Flashback discoverer bucks claims of malware's decline

2»

Comments

  • Reply 21 of 36
    jragostajragosta Posts: 10,473member


     


    Quote:

    Originally Posted by jnjnjn View Post





    "sampling" could mean that they have websites that infect systems via the same method.

    The number of Macs hit in this way is multiplied by some estimate of the hit rate of the 'security' firm web site compared to the hit rate of the 'real' phishing sites.

    At best this will be a very inaccurate estimate, at worst it's absolutely bogus.

    J.


     


    If you were correct, there are several problems:

     


    1. Artificially infecting systems to determine what some other trojan might do is illegal. So why should we pay attention to a criminal enterprise?

    2. The effectiveness of a trojan is dependent on how appealing the enticement is. If they put their trojan on web sites that are more (or less) appealing than the actual ones used, the results would be meaningless.


    3. In the original article, they cited infection rates in some countries as low as 0.1% in some cases. Doing so and reporting data from many countries suggests that they would have had to infect many hundreds of thousands of systems to get the data they need.


     


    The whole thing sounds bogus.

  • Reply 22 of 36
    jnjnjnjnjnjn Posts: 588member
    jragosta wrote: »
    <p> ... The whole thing sounds bogus.</p>

    I agree.
  • Reply 23 of 36
    aaarrrggghaaarrrgggh Posts: 1,608member
    brlawyer wrote: »
    <p> It's funny how most of these "security" companies come from a country widely known for its (i) transparency and (ii) low corruption levels and (iii) extremely low incidence of hacking activities... ;)</p>

    It is also known for having a high concentration of security researchers.

    I would caution people to not take these things lightly. Apple's model creates a much more significant attack vector since so much of their ecosystem is in a default state, with common applications and therefore common attack vectors.

    I just wish I had a better idea of how to protect things in a general case-- getting a Cisco ASA for home just seems stupid and ineffective overkill.
  • Reply 24 of 36
    Shoot the messenger.

    I just hope that not many good guys turn bad. There does not seem much room at the inn.
  • Reply 25 of 36
    jnjnjnjnjnjn Posts: 588member
    aaarrrgggh wrote: »
    I just wish I had a better idea of how to protect things in a general case-- getting a Cisco ASA for home just seems stupid and ineffective overkill.

    Default ok, I would say.
    You could activate the firewall, deinstall java, stop using flash, browse with as little permission for Safari as possible, only install from the app store, update automatically and install little snitch, to be extremely save.

    J.
  • Reply 26 of 36
    colinngcolinng Posts: 115member
    One way to monitor traffic is to sniff the traffic on their own network. They sniff all the packets, put an infected Mac on the network, and see what it's trying to do, to whom it is communicating with.
  • Reply 27 of 36
    stelligentstelligent Posts: 2,680member


     


    Quote:

    Originally Posted by colinng View Post



    One way to monitor traffic is to sniff the traffic on their own network. They sniff all the packets, put an infected Mac on the network, and see what it's trying to do, to whom it is communicating with.


     




    That's not how they're not doing it. If you're such an expert, try your own sniffing - as in reading! You should be able to figure out their method.


     


     

  • Reply 28 of 36
    jragostajragosta Posts: 10,473member


     


    Quote:

    Originally Posted by aaarrrgggh View Post





    It is also known for having a high concentration of security researchers.

    I would caution people to not take these things lightly. Apple's model creates a much more significant attack vector since so much of their ecosystem is in a default state, with common applications and therefore common attack vectors.

    I just wish I had a better idea of how to protect things in a general case-- getting a Cisco ASA for home just seems stupid and ineffective overkill.


     


    I'm not saying that one should take reports seriously.




    However, THIS report has a lot of red flags that make the conclusions very questionable. I listed some of them above.

  • Reply 29 of 36
    An interesting and far reaching interpretation.
  • Reply 30 of 36
    hungoverhungover Posts: 603member


     


    Quote:

    Originally Posted by brlawyer View Post


    It's funny how most of these "security" companies come from a country widely known for its (i) transparency and (ii) low corruption levels and (iii) extremely low incidence of hacking activities... ;)



     


    Intego, who first identified the Flashback variant are French.


     


    Symantec are American and now agree with DrWeb that the number sits at 600 000.


     


    Are you really suggesting that this is a global conspiracy?


     


     

  • Reply 31 of 36
    rkevwillrkevwill Posts: 224member


    Yup, they all want to sell Mac anti virus software, which would NOT have stopped this from happening. Best possible thing they can do is have software that will remove these kinds of things after they become known.

  • Reply 32 of 36
    maximaramaximara Posts: 305member


     


    Quote:

    Originally Posted by jnjnjn View Post





    Default ok, I would say.

    You could activate the firewall, deinstall java, stop using flash, browse with as little permission for Safari as possible, only install from the app store, update automatically and install little snitch, to be extremely save.

    J.


     




    I have always used Firefox with the no script addon with an free antivirus program (Sophos and ClamXav current).  Oh regarding the app store it's version of ClamXav doesn't have ClamXav Sentry while the one from the site does.


     


    As for that "server run by an unidentified third party" claim taking a sampling of the list of contacts at http://contagiodump.blogspot.com/2012/04/i-have-been-tracking-infections-too-and.html produces a very interesting pattern if you throw them at http://www.ip-adress.com/whois/.

  • Reply 33 of 36
    usr1usr1 Posts: 1member


    Both Dr Web and Kaspersky are well-known in Russia, but Parallels is not even though all three are Russian companies. So what if one company targets international market and another one targets national one.


    It remains to be seen who's right and who's wrong, antiviral companies will always tend to somewhat overestimate threats, I just hope OS X will not force everyone to "MacStore-only" security model when "security through minority" does not prove to be effective any more.

  • Reply 34 of 36
    pbpb Posts: 4,234member


     


    Quote:

    Originally Posted by usr1 View Post

    ... I just hope OS X will not force everyone to "MacStore-only" security model when "security through minority" does not prove to be effective any more.


     


    The "security through obscurity" motto has been definitely debunked in the other discussion by the researches themselves who follow the malware evolution on the Mac platform:


     


    "As we correctly predicted back in May, Mac malware has not scaled continuously due to market share, but rather, is more the result of opportunist "bubble economies" that have produced new threats in fits and starts," researchers said


     


    What increased market share naturally does, is to increase the interest of the malware programmers but this is not translated necessarily to more malware available in the wild. Besides, Mac OS X has much more market share than the classic Mac OS ever had, and this the moment when malware can propagate like a wild fire through the internet. Nevertheless, the classic Mac OS had about 50 known actual and functioning malware including viruses, in an era when internet was barely present, while we have yet to see a single virus under Mac OS X. The system architecture is obviously what makes all the difference here. Therefore, the "security through obscurity" motto, although it contains a truth in the sense I explained previously, it is really overblown out of proportion.

  • Reply 35 of 36
    Everyone of any worth has agreed for days that Dr Web is right.

    Some readers have a tendency to be dated.
  • Reply 36 of 36
    tallest skiltallest skil Posts: 43,399member

    Quote:

    Originally Posted by aBeliefSystem View Post

    Everyone of any worth has agreed for days that Dr Web is right. Some readers have a tendency to be dated.


     


    Ah, so I'm of no worth. Got it.

Sign In or Register to comment.