Apple Computers Not As Secure As You Might Think
http://www.huffingtonpost.com/2012/04/20/apple-security_n_1440331.html
Alright, Apple fans, it’s time to face the truth: Your Macs aren’t as safe as you might think.
Apple, Oracle, Google Lead Major Vendors with Software Vulnerabilities in Q1, Security Report Says
Apple led all major technology vendors in reported vulnerabilities in its operating system and software during the first three months of 2012, according to a report released Tuesday by Trend Micro.
I have worked in the computer security field for over 7 years and have always been concerned about the false sense of security Apple pushes to die-hard fans. Back in March, 2006, Brian Krebs, then a security researcher and writer for the Washington Post, wrote a story about the thankless jobs of Botnet researchers (Bringing Botnets Out of the Shadows). In the article, Krebs talks about the efforts of Shadowserver.org which was founded by my old friend, Nicholas Albright. I showed Nicholas how I researched botnets and he went on to create one of the most valuable and helpful computer security organizations in existence. I joined them for a short time but quickly burned out and went on to other things.
In the article, Krebs mentioned a botnet that I was working on, which consisted of only Linux and Mac OS X systems. Just the mention of Mac systems being compromised and being part of a botnet sent the Apple fan-base into an uproar. Apple has a fairly arrogant view on security, when it comes to their products. They always pushed a false sense of security to their consumers. Even going as far as to imply their operating system was immune to viruses.
Hello, Flashback Trojan!
The trojan targets a Java vulnerability on Mac OS X. The system is infected after the user is redirected to a compromised bogus site, where JavaScriptcode causes an applet containing an exploit to load.
Oracle, the company that develops Java, fixed the vulnerability exploited to install Flashback on February 14, 2012.[7] However, Apple maintains the Mac OS X version of Java and did not release an update containing the fix until April 3, 2012,[10] after the flaw had already been exploited to install Flashback on 600,000 Macs.
http://www.sileo.com/tag/flashback/
Once the malware is installed, the Trojan steals passwords and banking info from Safari.
Apple’s slow response in addressing a vulnerability that was being actively exploited, put users at risk of having their personal and private data exposed. Apple released a Java update that fixed the vulnerability and removed the Flashback Trojan on April 3rd, 2012. However, they are not releasing fixes for Mac OS X 10.5 and older. There is a bit of irony here. The version of Mac that was current at the time Krebs published “When Macs Attack“, which generated all the outrage from the apple fan club, was OS X 10.4, which is now vulnerable to attack until the end of time.
It seems that Apple is far behind Microsoft when it comes to addressing security vulnerabilities. Hopefully they will catch up, soon.
If you were infected by the Flashback Trojan, please make sure to watch your bank account and credit report, closely.
the attachments to this post:
Mac-Virus
If your argument is that Macs have been theoretically vulnerable, and Mac user blissfully unaware, for years, you are correct.
But if you think that Mac loyalists and switchers who gravitated to the platform for its relative safety were misguided and would have been better off security-wise all those years running Windows PCs instead, you would be wrong. For the most part, Apple delivered on its implied promise of security.
Now that increased Mac market share has started attracting serious malware, Apple and it’s Mac users will have to step up their vigilance. Perhaps one of the Mac’s perceived advantages is evaporating. Luckily for Apple, the heretofore ability to run without security software is not the only attractive thing about Macs.
Bingo!
600,000 infected Macs is the largest malware strike yet against Mac OS X users, but still only accounts for 1% of all Mac users. The sky is falling hysteria is mind boggling. Wake me up when it is at least 10% that of the PC users world, then I’ll take note.
I wish people like you understood security definitions. Virus is not a general term synonymous with malware. It makes you look ignorant or duplicitous when you apply it to a Mac.
A Virus is a type of malware which UNIX OS’s, Linux and OSX, among others, do not get. The point the ad was making was that Macs are immune to 99% of the malware at the time. Windows still retains the world’s record. Apple never said it was immune to vulnerabilities in third party software such as Java, Flash or PDFs. All software has flaws which might be exploited.
Do I have antivirus on my Mac? Yes. Why? Because I don’t want to pass on a virus or worm to my PC owning friends. I’ve never had a trojan horse because I am careful about what I click on. This particular Trojan relied on a feature in Safari which I haven’t had authorized for three years, “open safe files after downloading.”
I am not negligent about security on a Mac. I know that a security problem is unlikely, but not impossible. I have a four year old iMac which runs the 32 bit kernel on Snow leopard. This means that I don’t use Apple’s latest security upgrades: DEP and ASLR. Do I feel unprotected? No. I’ve had no problems on a Mac since my Macintosh Se/30 days.
I intend to upgrade to Mountain Lion when it comes out this summer, so I will have DEP, ASLR plus sand boxing. Do I expect to need them? No. There is no money in attacking Mac owners.
Will people like you continue to pick apart Apple’s flaws when they are not a hundredth as bad as Windows? Sure, but what do you get out of doing that?
Why do Apple fans have to use demeaning terms to get their points across? Just to let you know, my favorite computer is a Macbook Air that I own.
I am a security professional and KNOW the differences between a virus and a trojan. Linux AND Mac have been vulnerable to both.
http://en.wikipedia.org/wiki/Linux_malware
http://en.wikipedia.org/wiki/Category:Macintosh_viruses
I know that virues and malware are not as prevalent in *nix based systems. However, now that Mac is becoming more popular, they are becoming a valid target. Apple’s security posture is dangerous to their users. The latest flashback trojan had a publicly available exploit that would allow someone access to the Mac. Metasploit released a plugin at the same time that Apple finally updated it. I tested it on my new Macbook Air, before the update was available and it worked.
This is not an anti-Mac article, it is simply bringing awareness that Mac systems are not bulletproof.