"sampling" could mean that they have websites that infect systems via the same method.
The number of Macs hit in this way is multiplied by some estimate of the hit rate of the 'security' firm web site compared to the hit rate of the 'real' phishing sites.
At best this will be a very inaccurate estimate, at worst it's absolutely bogus.
J.
If you were correct, there are several problems:
1. Artificially infecting systems to determine what some other trojan might do is illegal. So why should we pay attention to a criminal enterprise?
2. The effectiveness of a trojan is dependent on how appealing the enticement is. If they put their trojan on web sites that are more (or less) appealing than the actual ones used, the results would be meaningless.
3. In the original article, they cited infection rates in some countries as low as 0.1% in some cases. Doing so and reporting data from many countries suggests that they would have had to infect many hundreds of thousands of systems to get the data they need.
<p> It's funny how most of these "security" companies come from a country widely known for its (i) transparency and (ii) low corruption levels and (iii) extremely low incidence of hacking activities... </p>
It is also known for having a high concentration of security researchers.
I would caution people to not take these things lightly. Apple's model creates a much more significant attack vector since so much of their ecosystem is in a default state, with common applications and therefore common attack vectors.
I just wish I had a better idea of how to protect things in a general case-- getting a Cisco ASA for home just seems stupid and ineffective overkill.
I just wish I had a better idea of how to protect things in a general case-- getting a Cisco ASA for home just seems stupid and ineffective overkill.
Default ok, I would say.
You could activate the firewall, deinstall java, stop using flash, browse with as little permission for Safari as possible, only install from the app store, update automatically and install little snitch, to be extremely save.
One way to monitor traffic is to sniff the traffic on their own network. They sniff all the packets, put an infected Mac on the network, and see what it's trying to do, to whom it is communicating with.
One way to monitor traffic is to sniff the traffic on their own network. They sniff all the packets, put an infected Mac on the network, and see what it's trying to do, to whom it is communicating with.
That's not how they're not doing it. If you're such an expert, try your own sniffing - as in reading! You should be able to figure out their method.
It is also known for having a high concentration of security researchers.
I would caution people to not take these things lightly. Apple's model creates a much more significant attack vector since so much of their ecosystem is in a default state, with common applications and therefore common attack vectors.
I just wish I had a better idea of how to protect things in a general case-- getting a Cisco ASA for home just seems stupid and ineffective overkill.
I'm not saying that one should take reports seriously.
However, THIS report has a lot of red flags that make the conclusions very questionable. I listed some of them above.
It's funny how most of these "security" companies come from a country widely known for its (i) transparency and (ii) low corruption levels and (iii) extremely low incidence of hacking activities...
Intego, who first identified the Flashback variant are French.
Symantec are American and now agree with DrWeb that the number sits at 600 000.
Are you really suggesting that this is a global conspiracy?
Yup, they all want to sell Mac anti virus software, which would NOT have stopped this from happening. Best possible thing they can do is have software that will remove these kinds of things after they become known.
You could activate the firewall, deinstall java, stop using flash, browse with as little permission for Safari as possible, only install from the app store, update automatically and install little snitch, to be extremely save.
J.
I have always used Firefox with the no script addon with an free antivirus program (Sophos and ClamXav current). Oh regarding the app store it's version of ClamXav doesn't have ClamXav Sentry while the one from the site does.
Both Dr Web and Kaspersky are well-known in Russia, but Parallels is not even though all three are Russian companies. So what if one company targets international market and another one targets national one.
It remains to be seen who's right and who's wrong, antiviral companies will always tend to somewhat overestimate threats, I just hope OS X will not force everyone to "MacStore-only" security model when "security through minority" does not prove to be effective any more.
... I just hope OS X will not force everyone to "MacStore-only" security model when "security through minority" does not prove to be effective any more.
The "security through obscurity" motto has been definitely debunked in the other discussion by the researches themselves who follow the malware evolution on the Mac platform:
"As we correctly predicted back in May, Mac malware has not scaled continuously due to market share, but rather, is more the result of opportunist "bubble economies" that have produced new threats in fits and starts," researchers said
What increased market share naturally does, is to increase the interest of the malware programmers but this is not translated necessarily to more malware available in the wild. Besides, Mac OS X has much more market share than the classic Mac OS ever had, and this the moment when malware can propagate like a wild fire through the internet. Nevertheless, the classic Mac OS had about 50 known actual and functioning malware including viruses, in an era when internet was barely present, while we have yet to see a single virus under Mac OS X. The system architecture is obviously what makes all the difference here. Therefore, the "security through obscurity" motto, although it contains a truth in the sense I explained previously, it is really overblown out of proportion.
Comments
Quote:
Originally Posted by jnjnjn
"sampling" could mean that they have websites that infect systems via the same method.
The number of Macs hit in this way is multiplied by some estimate of the hit rate of the 'security' firm web site compared to the hit rate of the 'real' phishing sites.
At best this will be a very inaccurate estimate, at worst it's absolutely bogus.
J.
If you were correct, there are several problems:
1. Artificially infecting systems to determine what some other trojan might do is illegal. So why should we pay attention to a criminal enterprise?
2. The effectiveness of a trojan is dependent on how appealing the enticement is. If they put their trojan on web sites that are more (or less) appealing than the actual ones used, the results would be meaningless.
3. In the original article, they cited infection rates in some countries as low as 0.1% in some cases. Doing so and reporting data from many countries suggests that they would have had to infect many hundreds of thousands of systems to get the data they need.
The whole thing sounds bogus.
I agree.
It is also known for having a high concentration of security researchers.
I would caution people to not take these things lightly. Apple's model creates a much more significant attack vector since so much of their ecosystem is in a default state, with common applications and therefore common attack vectors.
I just wish I had a better idea of how to protect things in a general case-- getting a Cisco ASA for home just seems stupid and ineffective overkill.
I just hope that not many good guys turn bad. There does not seem much room at the inn.
Default ok, I would say.
You could activate the firewall, deinstall java, stop using flash, browse with as little permission for Safari as possible, only install from the app store, update automatically and install little snitch, to be extremely save.
J.
Quote:
Originally Posted by colinng
One way to monitor traffic is to sniff the traffic on their own network. They sniff all the packets, put an infected Mac on the network, and see what it's trying to do, to whom it is communicating with.
That's not how they're not doing it. If you're such an expert, try your own sniffing - as in reading! You should be able to figure out their method.
Quote:
Originally Posted by aaarrrgggh
It is also known for having a high concentration of security researchers.
I would caution people to not take these things lightly. Apple's model creates a much more significant attack vector since so much of their ecosystem is in a default state, with common applications and therefore common attack vectors.
I just wish I had a better idea of how to protect things in a general case-- getting a Cisco ASA for home just seems stupid and ineffective overkill.
I'm not saying that one should take reports seriously.
However, THIS report has a lot of red flags that make the conclusions very questionable. I listed some of them above.
Quote:
Originally Posted by brlawyer
It's funny how most of these "security" companies come from a country widely known for its (i) transparency and (ii) low corruption levels and (iii) extremely low incidence of hacking activities...
Intego, who first identified the Flashback variant are French.
Symantec are American and now agree with DrWeb that the number sits at 600 000.
Are you really suggesting that this is a global conspiracy?
Yup, they all want to sell Mac anti virus software, which would NOT have stopped this from happening. Best possible thing they can do is have software that will remove these kinds of things after they become known.
Quote:
Originally Posted by jnjnjn
Default ok, I would say.
You could activate the firewall, deinstall java, stop using flash, browse with as little permission for Safari as possible, only install from the app store, update automatically and install little snitch, to be extremely save.
J.
I have always used Firefox with the no script addon with an free antivirus program (Sophos and ClamXav current). Oh regarding the app store it's version of ClamXav doesn't have ClamXav Sentry while the one from the site does.
As for that "server run by an unidentified third party" claim taking a sampling of the list of contacts at http://contagiodump.blogspot.com/2012/04/i-have-been-tracking-infections-too-and.html produces a very interesting pattern if you throw them at http://www.ip-adress.com/whois/.
Both Dr Web and Kaspersky are well-known in Russia, but Parallels is not even though all three are Russian companies. So what if one company targets international market and another one targets national one.
It remains to be seen who's right and who's wrong, antiviral companies will always tend to somewhat overestimate threats, I just hope OS X will not force everyone to "MacStore-only" security model when "security through minority" does not prove to be effective any more.
Quote:
Originally Posted by usr1
... I just hope OS X will not force everyone to "MacStore-only" security model when "security through minority" does not prove to be effective any more.
The "security through obscurity" motto has been definitely debunked in the other discussion by the researches themselves who follow the malware evolution on the Mac platform:
"As we correctly predicted back in May, Mac malware has not scaled continuously due to market share, but rather, is more the result of opportunist "bubble economies" that have produced new threats in fits and starts," researchers said
What increased market share naturally does, is to increase the interest of the malware programmers but this is not translated necessarily to more malware available in the wild. Besides, Mac OS X has much more market share than the classic Mac OS ever had, and this the moment when malware can propagate like a wild fire through the internet. Nevertheless, the classic Mac OS had about 50 known actual and functioning malware including viruses, in an era when internet was barely present, while we have yet to see a single virus under Mac OS X. The system architecture is obviously what makes all the difference here. Therefore, the "security through obscurity" motto, although it contains a truth in the sense I explained previously, it is really overblown out of proportion.
Some readers have a tendency to be dated.
Quote:
Originally Posted by aBeliefSystem
Everyone of any worth has agreed for days that Dr Web is right. Some readers have a tendency to be dated.
Ah, so I'm of no worth. Got it.