Mac OS X is the Canada or Norway of OSes... Quiet, delightfully boring, and sane. Drop your paranoid desire for antivirus software at customs. Learn to relax and not live in fear. Surf freely. Check your mail, and click on the attachments. It's all good.
I receive 100's of emails per day, and have used norton. It never found a single virus until I plugged in an external drive from a PC I knew had some viruses on it.
Oh, you poor person. Has someone convinced you that it's wrong for you to have certainty?
No, there is nothing wrong with certainty, but as causation tells you, past doesn't prove anything about the future, macs first bad virus can be right behind the corner. All it takes is one bad virus. Also that attitude some mac people seem to give around web is so annoying, that that alone might be enough for someone to invest in creating that first mac virus. So far macs have been out of professionals scope, but who knows how long. The proof of concept trojans already show that nothings perfect, and never will be. I never try to say never, because eventually it will be proven wrong. Talking reasonably about macs incomparable security over windows is fine for me, but saying to someone to stop worrying and ignoring all potential threats, just because nothing has happened before, is just downright stupid.
No, there is nothing wrong with certainty, but as causation tells you, past doesn't prove anything about the future, macs first bad virus can be right behind the corner. All it takes is one bad virus. Also that attitude some mac people seem to give around web is so annoying, that that alone might be enough for someone to invest in creating that first mac virus. So far macs have been out of professionals scope, but who knows how long. The proof of concept trojans already show that nothings perfect, and never will be. I never try to say never, because eventually it will be proven wrong. Talking reasonably about macs incomparable security over windows is fine for me, but saying to someone to stop worrying and ignoring all potential threats, just because nothing has happened before, is just downright stupid.
Let me explain why it's unlikely that a malicious piece of software is so hard to create. Aside from some software that asks and gets permission from the operator to install, you will probably never have the situation you have with windows:
1. DOS and then Windows was a single user system. This has continued right up to XP and possible even Vista (because of compatibility with legacy windows). What this means is a user can and does usually have Admin access to important files or other users files. Although in XP and 2000 you can tighten it up, XP has an admin account but by default the password is blank. On your Mac or Unix/Linux system try to access files in your "system' folder and others. You can read but not save or create new ones. This is a safeguard built right in.
Unix was developed as a multi-user system from the beginning and security was not just a second thought.
2. Unix has been around since computers. It is proven and has been constantly improved by many programmers and network experts.
3. Every file has permissions for the owner of the file, the group it belongs to, and anyone else. Each of those have read, write or execute permissions assigned to them.
4. If a malicious attacker does gain a connection to your system, that program or person must then guess your root user's or other username and password in order to do ANYTHING on your system.
So you ask... "Is it possible that these measures can be bypassed?" Sure, anything is possible. But in this case, it is highly unlikely without an absolute failure on the user end or setup of the machine.
OSX does a good job of forcing the user to setup his/her root account and reminding the user that a password is necessary.
We're not being cocky, it's a fact with most 'Nix'es.
Let me explain why it's unlikely that a malicious piece of software is so hard to create. Aside from some software that asks and gets permission from the operator to install, you will probably never have the situation you have with windows:
1. DOS and then Windows was a single user system. This has continued right up to XP and possible even Vista (because of compatibility with legacy windows). What this means is a user can and does usually have Admin access to important files or other users files. Although in XP and 2000 you can tighten it up, XP has an admin account but by default the password is blank. On your Mac or Unix/Linux system try to access files in your "system' folder and others. You can read but not save or create new ones. This is a safeguard built right in.
Unix was developed as a multi-user system from the beginning and security was not just a second thought.
2. Unix has been around since computers. It is proven and has been constantly improved by many programmers and network experts.
3. Every file has permissions for the owner of the file, the group it belongs to, and anyone else. Each of those have read, write or execute permissions assigned to them.
4. If a malicious attacker does gain a connection to your system, that program or person must then guess your root user's or other username and password in order to do ANYTHING on your system.
So you ask... "Is it possible that these measures can be bypassed?" Sure, anything is possible. But in this case, it is highly unlikely without an absolute failure on the user end or setup of the machine.
OSX does a good job of forcing the user to setup his/her root account and reminding the user that a password is necessary.
We're not being cocky, it's a fact with most 'Nix'es.
And yet still, severe data crimes are not unheard of in unix world, but that wasn't not my point, no matter how secure OS is, it's never 100% secure, and letting your self lull into the false sense of security is just ignorance. preparing for the worse has never hurt anyone. I do realize that current mac virus scans are probably helpless when the first virus appears, but keeping eye in security news is still wise.
And yet still, severe data crimes are not unheard of in unix world, but that wasn't not my point, no matter how secure OS is, it's never 100% secure, and letting your self lull into the false sense of security is just ignorance. preparing for the worse has never hurt anyone. I do realize that current mac virus scans are probably helpless when the first virus appears, but keeping eye in security news is still vice.
Do you care to back up your assertions by providing links to stories of an outside hacker or program randomly gaining access to a properly setup "nix" computer?
I'm sorry to challenge you but I haven't heard any. I have heard of plenty of outside attacks and crimes perpetrated against windows networks. But not many if any Unix.
I am curious where you heard these things. Or if you are just making up stuff to support your argument.
Do you care to back up your assertions by providing links to stories of an outside hacker or program randomly gaining access to a properly setup "nix" computer?
I'm sorry to challenge you but I haven't heard any. I have heard of plenty of outside attacks and crimes perpetrated against windows networks. But not many if any Unix.
I am curious where you heard these things. Or if you are just making up stuff to support your argument.
For example Secunia lists past threats for FreeBSD and Solaris most are already patched, but they still existed. Secunia also lists threats for Mac OS X. 21% of threats lead to system access and 14% to privilege escalation and 12% exposure to sensitive info, doesn't sound too good to me. Apple has been very good in patching these, but my point still stands, better safe than sorry.
Let me explain why it's unlikely that a malicious piece of software is so hard to create. Aside from some software that asks and gets permission from the operator to install, you will probably never have the situation you have with windows:
1. DOS and then Windows was a single user system. This has continued right up to XP and possible even Vista (because of compatibility with legacy windows). What this means is a user can and does usually have Admin access to important files or other users files. Although in XP and 2000 you can tighten it up, XP has an admin account but by default the password is blank. On your Mac or Unix/Linux system try to access files in your "system' folder and others. You can read but not save or create new ones. This is a safeguard built right in.
Unix was developed as a multi-user system from the beginning and security was not just a second thought.
2. Unix has been around since computers. It is proven and has been constantly improved by many programmers and network experts.
3. Every file has permissions for the owner of the file, the group it belongs to, and anyone else. Each of those have read, write or execute permissions assigned to them.
4. If a malicious attacker does gain a connection to your system, that program or person must then guess your root user's or other username and password in order to do ANYTHING on your system.
So you ask... "Is it possible that these measures can be bypassed?" Sure, anything is possible. But in this case, it is highly unlikely without an absolute failure on the user end or setup of the machine.
OSX does a good job of forcing the user to setup his/her root account and reminding the user that a password is necessary.
We're not being cocky, it's a fact with most 'Nix'es.
And you are not alone in your belief
Let me quote Apple Computer Inc. ...
"PC 114,000 Viruses - Mac ... 0 Viruses"
Now that is a bit more than coincidence or sales figures I suspect.
The bottom line is, since there are no known viruses, any "anti-virus" utility used on Mac OS X will have a completely blank database.
So what the hell is the utility doing? What is it scanning for? Rhetorical question - it is scanning for OS Classic viruses, Office macro VBA viruses, and WIndows viruses in email attachments.
My feeling has always been that if one Windows user wants to send a virus to another, they are more than welcome to use my Mac as an intermediary. It's not my responsibility to waste my time and CPU cycles trying to help these people fix their Windows bullshit. They made their choice and will even loudly defend it - so let them reap the consequences.
For example Secunia lists past threats for FreeBSD and Solaris most are already patched, but they still existed. Secunia also lists threats for Mac OS X. 21% of threats lead to system access and 14% to privilege escalation and 12% exposure to sensitive info, doesn't sound too good to me. Apple has been very good in patching these, but my point still stands, better safe than sorry.
How many actual viruses?
No-one is arguing that there are not vulnerabilities and theoretical vulnerabilities or people to exploit them. How many real "in the wild" viruses for these platforms?
Or better yet how many "potential" vulnerabilities get exploited successfully by a virus? Compare that with windows.
And don't give this crap "Viruses are less common in Unix because it is less widely distributed" I will submit that all the hype and the extent this subject is so passionately argued by people like yourself, gives the person that finally writes a successful virus that much more glory, and thus more motivation create it, rather than just another windows virus.
Let's just say you invent a method for getting in and running a virus, or better yet, invent a self-executing a virus for unix, do you know how fast that door will shut? So fast your head will spin. There are so many unix geeks out there and the network that supports them is extensive.
You also seem to forget also the open source community and network that is in place right now. If a vulnerability exists, say in an OSX update, do you realize how fast these things are found?
I will take this opportunity to speak for all the Mac heads here...
We all recognize that all computers are vulnerable to attack. That's a given. We also KNOW that using a Unix based system is the best defense against such viruses. And we all most likely, feel that OSX is the most usable 'nix' out there. You and others can and will tell yourself that OSX or BSD or Solaris is just as likely to get viruses, because you know not what you speak of.
It seems to me that he came here and asked about virus protection and the like about OSX. Don't go into denial mode, because you don't like the answers given. I gave you a rundown of why Unix based systems don't readily get attacked and all you can say is "but what if..." or "maybe someday..."
Right now, right here, there are 0 (none, nada, nill) viruses for OSX and despite not being able to find an online count of viruses for windows I know the last time I checked it was around 200,000 not including Spyware/Adware and the average time it takes to get a virus once connected to the internet is like 15-20 minutes for windows. Just so the point gets made even clearer... IF YOUR VIRUS SOFTWARE IS OUT OF DATE JUST 20 MINUTES.... YOU ARE MOST LIKELY INFECTED WITH SOMETHING. I can prove that to you on a daily basis.
So, if you chose to use a Mac for other reasons, let us all say, Congratulation! You made the right choice. Say goodbye to viruses and spyware and having to worry about them. It will never get to the point it has gotten with windows. I think you'll have to accept that.
No-one is arguing that there are not vulnerabilities and theoretical vulnerabilities or people to exploit them. How many real "in the wild" viruses for these platforms?
Or better yet how many "potential" vulnerabilities get exploited successfully by a virus? Compare that with windows.
And don't give this crap "Viruses are less common in Unix because it is less widely distributed" I will submit that all the hype and the extent this subject is so passionately argued by people like yourself, gives the person that finally writes a successful virus that much more glory, and thus more motivation create it, rather than just another windows virus.
Let's just say you invent a method for getting in and running a virus, or better yet, invent a self-executing a virus for unix, do you know how fast that door will shut? So fast your head will spin. There are so many unix geeks out there and the network that supports them is extensive.
You also seem to forget also the open source community and network that is in place right now. If a vulnerability exists, say in an OSX update, do you realize how fast these things are found?
I will take this opportunity to speak for all the Mac heads here...
We all recognize that all computers are vulnerable to attack. That's a given. We also KNOW that using a Unix based system is the best defense against such viruses. And we all most likely, feel that OSX is the most usable 'nix' out there. You and others can and will tell yourself that OSX or BSD or Solaris is just as likely to get viruses, because you know not what you speak of.
It seems to me that he came here and asked about virus protection and the like about OSX. Don't go into denial mode, because you don't like the answers given. I gave you a rundown of why Unix based systems don't readily get attacked and all you can say is "but what if..." or "maybe someday..."
Right now, right here, there are 0 (none, nada, nill) viruses for OSX and despite not being able to find an online count of viruses for windows I know the last time I checked it was around 200,000 not including Spyware/Adware and the average time it takes to get a virus once connected to the internet is like 15-20 minutes for windows. Just so the point gets made even clearer... IF YOUR VIRUS SOFTWARE IS OUT OF DATE JUST 20 MINUTES.... YOU ARE MOST LIKELY INFECTED WITH SOMETHING. I can prove that to you on a daily basis.
So, if you chose to use a Mac for other reasons, let us all say, Congratulation! You made the right choice. Say goodbye to viruses and spyware and having to worry about them. It will never get to the point it has gotten with windows. I think you'll have to accept that.
By all means, keep on preaching the glory of *nix, but don't let it get into your head. At the moment Windows it self is the best selling argument of OSX. I have not said that there are any viruses around now, but telling newbies that there will never be one or preparing for one is waste of time?!? That was my problem.
Nor did I never say that *nix is as vulnerable to security problems as windows is, not even if it gained the popularity it should. All I argumented was that nothing is 100% secure. Nor should it ever be marketed as such. Security should be more of a proactive thing than just damage repair. All I wanted to hear was some constructive statements instead of just telling newbies to forget about it, and apparently it needed playing some devils advocat and counter-argumenting to get people to give proper reasoning.
Yes I've had my fair share of windows problems, even though I know how to prepare. I never had viruses on my own computer(knocking on wood), but had to rescue many others. Security was one of my reasons to make the personal change to mac. I really hope/believe other platforms will never get as bad as it is in windows side now. Hopefully Vista will improve things on that side as well, though I'm not too optimistic about it. Even the best operating system/virus scanner can't remove that one security hole called user. Educating users is also an VERY important security measure, as the recent worms using social engineering have proven. I have no problems accepting the improved security that OSX offers, but still I run everything with lowered priviledges, not because it so far hasn't been safe to run everything as admin, but because it's vice thing to do and because I can.
Will the extant antivirus programs for OS X be able to counter future viruses, considering that, as lundy notes, they won't be in their databases? Do they seek out generic viruses?
Or will everyone who has already installed antivirus software have to download an update once an OS X virus is detected?
In the first case, 2501 is right to get noobs to get antivirus software. In the second, it makes no difference because they'd have to actively install SW to counter a virus just as would those who hadn't installed anything.
Will the extant antivirus programs for OS X be able to counter future viruses, considering that, as lundy notes, they won't be in their databases? Do they seek out generic viruses?
Or will everyone who has already installed antivirus software have to download an update once an OS X virus is detected?
In the first case, 2501 is right to get noobs to get antivirus software. In the second, it makes no difference because they'd have to actively install SW to counter a virus just as would those who hadn't installed anything.
--B
Firstly I'd like to see also mac people to be good citizens of digital world, and if you forward unknown files to other people, please check them for viruses, even though it doesn't affect your computer. I wouldn't want to feel partially quilty infecting my friends computer. Secondly there are no patches for stupid people so social networking malware is still effective, only educating people can fight these kind of problems. Thirdly it's important for people to understand the criticality of the updates, if you teach people that it's not that important to update, because there will never be anything critical anyways. IF/when that furious virus happens to strike it's never too late. Technology savvy people are not likely to get affected, it's usually the careless people who get hit. Spread the knowledge and every one gets less spam. In some occasions ignorance can be bliss, but definitely not in security. I say it again, better safe than sorry.
All I argumented was that nothing is 100% secure. Nor should it ever be marketed as such.
No, nothing is 100% secure. And Apple's recent marketing based on security is perhaps a mistake. Time will tell.
Quote:
All I wanted to hear was some constructive statements instead of just telling newbies to forget about it, and apparently it needed playing some devils advocat and counter-argumenting to get people to give proper reasoning.
As a matter of fact, there is zero malware for Mac OS X today. And thanks to its unix structure, it is unlikely that the situation will change dramatically in the foreseable future. So no, don't bother with anti-virus software and such. Not at this moment at least.
However, this does not mean that there are no measures one can take to better secure a Mac. And I am not talking about viruses etc. Here are some basic safety rules.
(1) Turn on your firewall. If I remember correctly, Tiger has some more advanced firewall control through System Preferences than Panther. So up the protection to max from there.
(2) Do not run an admin account for everyday tasks and work. Admin is just for that, to administer the computer. In my opinion, the fact that the default installation account is an admin one, is something that Apple needs to correct. The installation process should guide the user to create a new normal account for general (non-admin) use, after having finished with the admin one, explaining briefly the reasons.
(3) Do not enable any services unless you need to do so and you know what you are doing. Fortunately, all of them are by default disabled.
(4) If you are going to surf on sites that you don't trust (there is a good deal of garbage out there), have also another normal user account for that, different from your normal work account. So, if anything bad happens, for example execution of a 'rm -rf *' script after opening a downloaded file from an untrusted source, you will not have to worry about your files. All this can do, is to erase the files in the current "internet" or "test" account and nothing more.
(5) If installing an Airport station for internet access is feasible, just do it. And enable the use of locally attributed addresses, which will enable NAT. This, though not 100% bullet proof, will make life hard for everyone who will try to get control of your machine through its IP (which will go now to the wireless station) exploiting some of the many vulnerabilities that, fortunately, Apple patches very quickly. As an extra safety measure, you can not only password-protect your local network, but also enable hardware-based access, according to the MAC address of the wireless card. And of course up to the max all safety option of the wireless station.
Call me paranoid, but this is what I would do today.
No, there is nothing wrong with certainty, but as causation tells you, past doesn't prove anything about the future, macs first bad virus can be right behind the corner. All it takes is one bad virus. Also that attitude some mac people seem to give around web is so annoying, that that alone might be enough for someone to invest in creating that first mac virus. So far macs have been out of professionals scope, but who knows how long. The proof of concept trojans already show that nothings perfect, and never will be. I never try to say never, because eventually it will be proven wrong. Talking reasonably about macs incomparable security over windows is fine for me, but saying to someone to stop worrying and ignoring all potential threats, just because nothing has happened before, is just downright stupid.
You are correct. There may be some new threat to the OS X platform in the future. If it occurs it will be able to exploit some new and unforseen weakness in the current OS. We should be vigilant.
HOWEVER
Running a virus checker won't offer any protection against this eventuality. None whatsoever. It's like taking penecillin every day - to protect you against Aids. It won't work, it won't protect you. Worse still it could damage your health.
Smart users should take actions to prevent viruses spreading and infecting their machines. But running a program which searches every file for Windows viruses is not one of those actions.
You are correct. There may be some new threat to the OS X platform in the future. If it occurs it will be able to exploit some new and unforseen weakness in the current OS. We should be vigilant.
HOWEVER
Running a virus checker won't offer any protection against this eventuality. None whatsoever. It's like taking penecillin every day - to protect you against Aids. It won't work, it won't protect you. Worse still it could damage your health.
Smart users should take actions to prevent viruses spreading and infecting their machines. But running a program which searches every file for Windows viruses is not one of those actions.
C.
Yes, for now running virus scan all the time on mac is just waste of cpu cycles, but running that strange attachment against clamXav is such a small operation for you, but can save you from a lot of bad blood. And what I also tried to say was that you don't really have to be especially smart user, if you just were given proper instructions in the first place. Most people can grasp the idea why to do these things, if taken enough time in explaining. Thinking that spreading your knowledge about things doesn't concern you because you are mac users or thinking that this would never ever happen to macs, so why bother mentality, sounds very irresponsible to me.
By all means, keep on preaching the glory of *nix, but don't let it get into your head.
What are you talking about? Everything I said so far is true and fact. We are not talking about acts of faith here.
Quote:
Originally posted by Project2501
At the moment Windows it self is the best selling argument of OSX.
No. The lack of viruses and vulnerabilities to infection as opposed to windows, is ONE of many selling points for OSX or any other usable 'nix' distros.
Quote:
Originally posted by Project2501
I have not said that there are any viruses around now, but telling newbies that there will never be one or preparing for one is waste of time?!?
Who seriously said that? You're making up stuff again.
Quote:
Originally posted by Project2501
That was my problem. Nor did I never say that *nix is as vulnerable to security problems as windows is, not even if it gained the popularity it should. All I argumented was that nothing is 100% secure. Nor should it ever be marketed as such. Security should be more of a proactive thing than just damage repair. All I wanted to hear was some constructive statements instead of just telling newbies to forget about it, and apparently it needed playing some devils advocat and counter-argumenting to get people to give proper reasoning.
Good backpedaling. Your first post sets the stage...
Quote:
Originally posted by Project2501
Do you guys realize how smug you sound? No wonder people don't like Apple fan boys. No matter how excellent this platform is no-one ever want's to hear anything about it, just because of this attitude. No matter how true it is that not any significant pests work in OSX.
I don't know about anyone else, but that seems to denote that we are rubes that buy anything Apple feeds us. As if the fact that no viruses exist, is simply a side effect of Steve Jobs reality distortion field and it's just a matter of time 'til reality sets in. Your other posts hint to this also.
Quote:
Originally posted by Project2501
Yes I've had my fair share of windows problems, even though I know how to prepare. I never had viruses on my own computer(knocking on wood), but had to rescue many others. Security was one of my reasons to make the personal change to mac. I really hope/believe other platforms will never get as bad as it is in windows side now. Hopefully Vista will improve things on that side as well, though I'm not too optimistic about it. Even the best operating system/virus scanner can't remove that one security hole called user. Educating users is also an VERY important security measure, as the recent worms using social engineering have proven. I have no problems accepting the improved security that OSX offers, but still I run everything with lowered priviledges, not because it so far hasn't been safe to run everything as admin, but because it's vice thing to do and because I can.
So we're in agreement, then? Why call posters "Smug Mac fan-boys"? I don't get it.
Quote:
Originally posted by Project2501
Firstly I'd like to see also mac people to be good citizens of digital world, and if you forward unknown files to other people, please check them for viruses, even though it doesn't affect your computer. I wouldn't want to feel partially quilty infecting my friends computer.
I would argue that Macs are exemplary digital citizens. They don't allow malware to infect them in the first place. This prevents further spreading the virus to every person in its address book. It does not allow itself to be taken over by Trojan downloaders or spyware that infects every computer on a local network. They are by design better digital citizens. Perhaps you should apply your rule to the digital deviants that Microsoft has created.
Quote:
Originally posted by Project2501
Secondly there are no patches for stupid people so social networking malware is still effective, only educating people can fight these kind of problems.
Who died and appointed you hero of the stupid. These are the people that need to learn things the hard way. Why appoint yourself as spokesman for them?
Quote:
Originally posted by Project2501
Thirdly it's important for people to understand the criticality of the updates, if you teach people that it's not that important to update, because there will never be anything critical anyways. IF/when that furious virus happens to strike it's never too late. Technology savvy people are not likely to get affected, it's usually the careless people who get hit. Spread the knowledge and every one gets less spam. In some occasions ignorance can be bliss, but definitely not in security. I say it again, better safe than sorry.
Fine, educate till your face is blue, no-one here faults you for that. However, most of the posts here were rather helpful, some were humorous, and then a few were sarcastic. You took the opportunity to attack the "smug Mac fan-boys" and to imply ignorance to the threat of invasion. You don't believe this, do you? Is it possible that we choose to continue to use a Mac BECAUSE we realize the threat?
How exactly do you discuss virus and A/V on a mac without mentioning the HUGE fact that there are no viruses for the Man? That's what is happening here. My rundown was for educational purposes, that you now profess to care about, bat you also fluffed that off, in light of your perceived threat of a looming master-virus or something.
You succeeded in getting me riled up, so I guess you accomplished your goal. But what was the point? You knew all this already. perhaps we helped educate someone in the process, right?
Comments
Waisted money IMO.
Originally posted by Project2501
Do you guys realize how smug you sound?
Oh, you poor person. Has someone convinced you that it's wrong for you to have certainty?
Originally posted by iPeon
Oh, you poor person. Has someone convinced you that it's wrong for you to have certainty?
No, there is nothing wrong with certainty, but as causation tells you, past doesn't prove anything about the future, macs first bad virus can be right behind the corner. All it takes is one bad virus. Also that attitude some mac people seem to give around web is so annoying, that that alone might be enough for someone to invest in creating that first mac virus. So far macs have been out of professionals scope, but who knows how long. The proof of concept trojans already show that nothings perfect, and never will be. I never try to say never, because eventually it will be proven wrong. Talking reasonably about macs incomparable security over windows is fine for me, but saying to someone to stop worrying and ignoring all potential threats, just because nothing has happened before, is just downright stupid.
Originally posted by Project2501
No, there is nothing wrong with certainty, but as causation tells you, past doesn't prove anything about the future, macs first bad virus can be right behind the corner. All it takes is one bad virus. Also that attitude some mac people seem to give around web is so annoying, that that alone might be enough for someone to invest in creating that first mac virus. So far macs have been out of professionals scope, but who knows how long. The proof of concept trojans already show that nothings perfect, and never will be. I never try to say never, because eventually it will be proven wrong. Talking reasonably about macs incomparable security over windows is fine for me, but saying to someone to stop worrying and ignoring all potential threats, just because nothing has happened before, is just downright stupid.
Let me explain why it's unlikely that a malicious piece of software is so hard to create. Aside from some software that asks and gets permission from the operator to install, you will probably never have the situation you have with windows:
1. DOS and then Windows was a single user system. This has continued right up to XP and possible even Vista (because of compatibility with legacy windows). What this means is a user can and does usually have Admin access to important files or other users files. Although in XP and 2000 you can tighten it up, XP has an admin account but by default the password is blank. On your Mac or Unix/Linux system try to access files in your "system' folder and others. You can read but not save or create new ones. This is a safeguard built right in.
Unix was developed as a multi-user system from the beginning and security was not just a second thought.
2. Unix has been around since computers. It is proven and has been constantly improved by many programmers and network experts.
3. Every file has permissions for the owner of the file, the group it belongs to, and anyone else. Each of those have read, write or execute permissions assigned to them.
4. If a malicious attacker does gain a connection to your system, that program or person must then guess your root user's or other username and password in order to do ANYTHING on your system.
So you ask... "Is it possible that these measures can be bypassed?" Sure, anything is possible. But in this case, it is highly unlikely without an absolute failure on the user end or setup of the machine.
OSX does a good job of forcing the user to setup his/her root account and reminding the user that a password is necessary.
We're not being cocky, it's a fact with most 'Nix'es.
Originally posted by MachOneFL
Let me explain why it's unlikely that a malicious piece of software is so hard to create. Aside from some software that asks and gets permission from the operator to install, you will probably never have the situation you have with windows:
1. DOS and then Windows was a single user system. This has continued right up to XP and possible even Vista (because of compatibility with legacy windows). What this means is a user can and does usually have Admin access to important files or other users files. Although in XP and 2000 you can tighten it up, XP has an admin account but by default the password is blank. On your Mac or Unix/Linux system try to access files in your "system' folder and others. You can read but not save or create new ones. This is a safeguard built right in.
Unix was developed as a multi-user system from the beginning and security was not just a second thought.
2. Unix has been around since computers. It is proven and has been constantly improved by many programmers and network experts.
3. Every file has permissions for the owner of the file, the group it belongs to, and anyone else. Each of those have read, write or execute permissions assigned to them.
4. If a malicious attacker does gain a connection to your system, that program or person must then guess your root user's or other username and password in order to do ANYTHING on your system.
So you ask... "Is it possible that these measures can be bypassed?" Sure, anything is possible. But in this case, it is highly unlikely without an absolute failure on the user end or setup of the machine.
OSX does a good job of forcing the user to setup his/her root account and reminding the user that a password is necessary.
We're not being cocky, it's a fact with most 'Nix'es.
And yet still, severe data crimes are not unheard of in unix world, but that wasn't not my point, no matter how secure OS is, it's never 100% secure, and letting your self lull into the false sense of security is just ignorance. preparing for the worse has never hurt anyone. I do realize that current mac virus scans are probably helpless when the first virus appears, but keeping eye in security news is still wise.
Edit: correcting misspelled words
Originally posted by Project2501
And yet still, severe data crimes are not unheard of in unix world, but that wasn't not my point, no matter how secure OS is, it's never 100% secure, and letting your self lull into the false sense of security is just ignorance. preparing for the worse has never hurt anyone. I do realize that current mac virus scans are probably helpless when the first virus appears, but keeping eye in security news is still vice.
Do you care to back up your assertions by providing links to stories of an outside hacker or program randomly gaining access to a properly setup "nix" computer?
I'm sorry to challenge you but I haven't heard any. I have heard of plenty of outside attacks and crimes perpetrated against windows networks. But not many if any Unix.
I am curious where you heard these things. Or if you are just making up stuff to support your argument.
http://www.macnn.com/articles/06/03/...ity.challenge/
Is that what you base your position on?
Originally posted by MachOneFL
Do you care to back up your assertions by providing links to stories of an outside hacker or program randomly gaining access to a properly setup "nix" computer?
I'm sorry to challenge you but I haven't heard any. I have heard of plenty of outside attacks and crimes perpetrated against windows networks. But not many if any Unix.
I am curious where you heard these things. Or if you are just making up stuff to support your argument.
http://www.macnn.com/articles/06/03/...ity.challenge/
Is that what you base your position on?
For example Secunia lists past threats for FreeBSD and Solaris most are already patched, but they still existed. Secunia also lists threats for Mac OS X. 21% of threats lead to system access and 14% to privilege escalation and 12% exposure to sensitive info, doesn't sound too good to me. Apple has been very good in patching these, but my point still stands, better safe than sorry.
Originally posted by Project2501
...saying to someone to stop worrying and ignoring all potential threats, just because nothing has happened before, is just downright stupid.
On the contrary, telling someone to worry about potential threats is insanity at work actually.
Originally posted by MachOneFL
Let me explain why it's unlikely that a malicious piece of software is so hard to create. Aside from some software that asks and gets permission from the operator to install, you will probably never have the situation you have with windows:
1. DOS and then Windows was a single user system. This has continued right up to XP and possible even Vista (because of compatibility with legacy windows). What this means is a user can and does usually have Admin access to important files or other users files. Although in XP and 2000 you can tighten it up, XP has an admin account but by default the password is blank. On your Mac or Unix/Linux system try to access files in your "system' folder and others. You can read but not save or create new ones. This is a safeguard built right in.
Unix was developed as a multi-user system from the beginning and security was not just a second thought.
2. Unix has been around since computers. It is proven and has been constantly improved by many programmers and network experts.
3. Every file has permissions for the owner of the file, the group it belongs to, and anyone else. Each of those have read, write or execute permissions assigned to them.
4. If a malicious attacker does gain a connection to your system, that program or person must then guess your root user's or other username and password in order to do ANYTHING on your system.
So you ask... "Is it possible that these measures can be bypassed?" Sure, anything is possible. But in this case, it is highly unlikely without an absolute failure on the user end or setup of the machine.
OSX does a good job of forcing the user to setup his/her root account and reminding the user that a password is necessary.
We're not being cocky, it's a fact with most 'Nix'es.
And you are not alone in your belief
Let me quote Apple Computer Inc. ...
"PC 114,000 Viruses - Mac ... 0 Viruses"
Now that is a bit more than coincidence or sales figures I suspect.
So what the hell is the utility doing? What is it scanning for? Rhetorical question - it is scanning for OS Classic viruses, Office macro VBA viruses, and WIndows viruses in email attachments.
My feeling has always been that if one Windows user wants to send a virus to another, they are more than welcome to use my Mac as an intermediary. It's not my responsibility to waste my time and CPU cycles trying to help these people fix their Windows bullshit. They made their choice and will even loudly defend it - so let them reap the consequences.
Originally posted by Project2501
For example Secunia lists past threats for FreeBSD and Solaris most are already patched, but they still existed. Secunia also lists threats for Mac OS X. 21% of threats lead to system access and 14% to privilege escalation and 12% exposure to sensitive info, doesn't sound too good to me. Apple has been very good in patching these, but my point still stands, better safe than sorry.
How many actual viruses?
No-one is arguing that there are not vulnerabilities and theoretical vulnerabilities or people to exploit them. How many real "in the wild" viruses for these platforms?
Or better yet how many "potential" vulnerabilities get exploited successfully by a virus? Compare that with windows.
And don't give this crap "Viruses are less common in Unix because it is less widely distributed" I will submit that all the hype and the extent this subject is so passionately argued by people like yourself, gives the person that finally writes a successful virus that much more glory, and thus more motivation create it, rather than just another windows virus.
Let's just say you invent a method for getting in and running a virus, or better yet, invent a self-executing a virus for unix, do you know how fast that door will shut? So fast your head will spin. There are so many unix geeks out there and the network that supports them is extensive.
You also seem to forget also the open source community and network that is in place right now. If a vulnerability exists, say in an OSX update, do you realize how fast these things are found?
I will take this opportunity to speak for all the Mac heads here...
We all recognize that all computers are vulnerable to attack. That's a given. We also KNOW that using a Unix based system is the best defense against such viruses. And we all most likely, feel that OSX is the most usable 'nix' out there. You and others can and will tell yourself that OSX or BSD or Solaris is just as likely to get viruses, because you know not what you speak of.
It seems to me that he came here and asked about virus protection and the like about OSX. Don't go into denial mode, because you don't like the answers given. I gave you a rundown of why Unix based systems don't readily get attacked and all you can say is "but what if..." or "maybe someday..."
Right now, right here, there are 0 (none, nada, nill) viruses for OSX and despite not being able to find an online count of viruses for windows I know the last time I checked it was around 200,000 not including Spyware/Adware and the average time it takes to get a virus once connected to the internet is like 15-20 minutes for windows. Just so the point gets made even clearer... IF YOUR VIRUS SOFTWARE IS OUT OF DATE JUST 20 MINUTES.... YOU ARE MOST LIKELY INFECTED WITH SOMETHING. I can prove that to you on a daily basis.
So, if you chose to use a Mac for other reasons, let us all say, Congratulation! You made the right choice. Say goodbye to viruses and spyware and having to worry about them. It will never get to the point it has gotten with windows. I think you'll have to accept that.
Originally posted by MachOneFL
How many actual viruses?
No-one is arguing that there are not vulnerabilities and theoretical vulnerabilities or people to exploit them. How many real "in the wild" viruses for these platforms?
Or better yet how many "potential" vulnerabilities get exploited successfully by a virus? Compare that with windows.
And don't give this crap "Viruses are less common in Unix because it is less widely distributed" I will submit that all the hype and the extent this subject is so passionately argued by people like yourself, gives the person that finally writes a successful virus that much more glory, and thus more motivation create it, rather than just another windows virus.
Let's just say you invent a method for getting in and running a virus, or better yet, invent a self-executing a virus for unix, do you know how fast that door will shut? So fast your head will spin. There are so many unix geeks out there and the network that supports them is extensive.
You also seem to forget also the open source community and network that is in place right now. If a vulnerability exists, say in an OSX update, do you realize how fast these things are found?
I will take this opportunity to speak for all the Mac heads here...
We all recognize that all computers are vulnerable to attack. That's a given. We also KNOW that using a Unix based system is the best defense against such viruses. And we all most likely, feel that OSX is the most usable 'nix' out there. You and others can and will tell yourself that OSX or BSD or Solaris is just as likely to get viruses, because you know not what you speak of.
It seems to me that he came here and asked about virus protection and the like about OSX. Don't go into denial mode, because you don't like the answers given. I gave you a rundown of why Unix based systems don't readily get attacked and all you can say is "but what if..." or "maybe someday..."
Right now, right here, there are 0 (none, nada, nill) viruses for OSX and despite not being able to find an online count of viruses for windows I know the last time I checked it was around 200,000 not including Spyware/Adware and the average time it takes to get a virus once connected to the internet is like 15-20 minutes for windows. Just so the point gets made even clearer... IF YOUR VIRUS SOFTWARE IS OUT OF DATE JUST 20 MINUTES.... YOU ARE MOST LIKELY INFECTED WITH SOMETHING. I can prove that to you on a daily basis.
So, if you chose to use a Mac for other reasons, let us all say, Congratulation! You made the right choice. Say goodbye to viruses and spyware and having to worry about them. It will never get to the point it has gotten with windows. I think you'll have to accept that.
By all means, keep on preaching the glory of *nix, but don't let it get into your head. At the moment Windows it self is the best selling argument of OSX. I have not said that there are any viruses around now, but telling newbies that there will never be one or preparing for one is waste of time?!? That was my problem.
Nor did I never say that *nix is as vulnerable to security problems as windows is, not even if it gained the popularity it should. All I argumented was that nothing is 100% secure. Nor should it ever be marketed as such. Security should be more of a proactive thing than just damage repair. All I wanted to hear was some constructive statements instead of just telling newbies to forget about it, and apparently it needed playing some devils advocat and counter-argumenting to get people to give proper reasoning.
Yes I've had my fair share of windows problems, even though I know how to prepare. I never had viruses on my own computer(knocking on wood), but had to rescue many others. Security was one of my reasons to make the personal change to mac. I really hope/believe other platforms will never get as bad as it is in windows side now. Hopefully Vista will improve things on that side as well, though I'm not too optimistic about it. Even the best operating system/virus scanner can't remove that one security hole called user. Educating users is also an VERY important security measure, as the recent worms using social engineering have proven. I have no problems accepting the improved security that OSX offers, but still I run everything with lowered priviledges, not because it so far hasn't been safe to run everything as admin, but because it's vice thing to do and because I can.
Will the extant antivirus programs for OS X be able to counter future viruses, considering that, as lundy notes, they won't be in their databases? Do they seek out generic viruses?
Or will everyone who has already installed antivirus software have to download an update once an OS X virus is detected?
In the first case, 2501 is right to get noobs to get antivirus software. In the second, it makes no difference because they'd have to actively install SW to counter a virus just as would those who hadn't installed anything.
--B
Originally posted by bergz
Ok then. I guess the question is this:
Will the extant antivirus programs for OS X be able to counter future viruses, considering that, as lundy notes, they won't be in their databases? Do they seek out generic viruses?
Or will everyone who has already installed antivirus software have to download an update once an OS X virus is detected?
In the first case, 2501 is right to get noobs to get antivirus software. In the second, it makes no difference because they'd have to actively install SW to counter a virus just as would those who hadn't installed anything.
--B
Firstly I'd like to see also mac people to be good citizens of digital world, and if you forward unknown files to other people, please check them for viruses, even though it doesn't affect your computer. I wouldn't want to feel partially quilty infecting my friends computer. Secondly there are no patches for stupid people so social networking malware is still effective, only educating people can fight these kind of problems. Thirdly it's important for people to understand the criticality of the updates, if you teach people that it's not that important to update, because there will never be anything critical anyways. IF/when that furious virus happens to strike it's never too late. Technology savvy people are not likely to get affected, it's usually the careless people who get hit. Spread the knowledge and every one gets less spam. In some occasions ignorance can be bliss, but definitely not in security. I say it again, better safe than sorry.
Originally posted by Project2501
All I argumented was that nothing is 100% secure. Nor should it ever be marketed as such.
No, nothing is 100% secure. And Apple's recent marketing based on security is perhaps a mistake. Time will tell.
All I wanted to hear was some constructive statements instead of just telling newbies to forget about it, and apparently it needed playing some devils advocat and counter-argumenting to get people to give proper reasoning.
As a matter of fact, there is zero malware for Mac OS X today. And thanks to its unix structure, it is unlikely that the situation will change dramatically in the foreseable future. So no, don't bother with anti-virus software and such. Not at this moment at least.
However, this does not mean that there are no measures one can take to better secure a Mac. And I am not talking about viruses etc. Here are some basic safety rules.
(1) Turn on your firewall. If I remember correctly, Tiger has some more advanced firewall control through System Preferences than Panther. So up the protection to max from there.
(2) Do not run an admin account for everyday tasks and work. Admin is just for that, to administer the computer. In my opinion, the fact that the default installation account is an admin one, is something that Apple needs to correct. The installation process should guide the user to create a new normal account for general (non-admin) use, after having finished with the admin one, explaining briefly the reasons.
(3) Do not enable any services unless you need to do so and you know what you are doing. Fortunately, all of them are by default disabled.
(4) If you are going to surf on sites that you don't trust (there is a good deal of garbage out there), have also another normal user account for that, different from your normal work account. So, if anything bad happens, for example execution of a 'rm -rf *' script after opening a downloaded file from an untrusted source, you will not have to worry about your files. All this can do, is to erase the files in the current "internet" or "test" account and nothing more.
(5) If installing an Airport station for internet access is feasible, just do it. And enable the use of locally attributed addresses, which will enable NAT. This, though not 100% bullet proof, will make life hard for everyone who will try to get control of your machine through its IP (which will go now to the wireless station) exploiting some of the many vulnerabilities that, fortunately, Apple patches very quickly. As an extra safety measure, you can not only password-protect your local network, but also enable hardware-based access, according to the MAC address of the wireless card. And of course up to the max all safety option of the wireless station.
Call me paranoid, but this is what I would do today.
Originally posted by Project2501
No, there is nothing wrong with certainty, but as causation tells you, past doesn't prove anything about the future, macs first bad virus can be right behind the corner. All it takes is one bad virus. Also that attitude some mac people seem to give around web is so annoying, that that alone might be enough for someone to invest in creating that first mac virus. So far macs have been out of professionals scope, but who knows how long. The proof of concept trojans already show that nothings perfect, and never will be. I never try to say never, because eventually it will be proven wrong. Talking reasonably about macs incomparable security over windows is fine for me, but saying to someone to stop worrying and ignoring all potential threats, just because nothing has happened before, is just downright stupid.
You are correct. There may be some new threat to the OS X platform in the future. If it occurs it will be able to exploit some new and unforseen weakness in the current OS. We should be vigilant.
HOWEVER
Running a virus checker won't offer any protection against this eventuality. None whatsoever. It's like taking penecillin every day - to protect you against Aids. It won't work, it won't protect you. Worse still it could damage your health.
Smart users should take actions to prevent viruses spreading and infecting their machines. But running a program which searches every file for Windows viruses is not one of those actions.
C.
Originally posted by Carniphage
You are correct. There may be some new threat to the OS X platform in the future. If it occurs it will be able to exploit some new and unforseen weakness in the current OS. We should be vigilant.
HOWEVER
Running a virus checker won't offer any protection against this eventuality. None whatsoever. It's like taking penecillin every day - to protect you against Aids. It won't work, it won't protect you. Worse still it could damage your health.
Smart users should take actions to prevent viruses spreading and infecting their machines. But running a program which searches every file for Windows viruses is not one of those actions.
C.
Yes, for now running virus scan all the time on mac is just waste of cpu cycles, but running that strange attachment against clamXav is such a small operation for you, but can save you from a lot of bad blood. And what I also tried to say was that you don't really have to be especially smart user, if you just were given proper instructions in the first place. Most people can grasp the idea why to do these things, if taken enough time in explaining. Thinking that spreading your knowledge about things doesn't concern you because you are mac users or thinking that this would never ever happen to macs, so why bother mentality, sounds very irresponsible to me.
Originally posted by Project2501
By all means, keep on preaching the glory of *nix, but don't let it get into your head.
What are you talking about? Everything I said so far is true and fact. We are not talking about acts of faith here.
Originally posted by Project2501
At the moment Windows it self is the best selling argument of OSX.
No. The lack of viruses and vulnerabilities to infection as opposed to windows, is ONE of many selling points for OSX or any other usable 'nix' distros.
Originally posted by Project2501
I have not said that there are any viruses around now, but telling newbies that there will never be one or preparing for one is waste of time?!?
Who seriously said that? You're making up stuff again.
Originally posted by Project2501
That was my problem. Nor did I never say that *nix is as vulnerable to security problems as windows is, not even if it gained the popularity it should. All I argumented was that nothing is 100% secure. Nor should it ever be marketed as such. Security should be more of a proactive thing than just damage repair. All I wanted to hear was some constructive statements instead of just telling newbies to forget about it, and apparently it needed playing some devils advocat and counter-argumenting to get people to give proper reasoning.
Good backpedaling. Your first post sets the stage...
Originally posted by Project2501
Do you guys realize how smug you sound? No wonder people don't like Apple fan boys. No matter how excellent this platform is no-one ever want's to hear anything about it, just because of this attitude. No matter how true it is that not any significant pests work in OSX.
I don't know about anyone else, but that seems to denote that we are rubes that buy anything Apple feeds us. As if the fact that no viruses exist, is simply a side effect of Steve Jobs reality distortion field and it's just a matter of time 'til reality sets in. Your other posts hint to this also.
Originally posted by Project2501
Yes I've had my fair share of windows problems, even though I know how to prepare. I never had viruses on my own computer(knocking on wood), but had to rescue many others. Security was one of my reasons to make the personal change to mac. I really hope/believe other platforms will never get as bad as it is in windows side now. Hopefully Vista will improve things on that side as well, though I'm not too optimistic about it. Even the best operating system/virus scanner can't remove that one security hole called user. Educating users is also an VERY important security measure, as the recent worms using social engineering have proven. I have no problems accepting the improved security that OSX offers, but still I run everything with lowered priviledges, not because it so far hasn't been safe to run everything as admin, but because it's vice thing to do and because I can.
So we're in agreement, then? Why call posters "Smug Mac fan-boys"? I don't get it.
Originally posted by Project2501
Firstly I'd like to see also mac people to be good citizens of digital world, and if you forward unknown files to other people, please check them for viruses, even though it doesn't affect your computer. I wouldn't want to feel partially quilty infecting my friends computer.
I would argue that Macs are exemplary digital citizens. They don't allow malware to infect them in the first place. This prevents further spreading the virus to every person in its address book. It does not allow itself to be taken over by Trojan downloaders or spyware that infects every computer on a local network. They are by design better digital citizens. Perhaps you should apply your rule to the digital deviants that Microsoft has created.
Originally posted by Project2501
Secondly there are no patches for stupid people so social networking malware is still effective, only educating people can fight these kind of problems.
Who died and appointed you hero of the stupid. These are the people that need to learn things the hard way. Why appoint yourself as spokesman for them?
Originally posted by Project2501
Thirdly it's important for people to understand the criticality of the updates, if you teach people that it's not that important to update, because there will never be anything critical anyways. IF/when that furious virus happens to strike it's never too late. Technology savvy people are not likely to get affected, it's usually the careless people who get hit. Spread the knowledge and every one gets less spam. In some occasions ignorance can be bliss, but definitely not in security. I say it again, better safe than sorry.
Fine, educate till your face is blue, no-one here faults you for that. However, most of the posts here were rather helpful, some were humorous, and then a few were sarcastic. You took the opportunity to attack the "smug Mac fan-boys" and to imply ignorance to the threat of invasion. You don't believe this, do you? Is it possible that we choose to continue to use a Mac BECAUSE we realize the threat?
How exactly do you discuss virus and A/V on a mac without mentioning the HUGE fact that there are no viruses for the Man? That's what is happening here. My rundown was for educational purposes, that you now profess to care about, bat you also fluffed that off, in light of your perceived threat of a looming master-virus or something.
You succeeded in getting me riled up, so I guess you accomplished your goal. But what was the point? You knew all this already. perhaps we helped educate someone in the process, right?