{"id":251,"date":"2005-03-22T14:49:59","date_gmt":"2005-03-22T06:49:59","guid":{"rendered":"http:\/\/www.nargalzius.com\/blog2\/http:\/www.nargalzius.com\/blog2\/archives\/2005\/03\/2005_03_22_1449.php"},"modified":"2005-03-22T14:49:59","modified_gmt":"2005-03-22T06:49:59","slug":"symantec-mac-os-x-becoming-a-malware-target","status":"publish","type":"post","link":"http:\/\/nargalzius.com\/blog\/archives\/2005\/03\/22\/symantec-mac-os-x-becoming-a-malware-target","title":{"rendered":"Symantec: Mac OS X Becoming a Malware Target"},"content":{"rendered":"<blockquote>\n<p><strong><a href=\"http:\/\/it.slashdot.org\/article.pl?sid=05\/03\/22\/0055237&amp;from=rss\" title=\"View article\">Symantec: Mac OS X Becoming a Malware Target<\/a><\/strong><\/p>\n<p>Security vendor Symantec is warning that Apple&#8217;s OS X operating system is increasingly becoming a target for hackers and <a href=\"http:\/\/en.wikipedia.org\/wiki\/Malware\" title=\"What is Malware?\">malware<\/a> authors.&#8217; They go on to warn that the only thing that&#8217;s protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for &#8216;style over function,&#8217; according to one analyst, Apple computer has become a target for new attacks.<\/p>\n<p><em>via <a href=\"http:\/\/slashdot.org\/\" title=\"Visit Slashdot\">Slashdot<\/a><\/em><\/p>\n<\/blockquote>\n<p>The bummer here is that it was stated by Symantec, which easily could be construed as an act of furthering their own sales of AntiVirus software. But in general, friends and I have been discussing this before. That the reason OS X is said to be &#8220;secure&#8221; is simply because there isn&#8217;t enough interest in it for the malicious hackers.<\/p>\n<!--more-->\n<p>I guess my point is which I posted in one messageboard:<\/p>\n<blockquote>\n<p>&#8230; <strong>all<\/strong> OSes have security flaws, and will never be perfect. And how &#8220;easy&#8221; it will compromised I believe depends on how big it&#8217;s userbase is&#8230; or how &#8220;above radar&#8221; it is.<\/p>\n<p>Let me rephrase, not &#8220;easy&#8221; but &#8220;how many instances.&#8221; I think Unix and all its other flavors are all tough cookies to crack compared to MS, but that <em>doesn&#8217;t<\/em> mean they <strong>can&#8217;t<\/strong> be hacked\/cracked.<\/p>\n<p>I believe the same can happen to OS X. And who knows, maybe Longhorn will once again be king of the vulnerable OSes once it&#8217;s released.<\/p>\n<p>I totally agree with JBD that PLBCAK for the most part &#8211; and that good surfing\/mailing\/maintenance habits go a long way. But there is still always is a possibility that there will be an exploitable flaw in every OS build&#8230; it just needs to be discovered. And the userbase expedites the time needed for that exponentially.<\/p>\n<p><em><strong>PLBCAK<\/strong> &#8211; Problem Lies Behind Chair And Keyboard (that means <strong>US<\/strong>)<\/em><\/p>\n<\/blockquote>\n<p>But I&#8217;d have to say that with regards to viruses, I think the article is erroneous (as of now at least). If you&#8217;re vaguely familiar with unix, you&#8217;ll notice that security is a bit (or a whole lot if you wish) tighter. There are instances wherein you have to <em>manually<\/em> enter passwords (authenticate) when it comes to modifying areas the OS deems <em>sensitive.<\/em><\/p>\n<p>Let me elaborate: My primary user account is already at an administrative level, but there are times when the I am required to authenticate at a <code>root<\/code> (superuser) level. Take the Apache web-server for example. Running <code>apachectl start<\/code> from terminal will not engage even from my  administrator account. You <strong>have<\/strong> to run it as <code>root<\/code> &#8211; hence the need for the <code>sudo<\/code> (superuser do) prefix which authenticates operations as being done by <code>root<\/code> (your &#8220;superuser&#8221;) regardless from which account you are running it from. Such operations require manual entry of your <code>root<\/code> password (not to mention the whole intention of you doing so).<\/p>\n<p>What does this have to do with viruses and the lot? As I said, to engage &#8220;<a href=\"http:\/\/en.wikipedia.org\/wiki\/Malware\" title=\"What is Malware?\">malware<\/a>&#8221; you actually have to <em>run<\/em> whatever it is that the malicious programmer has created. Parent&#8217;s [or people] who don&#8217;t know better are the prime examples of such users. Anyways the point is, something cannot run by itself unless it had some trigger, and that trigger can only be between the desk and your chair (you my friend).<\/p>\n<p>Now security exploits on the other hand are quite different. In Windows, you <a href=\"http:\/\/en.wikipedia.org\/wiki\/Malware\" title=\"What is Malware?\">malware<\/a> such as the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Blaster_worm\" title=\"What is the Blaster Worm?\">Blaster Worm<\/a>, which could infect you and others by simply being there. No trigger was required &#8211; an infected machine merely needed to know if there was another vulnerable machine to infect and deal some damage. So in this instance, it was a [worm][]&#8230; but could very well be a virus, <a href=\"http:\/\/en.wikipedia.org\/wiki\/Trojan_horse_%28computing%29\" title=\"What is a Trojan?\">trojan<\/a>, or whatever the hell <a href=\"http:\/\/en.wikipedia.org\/wiki\/Malware\" title=\"What is Malware?\">malware<\/a> you can think of.<\/p>\n<p><strong>That<\/strong> is the danger of security flaws, and all OSes have it. But the problem in Windows was how it had so much stuff running in the background, most of which weren&#8217;t needed, and those services can operate without limitation. Plus the system structure of windows was all over the place: it allowed [malicious] apps to be copied and triggered via <code>ini<\/code> files, registry entries, start menu, etc. without the user knowing&#8230; or the system questioning.<\/p>\n<p>I would say that Unix (and its flavors) aren&#8217;t as easy to exploit (I hope) &#8211; changing anything OS\/System related pretty much always needs <code>root<\/code>\/administrative authentication, even if you intentionally ran the thing. Which is a good precaution in my opinion. Better safe than sorry right? You run an installer which doesn&#8217;t mess with your system, fine. You run something that <em>can,<\/em> then you need to approve it first. <a href=\"http:\/\/en.wikipedia.org\/wiki\/Malware\" title=\"What is Malware?\">Malware<\/a> (except spyware, I guess) fall under the second scenario. So for the most part, as far as viruses are concerned, unless someone can actually program something that would run as a superuser <strong>without<\/strong> the system noticing (through a security hole\/flaw) then you&#8217;re pretty much safe from harm.<\/p>\n<p>Unless of course&#8230; you&#8217;re stupid enough to open\/run <em>and<\/em> authenticate the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Malware\" title=\"What is Malware?\">malware<\/a> yourself \ud83d\ude42 But then if you did, then I&#8217;d say you&#8217;ll deserve the consequences.<\/p>","protected":false},"excerpt":{"rendered":"<p>Symantec: Mac OS X Becoming a Malware Target Security vendor Symantec is warning that Apple&#8217;s OS X operating system is increasingly becoming a target for hackers and malware authors.&#8217; They go on to warn that the only thing that&#8217;s protected Apple users from exploits so far has been the small number of Macs on the &hellip; <p class=\"link-more\"><a href=\"http:\/\/nargalzius.com\/blog\/archives\/2005\/03\/22\/symantec-mac-os-x-becoming-a-malware-target\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Symantec: Mac OS X Becoming a Malware Target&#8221;<\/span><\/a><\/p><\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[5,13],"tags":[96,292,518,860,1214,1230,1259],"class_list":["post-251","post","type-post","status-publish","format-standard","hentry","category-internet","category-technology","tag-apple","tag-cracking","tag-hacking","tag-os-x","tag-trojan","tag-unix","tag-virus"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/posts\/251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/comments?post=251"}],"version-history":[{"count":0,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/posts\/251\/revisions"}],"wp:attachment":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/media?parent=251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/categories?post=251"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/tags?post=251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}