(Why did that happen? I'm confused. I literally just went to Google's home page. Am I missing something? I'd think the big G would be the last site to use Java. It was the only page I went to!)
Doctor Web recommends Mac users to download and install a security update released by Apple…
Dr. Web recommends Mac users to install Dr. Web's industry-leading anti-virus software for Mac OS X…
It's a trojan, not a virus, BTW.
Three iOS jailbreaks (out of many) have exploited holes in Mobile Safari - in 2007, 2010, and 2011 - and the second two were both crafted by one extraordinarily talented person who Apple subsequently hired. So I don't know if that particular vector can be used as strong evidence for Apple being not-so-great at security, and I believe Apple released software updates fixing each of those within a couple weeks.
Each bot includes a unique ID of the infected machine into the query string it sends to a control server. Doctor Web's analysts employed the sinkhole technology to redirect the botnet traffic to their own servers and thus were able to count infected hosts.
Apple's BSD-based security model for many years was much more secure by design than Windows OS.
The empirical security of Mac OS was a combination of better design choices and low exposure. Expert users always knew Macs were not invulnerable, just less vulnerable than Windows machines.
And we will continue to do so for years to come. Signed certificates, sandboxing, randomized buffer memory, etc. Apple is generally so slow on these fixes because they don't want to fuck up someone's Mac.
First of all, macs were not less vulnerable then windows machines. In hacking competitions they were often easier to break into.
I have no idea what point you're trying to make.
And I'll argue that default choices are part of the design.
Number of hours I have spent cleaning up PC viruses: Fuckloads.
Amount of data lost: No way to know.
Number of years working on macs: 20+
Number of years working on PCs: 2.
In fact, how about just please, period? My point is that Mac OS X has been and continues to be an *empirically* more secure OS.
decade and continue to enjoy today is a silly matter of empirical fact that does not take into account artificial conditions and theoretical contexts.
I don't know about artificial conditions... the methodology of that contest sounds pretty good, to me, but sure, yeah... it's designed to let the security experts strut their stuff I suppose.
Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.
In the Apple discussion boards wherein similar (or identical?) symptoms were being discussed the thread invariably detoured as a few resident experts would show up to say "Impossible!". Truly surreal.
Some people feel the need to qualify this long-standing empirical fact by pointing out Macs are *more* vulnerable than Windows machines (which I suppose the contest demonstrated… for proper values of "suppose"). Some feel the need (not you, gilrain) to declaim observations that in practice Macs are exploited less than Windows machines as statements of hubris.
Also, if you're going to point to trojans as evidence of exploitability/unsecurity why don't we just call it a day and let me email you my root password?
Also, unless you have installed Acrobat Reader, you are rendering PDFs in Preview.app instead of Acrobat, so again, you are using a separate rendering than Acrobat. In terms of security, the webkit vulnerabilities in Safari vs Chrome were both exploited at pwn2own recently, but Chrome had 0days that broke the sandbox and did code execution.
Huh, apparently XCode is close enough to "anti-virus" software that it's on the list where Flashback just gives up:
(and /lols at Window users: if schadenfreude that somebody else caught a cold when you're regularly infected with syphilis is the best thing going for you, might be time for a rethink, yeah?)
Microsoft's API's, documented and undocumented, allows deeper access to the OS internals. ... Apple is famous for breaking undocumented API's, Microsoft is famous for leaving them alone across revs. -- Slap*Happy
While you can claim the "attack surface", whatever that is, is smaller than Mac OS X
If the actual "security" of Mac OS X is only the result of living in "good" neighborhood then I'm sure you'll correct me and I'll continue living in my good neighborhood.
As for publishing one of my IPs, delmoi, it's not a matter of confidence. I'm not so foolish to think that servers I admin are invulnerable. I am confident, however, that someone knowledgeable as yourself would have a difficult time in breaching a server I admin. Shall we make it a friendly wager, say a beer and a burger whenever we're in the same town?
That's the "new iPad" in silly Apple marketing language, what are they going to call it when the iPad 4 comes out?
We reverse engineered the first domain generation algorithm ... After domain registration, we were able to log requests from the bots. Since every request from the bot contains its unique hardware UUID, we were able to calculate the number of active bots. Our logs indicate that a total of 600 000+ unique bots connected to our server in less than 24 hours. ... We have used passive OS fingerprinting techniques to get a rough estimation. More than 98% of incoming network packets were most likely sent from Mac OS X hosts.
Mac users can expect more OS X botnets, drive-by downloads, and mass malware from here on out. That's according to security researchers from Kaspersky Lab, who said during a press conference on Thursday morning that anti-malware software is now a necessity for Mac users, and that "Mac OS X invulnerability is a myth."
« Older Google has revealed details of its research into a... | Why Space Exploration Is a Job... Newer »
This thread has been archived and is closed to new comments
Buy a Shirt