Viruses On Os X
- Thread starter Captain Code
- Start date
WeeZer51402
Registered
Well my concern is not protecting against an OS X virus, as I am aware that such a virus does not exist. What I am trying to avoid is passing one on to some unfortunate windows user. Also it doesn't hurt to have a mechanism in place in the case that a virus is ever created for OS X.
My view is it's pretty hard to pass on a windows virus to windows users unless you are deliberatly forwarding strange emails to people.
I don't see why I should slow down my computer by running resource sucking AV software if I don't have to.
I don't see why I should slow down my computer by running resource sucking AV software if I don't have to.
Lt Major Burns
"Dicky" Charlteston-Burns
how impossible is it to create a virus for osX - someone can hack everything. osX is hackable - how hackable?
Tetano
Registered
create a virus isn't impossible... at the moment it's easier for windows for the presence on-line of virus-building tools which provide the necessary codes for every virus part... recently i haven't read of any new vulnerability in osX, but, for example, the latest update for iTunes was released to fix a potential security hole, with an exploit available on-line
Andrew Adamson
Got root? Sudoes.
I realize there is a huge difference between a virus/trojans/worms that target the OS and those that target specific applications and services, but the vast majority of users don't care about what kind of virus they have once they realize their MP3s have all been overwritten or that their hard drive has become an FTP drop box for pr0n. They will undoubtedly blame the operating system since the virus doesn't affect Windows. Given the huge range of 'web enabled' applications running on the Mac, I see a day soon when 'OS X viruses' do start to appear. The obvious efforts of Apple to simplify the firewalling process give me little confidence, given that I have yet to see one outgoing request get stopped by it.
For example, on my own Mac, I have PHP 4.3.10 installed and running -- in fact it was running from the day I bought this machine (along with Perl and Python, and probably several other scripting languages I don't use or care about). If you are a budding programmer, this is amazing since it means you don't have to compile or install a thing. But this version of PHP still has 'multiple vulnerabilities' according to Secunia.org. As a PHP programmer, I know the risks are tiny, since I do all of my own coding and I don't use my box to serve anything to the web. But I can imagine lots of other users loading all sorts of self-installing web applications onto their boxes without the slightest awareness that they are exposing their machines to danger. Load on PHPNuke or some other OSS content management system, you have added another layer of vulnerabilities. Add some extenstion and you are down another layer.
As for OS X's 'inherently stronger' permissions... Every week I read more about Linux exploits that 'escalate permissions' or install 'rootkits', phrases I had never heard of before I moved to Unix. "Stronger" is not "impervious". Yes, Windows is a much bigger target. Yes, it significantly easier to attack. And, yes, it takes little more than a cut and a paste to build a virus that can take down a few thousand Windows machines. But I am willing to wager there are a few serious crackers out there working on breaking your Mac right now, just for the credit of being able to say, 'I was the first.'
Don't get me wrong. I left Windows specifically because of Microsoft's half-baked approach to security (the GDIPlus.dll vulnerability was the straw that broke my camel's back). I feel immeasurably happier and safer with the Mac. But to suggest even for a moment that OS X is 'safe' in any concrete sense is to speak words that will surely come back to haunt you.
For example, on my own Mac, I have PHP 4.3.10 installed and running -- in fact it was running from the day I bought this machine (along with Perl and Python, and probably several other scripting languages I don't use or care about). If you are a budding programmer, this is amazing since it means you don't have to compile or install a thing. But this version of PHP still has 'multiple vulnerabilities' according to Secunia.org. As a PHP programmer, I know the risks are tiny, since I do all of my own coding and I don't use my box to serve anything to the web. But I can imagine lots of other users loading all sorts of self-installing web applications onto their boxes without the slightest awareness that they are exposing their machines to danger. Load on PHPNuke or some other OSS content management system, you have added another layer of vulnerabilities. Add some extenstion and you are down another layer.
As for OS X's 'inherently stronger' permissions... Every week I read more about Linux exploits that 'escalate permissions' or install 'rootkits', phrases I had never heard of before I moved to Unix. "Stronger" is not "impervious". Yes, Windows is a much bigger target. Yes, it significantly easier to attack. And, yes, it takes little more than a cut and a paste to build a virus that can take down a few thousand Windows machines. But I am willing to wager there are a few serious crackers out there working on breaking your Mac right now, just for the credit of being able to say, 'I was the first.'
Don't get me wrong. I left Windows specifically because of Microsoft's half-baked approach to security (the GDIPlus.dll vulnerability was the straw that broke my camel's back). I feel immeasurably happier and safer with the Mac. But to suggest even for a moment that OS X is 'safe' in any concrete sense is to speak words that will surely come back to haunt you.
ex2bot
Registered Bot
I don't believe it is safe, only safer. Nor do I believe it is completely secure, only more secure.
As for protecting Windows users from a virus, I don't forward attachments. I understand that viruses could be spread via email in ways other than as an attachment. But that's what _their_ virus checkers are for, right?
Doug
As for protecting Windows users from a virus, I don't forward attachments. I understand that viruses could be spread via email in ways other than as an attachment. But that's what _their_ virus checkers are for, right?
Doug
TommyWillB
Registered
That's not true.Andrew Adamson said:
OSX does not ship with Apache/PHP running!
If it was running "from the day (you) bought" it, that's because YOU turned it ON while exploring your new machine!
Besides, its pretty d#*n hard to exploit PHP if you don't actually have PHP scripts in your docroot... And Apple absolutely does not ship OS X with any PHP scripts active.
Andrew Adamson
Got root? Sudoes.
TommyWillB said:
Excuse me. Did I say Apache? Go to the command prompt and type 'php', you get PHP. I sure do. That is what I am talking about.
My specific issue with PHP (and Perl, Python, &c) is this. First, I am not that concerned that some anonymous cracker can connect to the user's machine to do nefarious things in PHP because at the moment I don't think they can (at least not without the user's help). The firewall seems to me to be pretty solid and will stop inbound anonymous traffic, and without Apache running as a service, there is no easy way to contact PHP from the outside world -- without my help. Fine. We're on the same page on this one. My first problem is that they have installed an extrememly powerful, scriptable language that has documented vulnerabilities, including techniques (certainly in Linux) to ESCALATE permissions to root, and which the VAST majority of users aren't aware of and won't use (you can argue for leaving Python installed because a lot of installers are written in it, but PHP???). The second is that they, at least at present, do not seem to be offering any patches to bring it up to the present release through the automatic update process. The third is that the firewall does not appear to stop OUTbound traffic of any kind, and does not alert the users to any new traffic patterns AND (from what I can see) does not stop inbound responses to that traffic. Install BitTorrent, it works just fine without tuning the firewall. Install a PHP Spambot, it works just fine too, I reckon.
So, again, my worries are 1) known vulnerabilities, 2) no automatic patching to current builds, 3) no way to warn users of new processes or stop outbound traffic.
Satcomer
In Geostationary Orbit
Andrew Adamson said:
1) I know the Mac probably has some kind of vulnerability. Please show us ANY computer (especially one that connects to a network) that doesn't any vulnerability. It is an arms race between the makers of software/hardware and the ones trying to break codes.
2) There is a way to track most all outbound traffic (and you WILL BE surprised) called Little Snitch. It will notify you of most all outgoing traffic.
TommyWillB
Registered
Okay... I understand your point about PHP command line (Apple did not originally have that enabled) vs. over HTTP, but I'm still confused as to why this is such a big concern.Andrew Adamson said:
You yourself admit:
Andrew Adamson said:
So if you are worried about novice users, what's the issue... It's not like they are going to install some PHP script that does all of the network conenction issues you talk about.
If you're advanced enough to do things like that, then you're responsible for proceeding at your own risk. Nothing Apple can do about that.
Ragarding the patching, Apple has done several updates to PHP... They don't do them as fast as they are released, but a hell of a lot faster than other OS's are updated.
TommyWillB
Registered
I agree. Little Snitch is great.Satcomer said:
I use it. I love it. I too would like to see Apple add someting like it to the base OS X install.
Andrew Adamson
Got root? Sudoes.
I wouldn't say 'fundamental failure' of the OS. If you regularly visit Secunia.org, you'll see that exploits like this are pretty routine. Specifically, regarding PHP and permission escalation, see http://secunia.com/advisories/13481/. There are plenty more if you dig.lurk said:
I guess I should point out that I am not a security wonk. I am a programmer. Because I write things with my client's security in mind, the security of the products I use is important to me. So I try to keep my eyes and ears open about vulnerabiilties. Also, I live in Japan, while I maintain banking and credit card accounts in Canada -- so a key logger or rootkit could pretty much ruin my day. As a result, I regularly visit Secunia, I watch the processes that are running, I read my logs. I try to be safe.
I guess, regarding TommyWillB's comments, all I can say is that 'novice users' 'installing things' was the chief reason Windows is the security nightmare it is (in my opinion). Simply saying that 'it's your fault; if you installed it, you should have known what you were doing' is not enough for Microsoft users, so it shouldn't be for anyone else. Furthermore, certain vulnerabilities can mean things get installed without the user's help. So, leaving things like PHP installed when the overwhelming majority of Mac users don't know what PHP is and certainly would never use it, is dumb enough. Leaving it installed when vulnerabilities exist now and will probably exist for some time to come is dumb and risky. And leaving it installed when vulnerabilities in other products might be used to run PHP scripts locally, dumb and VERY risky.
I'm real sorry for saying this, but I get the impression that I am beating a dead horse here. Just because 'Product X' (PHP, iTunes, AppleScript...) is cool, just because it's been around forever, just because everyone and their cousin uses it, doesn't mean it is secure. Before you say something is secure, you should first try to find out if it is not. Otherwise, assume it is not.
HomunQlus
Artifical Lifeform
People, it's done. It's true. There's the first trojan known to me for OS X. It puts in some entries into the start up files and opens some back doors that allow intruders to run commands on root level.
http://www.sophos.com/virusinfo/analyses/maccowhanda.html
http://www.sophos.com/virusinfo/analyses/maccowhanda.html
Lt Major Burns
"Dicky" Charlteston-Burns
so... er, what do we do? none of us have anti-virus software
Lt Major Burns
"Dicky" Charlteston-Burns
i assume it's a patch for Sophos antivirus - it's just not a recognised file