (see porn apps/ sites), then it's in vane the AV software will yell this and that and you still disregard it and any kind of common sense. 

 

With regard to this:  ...we recommend that you, the owner, use some kind of malware protection; I SIMPLY CAN'T agree with you for 2 reasons:

1. Apple is being diligent enough to offer software protection out of the box: gatekeeper, sandbox, malware definitions etc. No need right now for any other user or third party software.

2 and most important: there is no self-replicating malware out there in the wild for Macs.

 

Regarding your last paragraph see the above 2 reasons and the fact that you don't compare apples with apples (pun intended). You compare Apple with Oranges, meaning you probably assume that PC-Windows users having so much indoctrination with using AV software (and based on good reasons) that it became almost a religion on the Windows world, that implies that those PC users in fact protect also the other community of Mac users. If that's what you implied then the analogy you provided is false because in this case it's not children playing with other children, it's children playing with monkeys. Knowing scientifically that monkey diseases cannot pass to humans (don't take it literally please) there's no reason to inoculate human infants. In fact you can't even do it because to inoculate someone you'd have to know what you inoculate him against. Not knowing that = impossible to develop a vaccine.

post #108 of 108
Quote:
Originally Posted by AndreiD View Post

Haha don't even get me started with the banking sector d-bate. In many ways keeping your money under the sofa in those troubled times can be safer than depositing them to a bank. Ask Lehman Brothers! :) Not a very good analogy though and for the sake of not entering the banking sector d-bate let's discuss on another analogy.

 

Quoting an out of date article is still better than not quoting anything in the first place (i.e.: smacking around words). Nobody said the article is fresh as home cooked bread and nor does it have to be. With regard to your request for a "real world example" this thing can spin both ways meaning no one has been able to show a real world example of why Apple computers need AV software. 

 

Regarding your definitions comments, i'm telling you again: the definitions will only help you if your lucky enough to be susceptive to get infected after you get the AV definitions updated.That's sometimes days or weeks after a 0 day malware is out on the market and widely known. 

 

Can you please provide some facts to this statement: 

 

?

 

 

I agree with this: It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive; HOWEVER proactive doesn't really mean or rely on AV software. For me proactive defines avoiding social engineering techniques (what recently happened for some Macintosh users) by practicing common sense, reality awareness and others such measures. In fact if you're not proactive with those things first, it's kind of useless to having AV installed, as if you're fooled into installing something that you should know it's strange or fishy or forbidden (see porn apps/ sites), then it's in vane the AV software will yell this and that and you still disregard it and any kind of common sense. 

 

With regard to this:  ...we recommend that you, the owner, use some kind of malware protection; I SIMPLY CAN'T agree with you for 2 reasons:

1. Apple is being diligent enough to offer software protection out of the box: gatekeeper, sandbox, malware definitions etc. No need right now for any other user or third party software.

2 and most important: there is no self-replicating malware out there in the wild for Macs.

 

Regarding your last paragraph see the above 2 reasons and the fact that you don't compare apples with apples (pun intended). You compare Apple with Oranges, meaning you probably assume that PC-Windows users having so much indoctrination with using AV software (and based on good reasons) that it became almost a religion on the Windows world, that implies that those PC users in fact protect also the other community of Mac users. If that's what you implied then the analogy you provided is false because in this case it's not children playing with other children, it's children playing with monkeys. Knowing scientifically that monkey diseases cannot pass to humans (don't take it literally please) there's no reason to inoculate human infants. In fact you can't even do it because to inoculate someone you'd have to know what you inoculate him against. Not knowing that = impossible to develop a vaccine.

We seem to be in accordance on some points but then appear to suffer from differing opinions as to which end of the egg to break open first. For example, I admit that I was unaware that OSx now scans incoming files and assesses them according to file signatures. That strikes me as being a postivie step on Apple's behalf, indeed I would go so far as to call it AVS  (likening it to Windows Defender). Frankly I don't care which vendor is offering AVS protection so long as it exists. It does however seem to make (some of) your reservations about AVS moot.

 

I am not sure why you considered that you need to stress the fact that there is no self-replicating malware out there in the wild for Macs. I agree with you and have not suggested otherwise. I have attempted to use the term virus in inverted commas in an attempt to make it clear that i am referring to malware in general. Thus far it has been Apple that has chopped and changed the definition to suit which ever marketing ploy they are adopting, thereby forcing devotees to qualify that they are discounting proof of concept viruses or other forms of malware.

 

Off hand I am unable to provide concrete evidence that the web has become the key route for the distribution of malware but for the reasons mentioned previously I am happy to accept that the statement is feasible. I questioned the validity of the site that you quoted given that it predates much of the recent (but "rare") Mac malware.

 

With regard to my inoculation analogy- I concede that if we use the term virus in it's strictest sense then my point is flawed, if however we are using the term to refer to malware then (IMO) it stands.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Apple tones down language touting OS X security measures