Symantec: Snake Oil Salesmen
I really can't stand these guys:
http://www.theregister.co.uk/2005/09...threat_report/
It's bad enough that their "software" was ranked 2 out of 10 by C-Net:
http://reviews.cnet.com/4864-3667_7-...44&ctype=msgid
Now they're warning us of OS X and Firefox vulnerabilities.
They expect us to subscribe to the fallacy that OS X is more secure that Windows simply because less people are using it than Windows and therefore less hackers are looking to exploit it. This ignores several important differences between OS X and Windows:
1) OS X users don't run the administrator or "root" account by default and are therefore not browsing the internet as "root", as they are in Windows.
2) There is no such thing as a executable installer file in OS X that is emailable. All OS X programs are folders which can't be executed as an email attachment.
3) All installer files are actually zipped archives, which means that mallicious OS X hackers would have to depend entirely on social engineering to get their victims infected.
4) There is no way for OS X viruses to propogate via addressbooks, for the reasons outlined above.
Still, Norton needs to sell their "anti-virus" for OS X, which I hear is just horrible.
These numbskulls, who obviously wouldn't know a good anti-virus program if it whacked them over the head with a two-by-four, feel compelled to sell Mac users a program that is absolutely 100% useless, given the 100% lack of viruses for that OS (that is, outside of Symantec's "labs", of course).
And their arguments against Firefox are equally disengenuous. The number of reported vulnerabilities for Firefox being higher than IE has nothing to do with the severity of those vulnerabilities. Also, it stands to reason, that with Firefox's source code being open, there would be more vulnerabilities to discover than with IE, whose source code is completely closed.
So what's the moral of the story, kids? Don't buy snake oil from snake oil salesmen.
http://www.theregister.co.uk/2005/09...threat_report/
It's bad enough that their "software" was ranked 2 out of 10 by C-Net:
http://reviews.cnet.com/4864-3667_7-...44&ctype=msgid
Now they're warning us of OS X and Firefox vulnerabilities.
They expect us to subscribe to the fallacy that OS X is more secure that Windows simply because less people are using it than Windows and therefore less hackers are looking to exploit it. This ignores several important differences between OS X and Windows:
1) OS X users don't run the administrator or "root" account by default and are therefore not browsing the internet as "root", as they are in Windows.
2) There is no such thing as a executable installer file in OS X that is emailable. All OS X programs are folders which can't be executed as an email attachment.
3) All installer files are actually zipped archives, which means that mallicious OS X hackers would have to depend entirely on social engineering to get their victims infected.
4) There is no way for OS X viruses to propogate via addressbooks, for the reasons outlined above.
Still, Norton needs to sell their "anti-virus" for OS X, which I hear is just horrible.
These numbskulls, who obviously wouldn't know a good anti-virus program if it whacked them over the head with a two-by-four, feel compelled to sell Mac users a program that is absolutely 100% useless, given the 100% lack of viruses for that OS (that is, outside of Symantec's "labs", of course).
And their arguments against Firefox are equally disengenuous. The number of reported vulnerabilities for Firefox being higher than IE has nothing to do with the severity of those vulnerabilities. Also, it stands to reason, that with Firefox's source code being open, there would be more vulnerabilities to discover than with IE, whose source code is completely closed.
So what's the moral of the story, kids? Don't buy snake oil from snake oil salesmen.
Comments
"...and describing Mac fans as living in a 'false paradise'. "
If a 'false paradise' means 5+ years of a maturing operating system with still no viruses, spyware, malware, etc., then great.
"...as a noteworthy number of vulnerabilities and attacks were detected against Apple Mac?s operating system, OS X..."
Ok, what are they?
"...OS X was an emerging target for attack."
What is the basis or evidence to support this claim?
"While the number of vendor-confirmed vulnerabilities in OS X has remained relatively constant during the last two reporting periods [12 months], Symantec predicts this could change in the future."
No way! And Iraq could have had WMDs and ties to Al Qaeda!
"Symantec?s analysis on a rootkit (OSX/Weapox) reveals it is designed to take advantage of OS X. This particular trojan demonstrates that as OS X increases in popularity, so too will the scrutiny it receives from potential attackers."
Rootkits exist on a variety of *NIX's, of course there's going to be one for OS X. How you're going to install the rootkit is another story.
It's interesting that Symantec is dogging the little guy in this article. Both Mac OS X and Mozilla have a very small marketshare compared to Microsoft Windows and Internet Explorer, respectively. Sure, OSS has vulnerabilities. But it also has thousands of eyes all looking at the same code, and things get fixed faster.
Microsoft still doesn't understand security, which is why Symantic has a market. Why does XP ship with 6 ports open? Why does the XP setup assistant created a Guest account, and why does it allow you to create an Admin account with no password? What were they thinking when they made ActiveX? Why have almost one third of IE vulnerabilities still not been fixed since 2003? Why does Microsoft bombard users with dialogues saying, "Are you really sure you don't not want to continue!? This could be a security risk!" [Yes] [No] [Cancel] [X]
There is no excuse. Everyone at symantec should be ashamed.
Are they trying to be SCO or something? Why not just lie and sue people to get money?
Originally posted by JavaCowboy
1) OS X users don't run the administrator or "root" account by default and are therefore not browsing the internet as "root", as they are in Windows.
I have only one account on my Mac, the one I created at the start, that's the one I log in as, is this wrong? Or is there a hidden root user?
In the meantime pretty much everyone casually ignores that the real cause of all this trouble is Microsoft?s success at making a standard of a on operating system that is buggy, poorly written and inherently insecure by design. But don?t expect anyone on Symantec?s payroll to say that, which is only logical ? they don?t want to cut the branch they sit on ? and quite comfortably so. Nevertheless, their eager FUD spreading always makes me sick.
It?s a very important point about Bill ? he reaps billions but he lets other small fish live. Think of thousands of tech reps who?s only skill is fixing buggy Windows registries etc. and who have jobs thanks to Bill. I'm pretty sure they realize who they owe. Same goes for anti-vir peddlers. They live in an ecosystem created by Bill, they evolved in it ? they don?t thrive outside of his ocean, because for them there is no food elsewhere. I still remember their lame attempts to establish themselves on Linux in the late 90-ies. But as you can imagine those efforts (clearly a result of a CEO?s bright idea to ?diversify into other markets?) slowly died out, because there are no dangerous viruses on Linux to fight. Same applies to OS X, which is based on the same proven Unix concepts.
The retards at the Help Desk here at URI handed out/mailed every student virus CDs which had mac virex on them. That has actually hosed a few iBooks I've had to deal with. My higher ups there insist it is necessary and that macs "do have viruses." What the FUCK. I was like ok I'll bet you $50. Show me one. One.
Originally posted by Aquatic
The retards at the Help Desk here at URI handed out/mailed every student virus CDs which had mac virex on them. That has actually hosed a few iBooks I've had to deal with. My higher ups there insist it is necessary and that macs "do have viruses." What the FUCK. I was like ok I'll bet you $50. Show me one. One.
Well Macs don't have viruses, not that I know of. And yes we can choose not to let "Hello.yourebuggered.worm" access our root files.
The trouble is there is a possibility that we could incubate and accidently send one in an email or something. They are trying to protect the Windows user out there. Which pees me off because I have been told by the university that I am going to next week that I need anti-virus software too if I want access to the network with my PowerBook.
I used to run Virex on Panther, but now I have Tiger, I have been running without an AV. Last week I installed ClamXav on my system, which is a free anti-virus app based on a ClamAV backend. Does anyone know if this is any good or not? I haven't done a scan, but I don't know whether I can trust it or not. Any thoughts would be appreciated.
Originally posted by Not Unlike Myself
The sky is falling!
Even NPR
Originally posted by danielctull
Well Macs don't have viruses, not that I know of. And yes we can choose not to let "Hello.yourebuggered.worm" access our root files.
The trouble is there is a possibility that we could incubate and accidently send one in an email or something. They are trying to protect the Windows user out there. Which pees me off because I have been told by the university that I am going to next week that I need anti-virus software too if I want access to the network with my PowerBook.
I used to run Virex on Panther, but now I have Tiger, I have been running without an AV. Last week I installed ClamXav on my system, which is a free anti-virus app based on a ClamAV backend. Does anyone know if this is any good or not? I haven't done a scan, but I don't know whether I can trust it or not. Any thoughts would be appreciated.
This is the parts that hacks me off. They expect Mac users to foot the bill for something to protect against Windows inherent insecurity. I've never run AV software on the Mac and I don't plan on it. I like Kickaha's cookie analogy.
Originally posted by fng
Can someone confirm for me that there are no Mac OS X viruses? I told this to a windows "IT" person and he assured me that there were. I know there are known exploits but AFAIK none of these have been used to make an actual virus.
If he's so sure then have him name one.
Don't you think someone would love to give the Mac using world a black eye with a nice nasty virus if they could?
All I've heard of is some sketchy proof-of-concepts that never seem to amount to anything. The Unix world is an entirely different beast from the Windows world.
Did AV software exist prior to Windows? (I don't think so)
There have only been trojan horses and a couple of root kits.
If your IT guy tells you otherwise, you probably need a new IT guy.
Originally posted by Bancho
I like Kickaha's cookie analogy.
Cookie analogy?
Originally posted by danielctull
Cookie analogy?
Sorry, I think it's in another thread.
Originally posted by Kickaha in some other thread
Of course, there's also the point that you shouldn't be trying to run things from untrusted sources in the *first* place.
I tell people "Imagine that application is a cookie. Now, if your friend hands you a cookie, you're probably going to feel safe eating it. If you just found it laying in the road though, you might feel differently. Think before you force feed that cookie to your computer."
That generally gets the point across.
Yes, that's exactly right.
Confession time: I ran Windows XP SP1 on my computer with an always on internet connection and no AV program for 6-10 months. Did I get viruses? Nope. Okay I had a router between me and the net for protection, but apart from that it was common sense. Am I the only one who truly believes he could run Win XP without an AV program and survive? I'll go out on one here and say you have to be exceptionally ignorant to get infected, even on a Windows machine. Surely the router prevents unsolicited things getting in, meaning you have to actually run a virus for it to do harm. Or can they get through on their on with Windows?
I'm happy to say my dad's just got a PowerBook after 9 months of nagging him, and although he never had virus trouble on Windows, I'm sure his chances have been dropped massively.
Originally posted by fng
Can someone confirm for me that there are no Mac OS X viruses? I told this to a windows "IT" person and he assured me that there were. I know there are known exploits but AFAIK none of these have been used to make an actual virus.
that IT person is either a run-of-the-mill-rubber-stamp-MCSE-bot or a total dumbass (they are usualy one in the same)
Dont take their advice and DO NOT let them touch your stuff...EVER
There is no honor lost by saying "Macs arent my feild, I don't really know"
I have only one account on my Mac, the one I created at the start, that's the one I log in as, is this wrong? Or is there a hidden root user?
Yes, the root user is usually hidden in Mac OS X. Regular users in Mac OS X don't have root permissions by default (doesn't Mac OS warn you if you log in using the "root" username?). That's why things that modify system files (e.g. Software Update) have to ask permission: they don't have the required permission by default.
A month ago, we got a new PentiumD-based computer, and it came bundled with Norton. My dad installed it, and again, I had trouble getting it off, after getting really pissed off at the never ending useless popups.
McAfee is the way to go, although it has irritating popups too. At least it leaves when you tell it to.