Another Good Reason to be 3% of the Market... - Page 2

xarcom · #9 May 26th, 2005, 09:55 AM

The way I see it, its easier to attack a large user base (even if they are poor) rather than try and attack a small user base. Its kinda like spam.. .. if you have ever read any of the messages before deleting them you tend to think "Who would buy this stuff"... well if the spammer sends 100 000 emails and out of that 50 people buy their product... well sending 1 000 000 emails will yield 500 clients... The point is that the goal is to affect the most people possible.

Also, I'm pretty sure there are some successful people working on a wintel platform. This attack is more targetted against businesses I would think.. I mean who cares if some dude loses his personal files when you compare that to a company who has thousands if not millions of dollars in IP on their computers... thats a much more attractive target than a wealthy mac user IMHO.

MacFreak · #10 May 26th, 2005, 10:52 AM

For long time Mac really dont have much problems with security issues same with Unix. Now they got married and become stronger so all hacker didn't have time for this.

The main reason hacker is looking for easy way to hack without write script or using ip program. They use same file that have programs did hacked before, They simple change file name. People kept open this file by email.

I remember when the M$ released Win95. Which is not competely done. Hackers started to curious and hack the Win95 and become popular. Customer reported to M$ that have 68 thousand problem. It had not fixed on Win95. Therefore it keep passed on new OS and increase more problems. Now new Longhorn and still have same old $hit problems. Remember the windows are alway open to keep PC cool without having a alarm on.

Mac OS X = Production
Unix = Development
Win = Testing/Trouble Shoot

ziess · #11 May 26th, 2005, 11:05 AM

Well personally I think it's a bit of both.
Low visibility will obviously make Apple less of a target than Windows machines - there are more Windows machines therefore there are more users to exploit therfore there is a bigger market to exploit therefore that's where the attacks will target.
Also, vulnerabilites in Windows code are more publicized than similar ones in Apple code. There are more sites reporting on them and there are more people with the technical expertise (and the intent) to create virus' so it's more likely that a particular hole in the system will be exploited, even if only one person actually cracks it. This would hold true for the holes found in Apple software (ie. the ones fixed by the regular 'Security Update') were being analysed by people with as much expertise coupled with malicious intent as the Windows holes.
Apple's security model? What's that then - a firewall? XP's got one of those as well.
OS X isn't perfect by any stretch of the imagination (although the UI's damn close) and what is it that makes it any less exploitable than PCs? The firewall can still be turned off by a user and without it, what's the system worth in terms of security if somone really wants to get in? Nothing. (Doesn't the OS X ship with the FW turned off anyway?)

Lycander · #12 May 26th, 2005, 11:14 AM

*BSD and Linux are not immune. Fact of the matter is a great number of web sites online right now are running Apache. So a malicious person would be focusing their efforts to attack Apache. Even though IIS is just easier to bring down

xarcom · #13 May 26th, 2005, 11:18 AM

As I mentioned before, the strength of Apple's os is that damage is usually limited to the permissions of the user. In normal cases that user isn't "root" on Unix or "Administrator" on Windows... therefore the damage is contained to your directories / files..

As for the FW... I don't know what the defaults are for FW... but I never rely on a FW for protection.. In the end most of the attacks are via email or viruses... I'm sure there are security holes in Mail... people just haven't been looking for them cause that would mean alot of work just to piss off 3 % of the market... as opposed to pissing off the lion's share of the market...

ziess · #14 May 26th, 2005, 12:09 PM

Xarcom - Good point but remember the 'Office 2004' P2P script that deleted home folders? People's patterns of computer use has as much a part to play in that sort of thing. But yeah you're right the permissions setup does help to minimise damage to a great extent.

MisterMe · #15 May 26th, 2005, 02:21 PM

Quote:

Originally Posted by xarcom

I disagree. Market share has a huge effect on the amount of viruses written for a particular platform. Although I believe that OS X has a stronger security model (due mostly to its BSD heritage), I think its foolish to think that if OS X had a higher market share it would still have a small amount of vulnerabilities. The fact is that it is impossible to remove all bugs from software and therefore security will always be an issue regardless of the platform. Also, I would attribute alot of the security in OS X to its unix core which limits the amount of damage that a virus or trojan can do by containing it to the current user's files.

I think the latest security problem with dashboard widgets installing themselves in Tiger shoes us that Apple is capable of making bad security decisions. If Apple's market share was larger this could have been a major security problem since its pool of maliscious hackers would be larger and therefore more people would be ready to exploit the hole.

The real test will be when Apple has a much larger market share (and by association a larger evil hacker share)...

You have a right to believe whatever you want. However, the notion that Windows vulnerabilities are related to its marketshare has a definite origin. It dates back to 1999, a time when Microsoft Windows was subject to a withering array of virus attacks. As an excuse for this sad state of affairs, Microsoft said that the number of viruses on Windows was due to its high marketshare. I call it the Whore's Defense..."I'm not a whore, I just popular."

The Whore's Defense was self-serving. It also failed two very important tests. The first is that it is a fundamental logical fallacy known as post-hoc ergo propter hoc. This is akin to crediting the sunrise to the cock's crow. Just because two things coexist does not mean that one caused the other. The second test is that the assertion had and has no scientific support. Microsoft has never presented any scientific proof at all to support its assertion that its marketshare has anything at all to do with its security problems. Yet, despite the lack of any supporting evidence, many weak-minded and a few well-meaning people accepted the Whore's Defense without question.

As for MacOS X's BSD underpinnings, they most certainly contribute to the fact that there are zero MacOS X viruses in the wild. However, not everyone was born yesterday. Those of us in this group know that there was a time when there were quite a few viruses on the Mac. Think back to 1989. However, the upsurge in viruses motivated the development of freeware antivirus utilities such as Disinfectant and commercial antivirus utilities such as Symantec Antivirus for the Macintosh (SAM), Central Point Antivirus, et. al.. The hardware design of the Mac allowed the antivirus utilities to be 100% effective when installed. The inability of Mac viruses to propagate slowed the number of new viruses to a trickle--fewer than one new MacOS-exclusive virus per year by the time MacOS 9 was developed. By then, the only new viruses on the Mac were Microsoft Office macro-viruses. MacOS X's BSD underpinnings helped reduce the number of Mac viruses from nearly zero to zero.

The takeaway message is this: You can believe whatever you want. However, until you present some validated scientific evidence of the notion that Microsoft's viruses are a consequence of its marketshare, your beliefs are obsubstantiated opinion.

xarcom · #16 May 26th, 2005, 03:34 PM

My opinions are based on years of study and reinforced by basic statistics.

Given:
OS A and B have N vulnerabilities
OS A has 100 evil hackers trying to find bugs.
OS B has 10 evil hackers trying to find bugs.

Basic stats suggest that there is a higher probability that vulnerabilities will be discovered in OS A. Basically my point is, if you throw 5 darts at a dartboard you might hit the bullseye.... throw 1 000 darts at a dartboard, chances are you'll hit it a few times.

Now I'm quite certain that there are more people out there trying to crash Wintel computers than there are people trying to break OS X. Most virus writers want to infect as many computers as possible therefore developping a virus for Wintel makes sense... why spend that effort on writing a virus that will have limited impact ?

You might not agree with my opinions but as a system software developper and as many other developers will tell you, if a hacker (with sufficient skills / knowledge) wants to get in... all he/she needs is to poke around long enough (without being noticed of course).. vulnerabilities aren't always as trivial as buffer overflows.. due to software complexity it is impossible to think about every possible case or situation that may arise... so bugs are in there regardless of how hard we try to remove them. I think its important to point out that what I am saying is that Wintel vulnerabilities have a higher probability of being discovered as opposed to OS X vulnerabilities due to its market share (and evil hacker share). This does not imply that one OS has more or less vulnerabilities than the other. My opinion is that the fact that less vulnerabilities are discovered in OS X should not be taken as a sign that there are no vulnerabilities in OS X or that OS X is necessarily more secure than any other OS.

I don't usually have the habbit of defending MS, but you say that MS hasn't presented any scientific proof that its number of viruses is due to its large marketshare. What kind of scientic proof would you want ? Also, the proper way to disprove something is to find a counter proof or counter example. In other words, what is your scientific proof that the high number of MS viruses ISN'T due to its large market share ?