Discussion on:
View:
Show:
I think that "In that same period, I estimate we???ve removed thousands of virus and malware infections from hundreds of Windows machines." is a little exaggerated unless they are all running unpatched version of WinXP and IE6. I work on a lot of Win7 machines and with the exception of social engineering, I have seen very few viruses. I also do corporate and private work. Social engineering is the hardest one to fight because some users are just not that smart...
I agree. A thousand is a lot. Makes me wonder how many clients he has. Is he counting one thousand computers that were part of a botnet in a single organization? Or one thousand seperate incidents? You would need to find at least 3 infections a day, every day of the year to reach over a thousand incidents.
Erik makes this mistake every time he discusses Mac security... he confuses actual "vulnerability" with infection rates. Truth is, the folks over at Black Hat... who I think know a LOT more about security than Erik Eckel, state that OS X is actually MORE vulnerable than Windows 7:
http://www.zdnet.com/blog/hardware/black-hat-os-x-networks-are-significantly-more-vulnerable/14130
Or to put it another way, if attacks exploited OS X at the same pace they do Windows, OS X would have more infections, proportionate to the user base size.
Funny enough, the last time Erik trotted out a nearly identical article a few months ago, he had already been pre-debunked by ZDNet with a similar report.
J.Ja
http://www.zdnet.com/blog/hardware/black-hat-os-x-networks-are-significantly-more-vulnerable/14130
Or to put it another way, if attacks exploited OS X at the same pace they do Windows, OS X would have more infections, proportionate to the user base size.
Funny enough, the last time Erik trotted out a nearly identical article a few months ago, he had already been pre-debunked by ZDNet with a similar report.
J.Ja
... it seems strange that the actual infection rates remain well below 1/2 of one percent while Windows runs between 15%-30% depending on who you read. This, by the way, is in the wake of the Mac Defender attack which supposedly has had the largest effect on the Mac environment of any.
Now, why, even after such a publicized event, is Mac infection still so low despite its supposedly greater level of vulnerability?
Now, why, even after such a publicized event, is Mac infection still so low despite its supposedly greater level of vulnerability?
Look at the number of people actively exploiting Macs... it's very low. I don't know why they don't do it, Mac market share is high enough, the vulnerabilities are there, and there's the false sense of security that makes them an even juicier target. I'm not sure why the infection rates are used to "prove" anything. It's like saying that if you know 100 people who jumped from a bridge and never died, but the only person you know who walks to work get killed by a runaway bus, that jumping off of bridges is safer than walking to work.
J.Ja
J.Ja
Erik, please go read this post by Deb Shinder:
http://www.techrepublic.com/blog/security/black-hat-2011-update-macs-in-the-crosshairs-kaminsky-on-bitcoin/6222
a quote from her coverage of BlackHat 2011:
"The talk compared Mac OS X to Windows and concluded that the default settings in OS X can allow easier hacking, and it???s time for businesses that use Macs to get just as serious about security on those systems as they are with their Windows machines."
Also, the features you describe in your section "The Facts" are all features that exist in Windows 7 and 2008R2.
http://www.techrepublic.com/blog/security/black-hat-2011-update-macs-in-the-crosshairs-kaminsky-on-bitcoin/6222
a quote from her coverage of BlackHat 2011:
"The talk compared Mac OS X to Windows and concluded that the default settings in OS X can allow easier hacking, and it???s time for businesses that use Macs to get just as serious about security on those systems as they are with their Windows machines."
Also, the features you describe in your section "The Facts" are all features that exist in Windows 7 and 2008R2.
infest your armpits. So how many fleas are there? 
Erik didn't say a thousand computers; his estimate was in the hundreds. Of course that begs the question of how are they getting infected multiple times, which may have nothing to do with technical hardening issues. We can't stop users from circumventing security intentionally.
His evidence of Mac vs. PC security superiority is anecdotal, thus his conclusions are suspect. He should have left it at both systems can be compromised...
Erik didn't say a thousand computers; his estimate was in the hundreds. Of course that begs the question of how are they getting infected multiple times, which may have nothing to do with technical hardening issues. We can't stop users from circumventing security intentionally.His evidence of Mac vs. PC security superiority is anecdotal, thus his conclusions are suspect. He should have left it at both systems can be compromised...
I would like to take time to point out something Erik left out of the Mac security equation. There is a very important difference in the Mac OS (any version old or new), which is that 90% or more in built into the HARDWARE and is not loaded from the hard drive, but from ROM (read-only-memory). Thus the major percentage of the operating system cannot be changed by hacking or a virus.
My experience with Macs goes back to the first 128K in 1984. Can a Mac become infected? YES After all this is how Peter Norton made his debut with Norton Utilities and Norton Anti-Virus. Can an Infection take down a Mac? Not seriously because the only portion of the Mac OS that is loaded from the hard-drive is the tokenized or localized software. I.E., the keyboard language set for whatever country you live in. Very minimal stuff. With a clean copy of your Mac system you can easily restore even that portion and be up and running again quickly.
Some comments already posted are grossly unaware of just how many Macintosh computers are actually in use compared to PCs. This is just more of the age old Ford vs Chevy war.
Apple Computer has done a tremendous job of building better computing devices than any other single company on the planet.
They maintain strong market shares in every arena they dabble in and ALSO hold on to loads of reserve CASH for development of future devices.
But for those who do not want the BMW of computers, or simply cannot afford one, go ahead and buy the Chevy.
Obviously, I also own a Ford!
My experience with Macs goes back to the first 128K in 1984. Can a Mac become infected? YES After all this is how Peter Norton made his debut with Norton Utilities and Norton Anti-Virus. Can an Infection take down a Mac? Not seriously because the only portion of the Mac OS that is loaded from the hard-drive is the tokenized or localized software. I.E., the keyboard language set for whatever country you live in. Very minimal stuff. With a clean copy of your Mac system you can easily restore even that portion and be up and running again quickly.
Some comments already posted are grossly unaware of just how many Macintosh computers are actually in use compared to PCs. This is just more of the age old Ford vs Chevy war.
Apple Computer has done a tremendous job of building better computing devices than any other single company on the planet.
They maintain strong market shares in every arena they dabble in and ALSO hold on to loads of reserve CASH for development of future devices.
But for those who do not want the BMW of computers, or simply cannot afford one, go ahead and buy the Chevy.
Obviously, I also own a Ford!
Do you have proof that MacOS is installed to ROM instead of the hard drive?
The computer he was referring to was an Apple II. Like the old C-64, the basic based OS was stored in ROM.
One problem that those systems could suffer from was that the ROM chips in some models were actually EEPROM, and could be reset or replaced with certain software. There were a few virii on the floppy disks that did this to the computer. It could totally HOSE the system if it did. Imagine your PC without any Boot ROM. Get the picture?
The current Apple computers have much more in common with Windows based PC's than with the old Apple products.
One problem that those systems could suffer from was that the ROM chips in some models were actually EEPROM, and could be reset or replaced with certain software. There were a few virii on the floppy disks that did this to the computer. It could totally HOSE the system if it did. Imagine your PC without any Boot ROM. Get the picture?
The current Apple computers have much more in common with Windows based PC's than with the old Apple products.
... you could put 6 MB of RAM on an Apple II. Ok, really it was RAMdisk, but the effect was equivalent to using an SSD today on a machine over 30 years ago.
Yes, but it was as slow as molasses flowing in January. You could also do the same on an old IBM XT. But, almost nobody did, because it was so slow. The computer was constantly swapping in and out memory to disk.
Oh, and the SSD is not the equivelant of RAM, it is much more like using the floppy disks, only much bigger. But that's just 20 years of Moores Law.
Oh, and the SSD is not the equivelant of RAM, it is much more like using the floppy disks, only much bigger. But that's just 20 years of Moores Law.
It was an early form of SSD that let you load all your software and have instant access to it. At the time, it was anything BUT slow. Of course, you didn't dare turn off the computer because then you'd have to reload the apps and files all over again. Very volatile compared to magnetic disk at the time.
You see, back then Apple allowed a third-party manufacturer to offer plug-in cards for 80-column, RAM enhancement and other capabilities both video and storage related. The company was Applied Engineering and some of those cards went by the name of RamFactor, RamWorks and similar. My Apple II was a 16K when I bought it but a 128K when I finally sold it, not counting the megabytes of RAMDisk on board. I sold it then to earn up enough money to buy an Apple IIe simply because I'd developed a need for the ??? (apple) keys which I couldn't emulate or further modify the older machine to include. About 2 years later I bought my first Mac--a Mac Plus that was already 8 years old.
You see, back then Apple allowed a third-party manufacturer to offer plug-in cards for 80-column, RAM enhancement and other capabilities both video and storage related. The company was Applied Engineering and some of those cards went by the name of RamFactor, RamWorks and similar. My Apple II was a 16K when I bought it but a 128K when I finally sold it, not counting the megabytes of RAMDisk on board. I sold it then to earn up enough money to buy an Apple IIe simply because I'd developed a need for the ??? (apple) keys which I couldn't emulate or further modify the older machine to include. About 2 years later I bought my first Mac--a Mac Plus that was already 8 years old.
When you are right, you are right.
I try never to argue with someone when they are correct.
However, I will still maintain that the systems were not really suitable to modern architectures, that is why we don't see them much any more.
Oh, and BTW there was also a nifty technology back then that stored a long string of digits sequentially on a long column, and stepped through the columns to access the data, Like the RAM disks you referred to, though it was a power on only tech. In the late '70s these chips would allow you to store and Rapidly retrieve up to a megabyte of data, in a fraction of a millisecond. The were limited to sequential access, not random though. I have seen some proposals to use that architecture for some new RAM drives. But I've never seen a modern (less than 30 years old) product with it. These sequential SSM (Solid State Memory) devices were loaded from a tape drive, if I remember correctly. they were used as a sort of extremely fast tape drive. Like Magnetic Bubble technology, it's another obsolete dream.
I try never to argue with someone when they are correct.
However, I will still maintain that the systems were not really suitable to modern architectures, that is why we don't see them much any more.
Oh, and BTW there was also a nifty technology back then that stored a long string of digits sequentially on a long column, and stepped through the columns to access the data, Like the RAM disks you referred to, though it was a power on only tech. In the late '70s these chips would allow you to store and Rapidly retrieve up to a megabyte of data, in a fraction of a millisecond. The were limited to sequential access, not random though. I have seen some proposals to use that architecture for some new RAM drives. But I've never seen a modern (less than 30 years old) product with it. These sequential SSM (Solid State Memory) devices were loaded from a tape drive, if I remember correctly. they were used as a sort of extremely fast tape drive. Like Magnetic Bubble technology, it's another obsolete dream.
If this were the case, things like "Hackintoshes" would not be possible. Furthermore, while Macs *do* have some code in ROMs (it's not OS X code, incidentally, otherwise you never could use the old hardware like KBs with newer Macs), the ROM is flashable like a BIOS. And in fact, these flashable ROMs have been used as attack vectors in the past, so that even if you wiped the drive, the *hardware* would re-infect the system! A few years ago, folks used the keyboards like this, and I believe that there was another recent example as well, using a different piece of hardware.
I think maybe you are confusing the hardware that Apple uses instead of a BIOS (I forget its name offhand) with something else...
J.Ja
I think maybe you are confusing the hardware that Apple uses instead of a BIOS (I forget its name offhand) with something else...
J.Ja
One example I know of where there was code in the ROMs was the ability to plug and play. If you had a Mac II, as an example, and you threw a new video card in the system, Apple or approved third party(who conformed to the HW protocols), the system would see it automatically and use it. You could literally swap an old video card/monitor combo for a new one without loading software.
Similarly if you threw an Apple brand SCSI HD into the system, it would be mounted automatically. But there were workarounds for non "approved" SCSI drives that you could use, involving software patches.
But while this is in some other system's OS, it doesn't make it part of the Mac OS, its really redrawing the lines of where the firmware ends and the OS begins, and has its plusses and minuses.
Similarly if you threw an Apple brand SCSI HD into the system, it would be mounted automatically. But there were workarounds for non "approved" SCSI drives that you could use, involving software patches.
But while this is in some other system's OS, it doesn't make it part of the Mac OS, its really redrawing the lines of where the firmware ends and the OS begins, and has its plusses and minuses.
I believe you are referring to the battery.
http://www.techrepublic.com/blog/security/attack-of-the-apple-laptop-battery-vulnerability-could-be-used-to-install-malware/5835
http://www.techrepublic.com/blog/security/attack-of-the-apple-laptop-battery-vulnerability-could-be-used-to-install-malware/5835
A lot of the OS was in ROM ... circa 1985. With the advent of the BSD/Mach fork that is no longer the case, and made it possible to port to other hardware ala Core2Duo ... I just put Snow Leopard on a DELL laptop. Works great, except that Mac hardware BIOS is different from a standard PC and includes the ability to boot HFS+ volumes
Ref: http://en.wikipedia.org/wiki/Extensible_Firmware_Interface
Ref: http://en.wikipedia.org/wiki/Extensible_Firmware_Interface
Glad to,
At Black Hat, Linux is what most of the crackers run. That's because they know enough to keep each other out. For that, you have to be able to modify the internals. Something that Mac and Windows don't excel at.
Oh, and BTW, the Mac is usually the first system broken. Windows is a close second. Does this tell you anything?
At Black Hat, Linux is what most of the crackers run. That's because they know enough to keep each other out. For that, you have to be able to modify the internals. Something that Mac and Windows don't excel at.
Oh, and BTW, the Mac is usually the first system broken. Windows is a close second. Does this tell you anything?
Windows 7 and Windows 2008 have all the features you describe as new security technologies you found in a MAC. I don't know how your windows network have too many infections with GPOs and Antivirus. Perhaps users have too many permissions, perhaps you need a lockdown feature (like Cisco Security Agent). Something is missing here, I see a couple of big Windows networks without a single virus hit or problems. You will need firewalls, NAC, IPS, etc to properly secure windows networks, most because users education is not good and people continue to visit lot of bad sites or open spam emails.
With the release of MacGuard and it's variants, it shows that Macs aren't so secure. The only reason why Macs haven't been hit harder has been because the OS market share. The crackpots that create malware are aiming at Windows users as that is a bigger market share and will find the most novice uers.
But with Macs being higher priced, I suspect we won't hear the last of Mac malware because a) Apple couldn't defend the OS correctly and b) Macs cost more than PCs - so they can afford to fork over more money.
Face it. apple did badly when it came to addressing the problem. People complained in their forums [and others] and MacGuard support calls hit 25%+ on the issue and all Apple initially said was to by some anti-malware program at the app store [of which Apple gets 30% off the top]. Only after that they released an update that fixed that problem but doesn't solve the underlying problem of how the bug was manipulated.
Note the recent issue with the battery software where every one has the same default password. Malware writers can easily manipulate that issue.
But with Macs being higher priced, I suspect we won't hear the last of Mac malware because a) Apple couldn't defend the OS correctly and b) Macs cost more than PCs - so they can afford to fork over more money.
Face it. apple did badly when it came to addressing the problem. People complained in their forums [and others] and MacGuard support calls hit 25%+ on the issue and all Apple initially said was to by some anti-malware program at the app store [of which Apple gets 30% off the top]. Only after that they released an update that fixed that problem but doesn't solve the underlying problem of how the bug was manipulated.
Note the recent issue with the battery software where every one has the same default password. Malware writers can easily manipulate that issue.
Check this out:
"I don???t have a horse in this race. I use Apple products in my business..."
and, from your profile:
"Erik Eckel is a managing partner at Louisville Geek, an IT consulting firm that specializes in providing cost-effective technology solutions to small and medium businesses."
I share the thoughts that you have a really big horse in this race and your "analysis" is mediocre and biased at most, since it simply ignores all the previous reports - many of them in Tech Republic - even the most recent ones.
"I don???t have a horse in this race. I use Apple products in my business..."
and, from your profile:
"Erik Eckel is a managing partner at Louisville Geek, an IT consulting firm that specializes in providing cost-effective technology solutions to small and medium businesses."
I share the thoughts that you have a really big horse in this race and your "analysis" is mediocre and biased at most, since it simply ignores all the previous reports - many of them in Tech Republic - even the most recent ones.
I agree. Apple computers are infected WAY less than Windows computers... but...
The 'virus' writers do not target Apple computers; they target Windows computers. The point being, if they (the virus factory/writers) switched gears and began targeting Mac systems... you WOULD see a huge spike in (Mac) infections... and a lot LESS Windows OS infections. Same goes for the Linux flavor systems. Nothing new here.
The 'virus' writers do not target Apple computers; they target Windows computers. The point being, if they (the virus factory/writers) switched gears and began targeting Mac systems... you WOULD see a huge spike in (Mac) infections... and a lot LESS Windows OS infections. Same goes for the Linux flavor systems. Nothing new here.
Linux would be much harder than either Mac or Windows, because of the fractal nature of most Linux installations. Ubuntu would be different than Fedora, which would also be different than Slakware or SUSE.
However, there were some exploits that were causing some worries for Linux users around 10 years ago. These were mostly Escalation of Privilege attacks. Similar to some of the new attacks against windows 7 systems. Linux has worked out ways to prevent them.
Microsoft should be studying what the Linux people did.
There are nearly secure Linux systems out there, but they are not very common.
Apple uses a broken version of the Unix protocols. Windows seems to be moving to adopting the Unix protocols. We may soon see a situation where Windows is really more secure than Apple. But, they aren't there yet.
However, there were some exploits that were causing some worries for Linux users around 10 years ago. These were mostly Escalation of Privilege attacks. Similar to some of the new attacks against windows 7 systems. Linux has worked out ways to prevent them.
Microsoft should be studying what the Linux people did.
There are nearly secure Linux systems out there, but they are not very common.
Apple uses a broken version of the Unix protocols. Windows seems to be moving to adopting the Unix protocols. We may soon see a situation where Windows is really more secure than Apple. But, they aren't there yet.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
