image
image

Go Back   macosx.com > Mac Help Forums > Mac OS X System & Mac Software

Reply
 
Thread Tools
  #25  
Old April 5th, 2005, 04:42 AM
Tetano's Avatar
Registered User
 
Join Date: May 2004
Location: Italy
Posts: 355
Tetano is on a distinguished road
create a virus isn't impossible... at the moment it's easier for windows for the presence on-line of virus-building tools which provide the necessary codes for every virus part... recently i haven't read of any new vulnerability in osX, but, for example, the latest update for iTunes was released to fix a potential security hole, with an exploit available on-line
__________________
iBook G3 800 MHz
384 MB SDRAM
Tiger
4G iPod, 20 GB
Reply With Quote
  #26  
Old April 5th, 2005, 08:35 AM
Andrew Adamson's Avatar
Got root? Sudoes.
 
Join Date: Mar 2005
Location: Osaka, Japan
Posts: 97
Andrew Adamson has a spectacular aura aboutAndrew Adamson has a spectacular aura about
I realize there is a huge difference between a virus/trojans/worms that target the OS and those that target specific applications and services, but the vast majority of users don't care about what kind of virus they have once they realize their MP3s have all been overwritten or that their hard drive has become an FTP drop box for pr0n. They will undoubtedly blame the operating system since the virus doesn't affect Windows. Given the huge range of 'web enabled' applications running on the Mac, I see a day soon when 'OS X viruses' do start to appear. The obvious efforts of Apple to simplify the firewalling process give me little confidence, given that I have yet to see one outgoing request get stopped by it.

For example, on my own Mac, I have PHP 4.3.10 installed and running -- in fact it was running from the day I bought this machine (along with Perl and Python, and probably several other scripting languages I don't use or care about). If you are a budding programmer, this is amazing since it means you don't have to compile or install a thing. But this version of PHP still has 'multiple vulnerabilities' according to Secunia.org. As a PHP programmer, I know the risks are tiny, since I do all of my own coding and I don't use my box to serve anything to the web. But I can imagine lots of other users loading all sorts of self-installing web applications onto their boxes without the slightest awareness that they are exposing their machines to danger. Load on PHPNuke or some other OSS content management system, you have added another layer of vulnerabilities. Add some extenstion and you are down another layer.

As for OS X's 'inherently stronger' permissions... Every week I read more about Linux exploits that 'escalate permissions' or install 'rootkits', phrases I had never heard of before I moved to Unix. "Stronger" is not "impervious". Yes, Windows is a much bigger target. Yes, it significantly easier to attack. And, yes, it takes little more than a cut and a paste to build a virus that can take down a few thousand Windows machines. But I am willing to wager there are a few serious crackers out there working on breaking your Mac right now, just for the credit of being able to say, 'I was the first.'

Don't get me wrong. I left Windows specifically because of Microsoft's half-baked approach to security (the GDIPlus.dll vulnerability was the straw that broke my camel's back). I feel immeasurably happier and safer with the Mac. But to suggest even for a moment that OS X is 'safe' in any concrete sense is to speak words that will surely come back to haunt you.
Reply With Quote
  #27  
Old April 5th, 2005, 01:15 PM
dktrickey's Avatar
Registered User
 
Join Date: Apr 2002
Location: Who wants to know?
Posts: 1,353
dktrickey is on a distinguished road
I don't believe it is safe, only safer. Nor do I believe it is completely secure, only more secure.

As for protecting Windows users from a virus, I don't forward attachments. I understand that viruses could be spread via email in ways other than as an attachment. But that's what _their_ virus checkers are for, right?

Doug
__________________
Pixar Lamp iMac, G4 iBook for work, MacBook Pro!, XBox 360 fast but shoddy manufacturing, no PCs except virtual, several tree frogs, new iPod Touch - amazing, the shape of things to come
Reply With Quote
  #28  
Old April 9th, 2005, 06:40 PM
TommyWillB's Avatar
Registered User
 
Join Date: Mar 2001
Location: ol' Gay San Francisco
Posts: 1,993
TommyWillB is on a distinguished road
Quote:
Originally Posted by Andrew Adamson
...For example, on my own Mac, I have PHP 4.3.10 installed and running -- in fact it was running from the day I bought this machine (along with Perl and Python, and probably several other scripting languages I don't use or care about)...
That's not true.

OSX does not ship with Apache/PHP running!

If it was running "from the day (you) bought" it, that's because YOU turned it ON while exploring your new machine!

Besides, its pretty d#*n hard to exploit PHP if you don't actually have PHP scripts in your docroot... And Apple absolutely does not ship OS X with any PHP scripts active.
__________________
TommyWillB
Intel iMac 250GB external drive
TommyWillB.com hosted on Mac OS X 10.4.x / Apache 1.3.x / PHP 4.x
Reply With Quote
  #29  
Old April 9th, 2005, 07:43 PM
Andrew Adamson's Avatar
Got root? Sudoes.
 
Join Date: Mar 2005
Location: Osaka, Japan
Posts: 97
Andrew Adamson has a spectacular aura aboutAndrew Adamson has a spectacular aura about
Quote:
Originally Posted by TommyWillB
That's not true.

OSX does not ship with Apache/PHP running!

If it was running "from the day (you) bought" it, that's because YOU turned it ON while exploring your new machine!

Besides, its pretty d#*n hard to exploit PHP if you don't actually have PHP scripts in your docroot... And Apple absolutely does not ship OS X with any PHP scripts active.
Excuse me. Did I say Apache? Go to the command prompt and type 'php', you get PHP. I sure do. That is what I am talking about.

My specific issue with PHP (and Perl, Python, &c) is this. First, I am not that concerned that some anonymous cracker can connect to the user's machine to do nefarious things in PHP because at the moment I don't think they can (at least not without the user's help). The firewall seems to me to be pretty solid and will stop inbound anonymous traffic, and without Apache running as a service, there is no easy way to contact PHP from the outside world -- without my help. Fine. We're on the same page on this one. My first problem is that they have installed an extrememly powerful, scriptable language that has documented vulnerabilities, including techniques (certainly in Linux) to ESCALATE permissions to root, and which the VAST majority of users aren't aware of and won't use (you can argue for leaving Python installed because a lot of installers are written in it, but PHP???). The second is that they, at least at present, do not seem to be offering any patches to bring it up to the present release through the automatic update process. The third is that the firewall does not appear to stop OUTbound traffic of any kind, and does not alert the users to any new traffic patterns AND (from what I can see) does not stop inbound responses to that traffic. Install BitTorrent, it works just fine without tuning the firewall. Install a PHP Spambot, it works just fine too, I reckon.

So, again, my worries are 1) known vulnerabilities, 2) no automatic patching to current builds, 3) no way to warn users of new processes or stop outbound traffic.
Reply With Quote
  #30  
Old April 10th, 2005, 05:22 AM
Satcomer's Avatar
In Geostationary Orbit
 
Join Date: Jul 2002
Location: Northern Virginia
Posts: 4,813
Satcomer is a jewel in the roughSatcomer is a jewel in the roughSatcomer is a jewel in the rough
Quote:
Originally Posted by Andrew Adamson
So, again, my worries are 1) known vulnerabilities, 2) no automatic patching to current builds, 3) no way to warn users of new processes or stop outbound traffic.
1) I know the Mac probably has some kind of vulnerability. Please show us ANY computer (especially one that connects to a network) that doesn't any vulnerability. It is an arms race between the makers of software/hardware and the ones trying to break codes.

2) There is a way to track most all outbound traffic (and you WILL BE surprised) called Little Snitch. It will notify you of most all outgoing traffic.
__________________
PowerMac G5 Dual 1.8(Rev A.), , 7 Gig RAM, Pioneer DVR-110, ATI X800XT, OS X 10.4.11 & 10.5.3, 23'' HD LCD
Mac Book Pro Core 2 Duo 2.16Mhz, SuperDrive, ATI X1600, 2GB RAM, OS X 10.5.3
Tibook 400Mhz, DVD drive, 1024 RAM, ATI Rage, OS X 10.4.7
1TB Time Capsule
5g iPod 30Gig White
Reply With Quote
  #31  
Old April 10th, 2005, 11:58 AM
TommyWillB's Avatar
Registered User
 
Join Date: Mar 2001
Location: ol' Gay San Francisco
Posts: 1,993
TommyWillB is on a distinguished road
Quote:
Originally Posted by Andrew Adamson
Excuse me. Did I say Apache? Go to the command prompt and type 'php', you get PHP. I sure do. That is what I am talking about...
Okay... I understand your point about PHP command line (Apple did not originally have that enabled) vs. over HTTP, but I'm still confused as to why this is such a big concern.

You yourself admit:
Quote:
Originally Posted by Andrew Adamson
...I am not that concerned that some anonymous cracker can connect to the user's machine to do nefarious things in PHP because at the moment I don't think they can (at least not without the user's help). The firewall seems to me to be pretty solid and will stop inbound anonymous traffic, and without Apache running as a service, there is no easy way to contact PHP from the outside world
So if you are worried about novice users, what's the issue... It's not like they are going to install some PHP script that does all of the network conenction issues you talk about.

If you're advanced enough to do things like that, then you're responsible for proceeding at your own risk. Nothing Apple can do about that.


Ragarding the patching, Apple has done several updates to PHP... They don't do them as fast as they are released, but a hell of a lot faster than other OS's are updated.
__________________
TommyWillB
Intel iMac 250GB external drive
TommyWillB.com hosted on Mac OS X 10.4.x / Apache 1.3.x / PHP 4.x
Reply With Quote
  #32  
Old April 10th, 2005, 12:01 PM
TommyWillB's Avatar
Registered User
 
Join Date: Mar 2001
Location: ol' Gay San Francisco
Posts: 1,993
TommyWillB is on a distinguished road
Quote:
Originally Posted by Satcomer
...2) There is a way to track most all outbound traffic (and you WILL BE surprised) called Little Snitch. It will notify you of most all outgoing traffic.
I agree. Little Snitch is great.

I use it. I love it. I too would like to see Apple add someting like it to the base OS X install.
__________________
TommyWillB
Intel iMac 250GB external drive
TommyWillB.com hosted on Mac OS X 10.4.x / Apache 1.3.x / PHP 4.x
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off
Forum Jump


All times are GMT -5. The time now is 06:12 PM.


Mac Support® Version 3.7.0 Beta 5
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0
Copyright 2000-2008 DigitalCrowd, Inc.