Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Mac Trojan Fallout: Apple Security Glory Days Gone?
Newest First  |  Oldest First  |  Threaded View
ANON1237925156805
50%
50%
ANON1237925156805,
User Rank: Apprentice
4/23/2012 | 5:36:33 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
I take slight issue with this article. There's no question that the "bang for the buck" has some validity. It doesn't follow that one serious malware attack proves that the Mac environment was never all it was cracked up to be.

Macs are far from invulnerable and I've never seen an Apple ad that said they were. Still there are legitimate technical reasons why Macs have been deemed more robust, especially compared to older versions of Windows. These relate to the inherently secure nature of the Unix kernel. It's hard for malware to penetrate and hard for it to remain in place undetected. All of Unix's children inherit these qualities including OS X, iOS, Linux and Android.

IW has written several articles about this in the past and there are plenty of objective descriptions on the web as well. Bill Gates certainly acknowledged this when he chose to spend his last days at Microsoft heading the effort to harden Windows/Office. (No question that Microsoft has greatly improved in this area.)

The challenge today is in our n-tiered client server world, there many layers through which malware can attack and do harm and many places for it to lodge. Even if a bad actor can't take up permanent residence in the kernel, it can do a lot of damage before it's detected. Think of how much a burglar could remove from your home in 10 minutes were you to leave the door open while running a quick errand.

That's why anyone with common sense treats all PCs and mobile devices as being at risk, whether they be Windows, Mac or Linux. We all know the steps to take, ranging from anti-virus to WEP 2 Wi-FI to hardware/software firewalls, to absolutely never ever install upgrades from pop-ups of unknown origin. Dare I say that this is especially true for Adobe software?

Microsoft, Apple and Google must take the lead in educating users about risks and solutions. So far that hasn't happened to the extent that it should, perhaps because no vendor wants to publicly admit that its products have weaknesses. So in the meantime, users have a responsibility to learn what to do and to implement it.

In terms of Apple's post-attack behavior, it's WAY too soon to say that they failed a critical test. The problem is that their defensiveness in the past makes us not give them the benefit of the doubt. Apple will have to earn our trust by being more forthcoming and responsive when problems occur and evolving proactively as threats morph over time.

Sad as Mr. Job's departure is, Apple without him is starting to show signs of change in this area. May it continue so that they retain their deserved reputation for quality and security.
Tronman
50%
50%
Tronman,
User Rank: Apprentice
4/20/2012 | 5:16:45 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
Another mac user in denial.
YMOM100
50%
50%
YMOM100,
User Rank: Apprentice
4/20/2012 | 11:16:22 AM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
Why "gone"? Apple never had security glory days, they just were lucky that their desinterest and tardiness in regards to security did not get punished sooner.
Mathew
50%
50%
Mathew,
User Rank: Apprentice
4/20/2012 | 9:55:09 AM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
@Puggsly and others, you're correct -- 600k isn't 3% of Mac users; didn't mean to imply that it was (article wasn't clear). Initial stats from some security firms had estimated that 2% to 3% of all active Macs were infected, but later stats settled on the 1% to 2% figure.
Likewise, you're correct that the Java-vulnerability-exploiting Flashback didn't make its appearance in February, but also it wasn't April; it was the end of March.
Other dates: The bug exploited by attackers was patched by Oracle in its Feb. 17th Java update for Windows. Apple then released an update patching the Java bug in OS X on April 3.
We'll update the story to correct the stats.

Thanks,
Mathew
ANON1237837896902
50%
50%
ANON1237837896902,
User Rank: Apprentice
4/19/2012 | 11:06:47 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
The discussion is still relevant as it concerns people's choices about what computer platform to purchase. This has been a deciding factor for many people so one of the questions posed is should people still purchase Mac's to be safe and yes this is debatable, but it is no pointless.

What is important is that facts are used in these discussions. Facts like 600k systems represents about 1% of active Mac's. Facts like the first known occurrence of the Java exploit was at the beginning of this month, not early February.

Apple was a couple days late delivering the patch but followed it up with removal code and a hardening of the way the Java plugin is treated. Apple shut down Command and control servers with in days and infection rates are thought to be less than 100k today.

Your concern with the assertion that things are "worse" on windows is no more grounded in fact than the authors. Statements that Microsoft has "proven ability" or "effective distribution" sound hollow when the last major windows attack held on to over 5-9 Million systems for the better part of a year. There was no automated patch that removed conficker or any other virus or trojan I know of by Microsoft. The core OS has no built in quarantine system that I know of. Now I know that Microsoft distributes a free tool, but you have to choose to load it. That tool may be much more robust than Apple's current system, but that is because it has to be. Apple has shown a willingness to deliver exactly what it needs to, to keep ahead of the malware writers.

I would argue that they continue to succeed in making the Mac an unattractive target and thus make Mac users safer, if not down right safe. If we continue to see large scale successful attacks against mac users, I will be proven wrong. But I'm betting that we will continue to hear about 1 or 2 of these every year and Apple will squash them like the bugs they are, and Mac and iOS users will continue to pay little to no attention to concerns of viruses.
jbelkin
50%
50%
jbelkin,
User Rank: Apprentice
4/19/2012 | 8:48:55 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
So far, it seems more people swear they've been abducted by aliens than people who actually have this Mac malware ... Well, unless you believe everything on a Russian website s real and Symantec who of course has no ulterior motive to convince u there's malware ... Has anyone on earth outside of labs admit they found this on their machine? Anyone? Anyone? It seems more people emit to see Bigfoot r the loch ness monster ...
jgeiss4p
50%
50%
jgeiss4p,
User Rank: Apprentice
4/19/2012 | 7:51:53 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
There are a large number of anti-Apple people gloating over this. Yes, Apple could have (and, likely, should have) released this patch faster. However, it is important to note that the number of infected systems has reportedly dropped in the last few days from 600,000 to 140,000. That is a very substantial drop, especially considering that most Mac users have had no previous experience in dealing with such an attack.
In addition, the 600,000 infected machines is a very small number of users (alas, they are those clients who were 'stupid' enough to trust an unsolicited pop-up window instructing them to 'upgrade' their flash! Come on, people!). I have three MacOS X machines at home, and NONE of them were infected (and that's with my children using two of them, clicking on EVERYTHING that they can find!)
Apple has a long way to go before they get to the point where they have to deal with the problems that the Windows systems have been taking for granted for the last decade.
RSL
50%
50%
RSL,
User Rank: Apprentice
4/19/2012 | 3:55:14 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
My point is that there was no need to even mention Windows in this article. None of this constant comparing is necessary G this is a genuine issue with Apple/Macs, period. This article should simply address what is going on relative to the topic. Percentages and numbers can be argued, interpreted, and skewed to the point that they are totally inaccurate.
veggiedude
50%
50%
veggiedude,
User Rank: Apprentice
4/19/2012 | 3:36:29 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
What is wrong with the article is saying 600,000 infected Macs constitutes 3% of Mac users, when it is actually 1%.

And yes, that is far less than the normal exposure rate that infects Windows.
RSL
50%
50%
RSL,
User Rank: Apprentice
4/19/2012 | 3:13:33 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
I am becoming very disillusioned with Information Week and the integrity of its articles. What relevance is there in an article about security issues with Macs, does the text "windows security still looks worse" have to appear right after the headline? Besides irrelevance, the author obviously misuses, the word "worse". There have been issues with the speed and results with regard to the response to this threat on Apple's part. Microsoft has a proven ability, experience, and an effective distribution mechanism to handle updates to their OSes. Worse? Of course Windows has a much greater field to attack, but that is not "worse". Users who do not patch their machines will exist across all platforms, not just Windows - again, "worse"? Furthermore, the article itself, does not elaborate on how and why Windows is purportedly "worse"...

On the flipside, an up to date Windows machine is "better".

As a professional, I would appreciate newsworthy articles that span the full scope of the issue at hand versus constant sensationalism style headlines and content.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVE-2020-15008
PUBLISHED: 2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...