Mac OS X invulnerability to malware is a myth, says security firm
Source: Ars Technica
Mac users can expect more OS X botnets, drive-by downloads, and mass malware from here on out. That's according to security researchers from Kaspersky Lab, who said during a press conference on Thursday morning that anti-malware software is now a necessity for Mac users, and that "Mac OS X invulnerability is a myth."
The firm acknowledged that malware for the Mac has existed for years but only recently started gaining more momentum thanks to a critical increase in Mac market share. In the case of Flashback (also known as Flashfake), the malware morphed from a socially engineered installation app to an attack that targeted an unpatched Java vulnerability. So far, it has been used to hijack search resultsa technique often used in click fraud scamsbut the attackers have the ability to employ the malware tactic of their choice on a machine at any time as long as it remains infected.
(It's worth noting that Kaspersky says the latest Flashback infection was spread via hijacked WordPress sites thanks to a vulnerability in the blog software. This means that trusted blogs visited by Mac users could have been used to spread the infection, debunking the myth that infections only happen by visiting shady websites or opening unidentified files.)
Kaspersky and other researchers still aren't sure exactly who's behind Flashback, but speculate that the perpetrators are only going after small financial gains given their behavior patterns. "The exploit distribution URLs that we are aware of have only targeted Mac users," says Kaspersky Lab analyst Kurt Baumgartner. "These factors limit the operational and technical needs of a financially motivated cybercrime gang."
Read more: http://arstechnica.com/apple/news/2012/04/kaspersky-lab-mac-os-x-invulnerability-to-malware-is-a-myth.ars
Lint Head
(15,064 posts)thelordofhell
(4,569 posts)hobbit709
(41,694 posts)ANY computer that connects to the outside is vulnerable
Last edited Thu Apr 19, 2012, 01:56 PM - Edit history (1)
But thanks to saint Job's sneaky marketing practices, we have a large majority of MAC users who truly believe that MAC's are somehow invulnerable.
Ironically, Macs are less secure than Windows. Makes sense..when one sees how Windows has been fighting viruses for the past 20 years, while the MAC has dont nothing comparable.
RebelOne
(30,947 posts)I have had so many PCs that gave me problems, but my Mac give me very few problems.
Vehl
(1,915 posts)The reason PC's sometimes give problems are twofold
1 Virus makers targeted PC's because of the massive market share compared to the Mac.
2 PC's have to be compatible with literally tens of thousands of different devices/hardware. Mac had to only be compatible with Mac products and the very few 3rd party Mac compatible devices.
Also spending about 1 hour learning about safe browsing/PC maintenance skills (info easily found online) will eliminate about 99.9% of the issues most PC users who have issues with PC face.
In the past five years I've only had two BSOD's, and both were caused due to hardware failure...something that happens very very rarely...even given the fact that my PC's are running 24/7 most of the time. I only turn then off/restart when I have to, often when installing hardware/certain software.
99th_Monkey
(19,326 posts)and cannot count the times I've had friends with PCs have constant
problems that I have never encountered..
cliffordu
(30,994 posts)sakabatou
(42,148 posts)bemildred
(90,061 posts)rocktivity
(44,576 posts)Well, duh.
"The firm did acknowledge that Apple is moving toward a more controlled Mac ecosystem with the introduction of Gatekeeper in OS X 10.8 (Mountain Lion), expected to be released this summer."
Notice that the firm did NOT acknowledge that they peddle Mac antivirus software and therefore might have an axe to grind against Gatekeeper...
rocktivity
cliffordu
(30,994 posts)frylock
(34,825 posts)why not? that'll show those greedheads over at Kaspersky labs, right?
wandy
(3,539 posts)Yes all can still be attacked, but a good rule of thumb is, the more of them out their the more interested malware writers will become.
Mainframe operating systems, yes their still out their, are few, far between and generally live in fortressed environments.
Add to that they are physically large and down right expensive makes them unattractive to the casual writer of malware.
OS X still has a comparatively small install base. It is only beginning to attract malware providers.
Linux environments such as Ubuntu are also just beginning to gain in home user popularity.
The tendency to provide 'open source' software will provide fertile ground.
Windows on the other hand....
Isn't their something in the Bible about....
Bring me a mustard seed from any household that hasn't been affected by Microsoft.
A hackers playground.
cliffordu
(30,994 posts)Patently false.
Bogus posit.
wandy
(3,539 posts)I am not saying I think their is anything wrong with open source.
I am saying that reading the source is instructional.
I may use that to make minor modifications.
It may give me ideas as to how to accomplish a task.
Others may have different intent.
Odin2005
(53,521 posts)Hissyspit
(45,788 posts)five+ years of using Macs I have never heard anyone say it or seen it claimed.
But don't let that stop you. Have fun. There'll be another thread making that claim that all Mac users believe that in a couple of weeks and another a couple of weeks after that.
thesquanderer
(11,986 posts)I think this has been the first time there has been an attack on Mac that did not depend on tricking the user into typing his password in order to work... i.e., you could get infected by merely visiting a site. Up until now, that was only a Windows problem. That's what's changed. And even then, they haven't exploited an OS X vulnerability... it was a Java vulnerability (and there are reports of another one, an MS-Word vulnerability... though that also depends on someone actively opening an attachment from an unknown source, it cannot operate passively, as I understand it). This is a consequence of supporting "outside" platforms, and why Apple is transitioning to disabling Java by default. At least though, even with this "major breach," there has yet to be any report of data loss, identity theft, or any other actual ill effect, so far.
It's good that this will show Mac users that it isn't impossible for someone to find a way to compromise the system, it could be foolhardy to take complacence too far, though I don't understand the smugness and schadenfreude of the Windows folks, since the situation there is still infinitely worse.
Interestingly, so much of what Apple is doing--seemingly even in the future directions of the Mac--is based on what they are doing on the iOS, which is more closed, where they have even more control over the entire environment. That's a double-edged sword, but it may be that, by the time OS X is substantially compromised, if and when that day comes, it may not even matter, if Apple has essentially transformed the Mac OS into an even more heavily walled garden, which perhaps will buy them the next ten years again.
frylock
(34,825 posts)from some of the folks in the Mac community. how many times on this board has an appeal for assistance turned into calls for "get a Mac?"
While I should not make the "I said so" comment, I totally agree with your point.
For years I've seen Mac users say "get a Mac, you won get any viruses" to those who were having issues with PC's.
I see the Reality Distortion Field slowly waning.
thesquanderer
(11,986 posts)We'll see if the floodgates indeed open as Windows fans are hoping. But in the mean time, the difference in real-world safety is still staggering.
FreeBC
(403 posts)Can we get a story about Linux taking over the desktop too?
Snake Alchemist
(3,318 posts)Vehl
(1,915 posts)Seedersandleechers
(3,044 posts)A lot of the updates include security issues. 10 plus years and never had a virus - it's included in the software updates.
freshwest
(53,661 posts)Fingers crossed, nothing yet. My browser settings have not been allowing me to go to wordpress and a lot of other sites. I have java disabled and only allow things in on a one by one basis, then delete their cookies. I've also set my mac to maximum security settings.
Other posters have give me good advice on blocking cookies and anything else. I was very unhappy with Windows when I had it, but that was a decade ago. All of my Macs are refurbished and cheap. I'm no geek, just like the ability to store things on the computer.
Whatever is said in marketing campaign is used to sell something, there's no need to take it personally. I'm mystified at the emotion in these threads sometimes. People aren't going to dump their computers over any of this. To each his own. Or her own. I don't disparage PCs, but I love my Mac. n/t
onehandle
(51,122 posts)Wow. That would have sucked. And not just for the constant onslaught of viruses and worse.