Mac OSX

[DasFox]

A friend of mine is looking at getting a mini mac, and since I'm more a Unix/Linux/Windows user over Macs, I can't say I know much about the threats for them. All though I do know that Macs are Unix based, and there aren't many threats out there, BUT does one using them still need a AV, or spyware apps to keep safe?

THANKS

 

[Rilex]

Macs are as much of a UN*X as Windows is with cygwin, SFU, etc. Currently, there are no real threats, though there have been some what would officially classify as "viruses". Nothing to actually be concerned about though -- yet.

 

[Nothinman]

Macs are as much of a UN*X as Windows is with cygwin, SFU, etc.

You have that backwards. Windows+cygwin is Windows with unix tacked on, OS X is unix (or rather NeXT) with Windows tacked on.

 

[spike spiegal]

You don't need anti-Spyware/Malware programs and other 'crisis-ware' on Windows 2000/XP if you'd learn to surf without admin rights.

Apple has too low a market share for Malware writers to bother with. Plus, it's a lot easier writing ActiveX exploits for Internet Explorer on Windows than a browser on Safari. Not impossible, just not very profitable.

 

[drag]

Plus, it's a lot easier writing ActiveX exploits for Internet Explorer on Windows than a browser on Safari. Not impossible, just not very profitable.

just not very Profitable?

You mean "just very impossible". ActiveX is a Microsoft-only disaster. If your not using MS software your immune to ActiveX exploits.

Realtive security of different operating systems is debatable, but safari or firefox on OS X vs IE on Windows isn't. IE is a nasty thing full of holes. Swiss cheese software. Maybe IE 7 will be better, it probably will, but that is immaterial right now.

 

[DasFox]

What about viruses on Mac OSX?

 

[drag]

Originally posted by: DasFox
What about viruses on Mac OSX?

Viruses on any platform is pretty easy to make. You take a program, stick a hunk of malicious code in it and send to somebody. They execute it, the malicious code does it's dirty work and viola! your infected.

This could happen in Linux just as easily as it can for OS X or Windows. So viruses could definately be a issue at one point. Presently it's not a issue. All it depends on is tricking you into running untrusted code. That is realitively easy to do.

Now another type of virus is one that depends on a programming macro embedded into documents or relying on some deception to get people to think the link or the program or the double click is doing one thing. For example, openning a jpeg image.. While it's realy doing another like using a specially crafted HTML link to launch a explorer based code hunk in outlook to access a compromised HTML server that exploits a hole in in IE to launch a peice of code on the server that installs a trojan into your system.

That's much much more likely to happen on Windows then OS X or Linux.

For instance in Linux if you were to double click on a *.jpg image on your desktop or email attatchment there is code that analizes weither or not it is actually a jpeg image. It's not as simple as Windows were you simply rely on the file extension to determine the file type.

Also there is no embedded IE code in your email client or word proccessor or image viewer that can be exploited.

Also a large portion of Macro viruses use flaws in portions of Microsoft office to execute code. I think that this type is less common nowadays.


The trouble about viruses is getting them to spread. I could target a specific type of person and send them a virus, but eventually it will get back to me.

So for viruses to be successfull in the wild it requires you to have a way for them to automaticly spread.

So a big popular way for viruses to spread in Windows is that you have a specially crafted email that has a link or attatchment that then exploits a flaw in IE or outlook or whatnot. Then the virus reads the email address book and sends it itself out to all your friends.

So for reasons I stated above this is very unlikely to work well on a OS X or Linux box, even if Linux or OS X had the market share.

On Linux and OSX you still have to worry though. Well not so much 'worry' as take precautions.

Your still vunerable from:
1. Malicious code or script that a person tricks you into running.
2. Internet Worms that infect machines running insecure services and then use the machine as a zombie to look for more machines. This has recently been a problem for Linux systems (and sometimes Windows running Apache) that are using badly programmed PHP programs (such as PHP-based bullentien board systems) were the administrators of these systems didn't keep their system up to date and had PHP scripting language version with known flaws in it.
3. Directed human attackers probing your system. This is the most dangerous. Once they target your system and attack it then if they are successfull they will install a rootkit that will make them very difficult to detect. (there are reliable ways to detect them, but it requires having seperate computers and/or boot media to setup things like Tripwire and Snort, which is time consuming, potentionally expensive, and difficult.)
4. Bad third party programs written by good people who make mistakes and open holes in your system.
5. Browser/IM/Email/etc client flaws. Anything that goes out on a network to bring back information.
(and other stuff I probably forgot or are unaware of)

To combat these threats you need to keep your system up to date.
Only use programs from trustworthy sources.
Minimize your network footprint, in otherwords disable and/or block off network access to services running on your computer. If there is nothing listenning to the network, there is no place for a worm to find a vunerability and inject malicious code.

This is the same for any OS. Just some OSes make it easier then others. 🙂

It is worth looking at OpenBSD and learn to understand why they have a PROVEN track record for being the most secure general purpose operating system aviable.

 

[Rilex]

It is worth looking at OpenBSD and learn to understand why they have a PROVEN track record for being the most secure general purpose operating system aviable.

But one has to remember that this is only true of the base OS. Nothing like Apache, XWindows, and so forth (to make it a usable distribution...).

 

[drag]

Originally posted by: Rilex

It is worth looking at OpenBSD and learn to understand why they have a PROVEN track record for being the most secure general purpose operating system aviable.

But one has to remember that this is only true of the base OS. Nothing like Apache, XWindows, and so forth (to make it a usable distribution...).

That's only partially true. It is true that only the default install has the full support of the OBSD people and that it is the only part that is fully audited this provides a very strong foundation for creating a operating system. This benifits greatly the applications and such that you want to run on top of this default install.

Also OpenBSD does provide it's own patches, has advanced compiler technology, and strong policies in place that improve security by quite a bit.

For instance OpenBSD + their paticular Apache version has a better track record then IIS 6 on Windows 2003. For X Windows OpenBSD has special privilage seperation patches that removes the most amount of code as possible that runs under root so that the part that is most improtant to security is as minimal as possible and has the most attention as far as auditing and such goes.

edit:

Of course any administrator can F- this up by installing some buggy PHP thing on there or running a old version of Firefox or whatnot..

But it's a big big difference to start off with something that is relitively buggy and insecure such as Win2k and try to make that secure vs starting off with something that is secure by default and trying not to F- it up.

 

[n0cmonkey]

Originally posted by: Rilex

It is worth looking at OpenBSD and learn to understand why they have a PROVEN track record for being the most secure general purpose operating system aviable.

But one has to remember that this is only true of the base OS. Nothing like Apache, XWindows, and so forth (to make it a usable distribution...).

Apache and X have both been auditted. As well as BIND, sendmail, OpenNTPD, OpenOSPFD, OpenBGPD, and all of the other daemons distributed with the system. It's quite usable.

EDIT: Plus the other security technologies incorporated into the sytem: ProPolice, W^X, StackGhost (on sparc), malloc and mmap improvements, privilege revocation, privilege seperation, no-exec heaps, no-exec stacks, systrace, and who knows what else I forgot. 😀

 

[DasFox]

drag, I didn't need a HISTORY lesson, LOL, I've been using computers 20 years! 🙂

I'm running at present, Gentoo/NetBSD and XP 🙂

I've used Macs, plus I've run all the major Linux distros, FreeBSD, NetBSD, and OpenBSD and Solaris.

Sorry you wasted your breath in your tutorial which I didn't need, hehe 😉

Next time you might want to consider that a simple little question by someone didn't mean they where clueless, LOL. 😉

I know Macs quite well, BUT I have not been into them lately, and simply wanted to know if the virus scene was catching up to Macs was all.

ALOHA

 

[drag]

Originally posted by: DasFox
drag, I didn't need a HISTORY lesson, LOL, I've been using computers 20 years! 🙂

I'm running at present, Gentoo/NetBSD and XP 🙂

I've used Macs, plus I've run all the major Linux distros, FreeBSD, NetBSD, and OpenBSD and Solaris.

Sorry you wasted your breath in your tutorial which I didn't need, hehe 😉

Next time you might want to consider that a simple little question by someone didn't mean they where clueless, LOL. 😉

I know Macs quite well, BUT I have not been into them lately, and simply wanted to know if the virus scene was catching up to Macs was all.

ALOHA

If you knew about viruses and such on Macs then why did you ask?

 

[DasFox]

like I said:

I know Macs quite well, BUT I have not been into them lately, and simply wanted to know if the virus scene was catching up to Macs was all.

The KEY WORD, not been into them lately. 😉

THANKS

 

[drag]

Originally posted by: DasFox
like I said:

I know Macs quite well, BUT I have not been into them lately, and simply wanted to know if the virus scene was catching up to Macs was all.

The KEY WORD, not been into them lately. 😉

THANKS

Your asking a much more complicated question then you think your asking.

Depends on what sort of answer your interested in?

Do you want a "hey I am a relatively clueless admin and would like to have a quick and easy answer so that I can decide what ugly propriatory programs to budget for this quarter" style answer.

Or do you want a "I want a answer that will be true tomorrow and today and yesterday answer so that I can deal with problems intellegently" style answer.

The answer to the first question is:
"No viruses are currently not a issue for the Mac, but they could be" which is the sort of crap you can get from any online computer publication or anti-virus company press release.

The tech-savy you-fill-in-the-blanks answer is:
Linux and OS X are in a similar boat on the question of viruses.

For viruses to function you need to two things: You need have a way to embed them into documents to exploit application flaws OR trick a person into running a malicious program. The second thing you need is to have a way to efficiently distribute viruses so you can remain anonymous.

Even though Linux and OS X sport the strong seperation of privilages that the Unix model provides and the Windows model lacks it doesn't help all that much in a desktop environement. In a desktop environment the user's information is most precious stuff and that does not require special privilages to access in a single user environment like a typical desktop provides. The Unix model does provide some decent protection against most malware and rootkits however, which Windows is more easily vunerable to. However a local root exploit is usually much easier to come by then a a remote root exploit.

Linux and OS X are still vunerable to the first requirement to be vunerable with viruses, also. A malicious program is just as dangerious.

However Linux and OS X do have superiority in Windows in the fact that there is no easy way to spread viruses anonymously. So that is the principal reason why you don't see viruses in the wild for either Mac or Linux.

So no viruses are generally not a issue, but a directed 'here try this program or file' style attack are still a problem. I recommend installing Clamav and being smart about were you get your docs and apps.

OpenBSD on the other hand does a very good job at application security and preventing local root exploits, which OS X and Linux generally aren't so good at. (which is why I mentioned it)

That's all.

Any virus (or security related in general) question is much more complicated then any one line answer can provide. 🙂

 

[aux]

Originally posted by: DasFox
drag, I didn't need a HISTORY lesson, LOL, I've been using computers 20 years! 🙂

I'm running at present, Gentoo/NetBSD and XP 🙂

I've used Macs, plus I've run all the major Linux distros, FreeBSD, NetBSD, and OpenBSD and Solaris.

Sorry you wasted your breath in your tutorial which I didn't need, hehe 😉

Next time you might want to consider that a simple little question by someone didn't mean they where clueless, LOL. 😉

I know Macs quite well, BUT I have not been into them lately, and simply wanted to know if the virus scene was catching up to Macs was all.

ALOHA

*BSD... nice

Originally posted by: DasFox
like I said:

I know Macs quite well, BUT I have not been into them lately, and simply wanted to know if the virus scene was catching up to Macs was all.

The KEY WORD, not been into them lately. 😉

THANKS

Assuming that you knew Macs as in OS X, do you think that the OS concepts changed dramatically since the time you knew Macs? (hint: see my *BSD remark). However, if you knew Macs as in OS 9, AFAIK it has nothing to do with OS X.


OTOH it's nice to have such a thread here, the info may be helpful for recent Mac converts.