when apple enjoyed a much higher market share, i recall only one viruse in 90's, and it was nothing more than annoyance. i find it hard to take thier FUD serious.

"The report called the zero number of confirmed Safari vulnerabilities 'somewhat surprising given the increasing popularity of Mac OS X,'' but suggested that as the browser grows in usage, so will the attacks."

I can imagine the "surprise" at Symantec...
"What?!? Are you telling me there are NO vulnerabilities in Safari! How the hell are we going to sell any product to the increasing number of Mac users if they don't have viruses? Quick, come up with something! What? A press release telling the world the Mac is increasingly vulnerable? That's brilliant! Make it so."

Can't remember last time I bougt NAV (nortin antivirus) for mac. Plus with (paid) .mac service you already have a virus scanning capability.

Quote

While Mr. Cole admitted there is no actual data to prove a connection...

It doesn't say much for Symantec that, in the absence of any data to support their assertion, they went ahead and made it anyway. This isn't the company I want protecting me from the alleged looming onslaught of OS X malware.

Quote

The report said an increase in market share for the Mac will be impacted by sales of the much lower priced Mac mini ... which may be purchased by less "security-savvy" users.

There is no "actual data" showing that users more concerned about security spend more on their computer, while users who couldn't give a spit about security spend less.

Quote

Symantec said it had documented and Apple had confirmed 37 "high-severity vulnerabilities" in Mac OS X since July of last year.

And zero exploits.

Anyone who thinks any platform is bulletproof is naive, and the silent majority of Mac users know their OS isn't perfect. In fact, the only people who actively call Mac OS X "invulnerable" are those who dislike it for some irrational reason or another.

This whole topic is factless speculation based on false pretense.

... so geez, don't buy a Mac, 'cause they might possibly somehow, someway, someday get a (singular case) virus. Your best bet is to stay in the Windows fold, where we have the capabilities to keep the 40,000 active viruses in the wild at bay from attacking your outmoded piece of sheet-metal & silicon...

Sounds like the next single from the Stone Roses. Anyway...

This little marketing gem from Symantec is quickly spreading as "news" or fact. Reuters, for instance is reporting it, and InPlay (financial briefs for investors) is passing along Reuters report: http://finance.yahoo.com/mp#aapl (that URL may only be valid for a short time):

9:27AM Apple Computer -- Macintosh hacker attacks on the rise - Reuters (AAPL) 42.83: Reuters reports that hacker attacks on Apple's Macintosh OS X operating system, thought by many who use the Mac to be virtually immune to attack, are on the rise, according to a report from Symantec (SYMC). The report says "It is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems." An Apple spokesman said the co would have no comment on the report.

It's rather low of Symantec to pass this off as news, but they've at least got a blatant ulterior motive. But for news sources such as Reuters and InPlay to do so is irresponsible journalism.

Quote

jimothy wrote:
But for news sources such as Reuters and InPlay to do so is irresponsible journalism.

And, it's why people like the government use tools like video news releases that we've been hearing so much about lately but that have been around (especially in the corporate sector) for years.

If the media is willing to report your "spin" why not take them up on it?

Perception is reality, right?

Number of viruses has doubled! 0*2=0!

You guys are idiots. Go bed down with your mac's some more. What Symantec is saying is perfectly logical and factual truth. The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain. Your mac users, so you're supposed to be all smart, hip, and artsy, so why can't you use logic? Symantec is also not trying to say mac's are bad or you should stay away from them. Let me prove it.

"The report was clear to say that while the number of vulnerabilities in Mac OS X is expected to increase, they will likely be outnumbered by vulnerabilities in other operating systems, such as Microsoft Windows, for some time to come."

Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

So did any of you even read the article? See, this is why mac people suck. Bunch of wannabe hipsters.

while I agree that a lot of the users here are unquestioning apple dweebs... I think Hackers hate Macs less than microsoft, so they are less likely to attack Macs.. also Macs have a lot more security in their operating system.. Its not just because there are less macs, although I concede this may be a factor.. the fact is even if the Mac market share doubles, its still pretty insignificant in the grand scheme of things.

Quote

Guest wrote:
You guys are idiots. Go bed down with your mac's some more. What Symantec is saying is perfectly logical and factual truth. The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain. Your mac users, so you're supposed to be all smart, hip, and artsy, so why can't you use logic? Symantec is also not trying to say mac's are bad or you should stay away from them. Let me prove it.

"The report was clear to say that while the number of vulnerabilities in Mac OS X is expected to increase, they will likely be outnumbered by vulnerabilities in other operating systems, such as Microsoft Windows, for some time to come."

Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

So did any of you even read the article? See, this is why mac people suck. Bunch of wannabe hipsters.

Yep, I read the story, actually the first iteration of it more than a week ago in fact. I'm no wannabe hipster, I'm a communications professional who, through research and 15 years of experience, know where to put my faith in technology. And I don't go around telling people they suck. That's just classless.


""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

Considering MS actually abandoned IE for the Mac, of course the number of concerns with Mozilla would outpace it. It's a dead product. Microsoft was probably tired of getting slammed every single day up to that point. It's called lies, damned lies, and statistics. They were only updating it every few months anyway. Mozilla updates at a much faster rate to fix problems. It's called responsiveness.

Why is anybody at Symantec even discussing exploits in Web Browsers? They don't do anything with them to begin with, so what's their point? Symantec is an ANTIVIRUS company, not a web browser or operating system company.

And what you call "factual truth" is a joke, even they admit it's speculation. Sure, the attempts may increase. Is that logical? Of course. But put out there that Mac OS X is now four years old and there has YET to be a single successful virus introduced to the world that actually works and gets into the system. Not one. Yet Symantec reports more than 68,000 viruses for Windows.

That statistic points out very well how badly MacOS X is hurting their programmers business. That's not speculation. That's real.

And that's why this article is so bogus.

I have been expecting a genuine virus/worm/trojan to appear on OS X for a couple of years now. Yet, all I keep hearing about are "potential" problems. I have no doubt that anybody with the slightest bit of social engineering savvy could easily port one of the many Linux-based malware worms into a tricky-to-detect wrapper and unleash it onto a macintosh software site. I still have not ever heard of much beyond that fake-Windows Office trojan that was floating around, and I don't think that one really infected too many people anyway.

Opener wasn't widespread. Heck, I don't think it was even discovered on more than a couple of machines.

I have no doubt in my mind that someone could write software that could rip my machine a new one and then run off looking for another machine to victimize, but I have not yet heard ample evidence of the existence of such a monster.

The real question we need to ask ourselves is this:

Why have there been no widespread attacks on Mac OS X?

a.) the platform doesn't have enough units in the field - sorry, but hackers don't just attack based on the size of the victim. They do it because they can, and I'm sure there isn't a hacker out there who wouldn't love to see all the OS X users running for cover and crying about the mean people who beat them up after school

b.) virus writers simply aren't bothering to learn how to exploit OS X - this one makes a lot more sense to me, but it still doesn't completely prevent the situation described in 'a'.

c.) OS X has better security settings by default - I actually think this is closer to the truth. It isn't that Windows systems are potentially less secure. I think it's that many Windows systems had default settings that left them more subject to attack. OS X requires you to activate ports and access levels after the install.

d.) Mac users are smarter the Windows users - Sorry, I don't buy this one either. The only way this logic could be rearranged to approximate something close to the truth would be to say, "There are more easily fooled Windows users than there are easily fooled Mac users." - The only thing is that if Mac does increase market share, it's hard to tell how many of the new Mac users will be security-savvy users and how many will be "I don't wanna think about security - I'm fed up with it!"-users.

Are there other points I might be missing? It's something I've heard quite a bit of discussion about, but I still am not completely satisfied with the possible answers I've heard or come up with myself. Symantec's arguement is based on one reading of why Mac's haven't been attacked, but are there others that Symantec isn't taking into account?

Quote

Guest wrote:
You guys are idiots. Go bed down with your mac's some more. What Symantec is saying is perfectly logical and factual truth. The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain. Your mac users, so you're supposed to be all smart, hip, and artsy, so why can't you use logic? Symantec is also not trying to say mac's are bad or you should stay away from them. Let me prove it.

"The report was clear to say that while the number of vulnerabilities in Mac OS X is expected to increase, they will likely be outnumbered by vulnerabilities in other operating systems, such as Microsoft Windows, for some time to come."

Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

So did any of you even read the article? See, this is why mac people suck. Bunch of wannabe hipsters.

With such a wonderful command of the "when to use an apostrophe" rule, you must realize that most of us "idiots" just dismiss your views as the ramblings of an illiterate fool. Thanks for the laugh, troll. Maybe you should have paid more attention in school.

-Ken P

what i find ironic is the assertion that mac mini users are less savvy at security, given that it is designed to appeal to switchers from windows, seriously who is more practiced in protecting their machine from viruses than windows users?

it also is marketed as a second mac for current users. generally people who need a 2nd computer are savvy from my annedotal experince, which is just as valid as the PR guy's who wrote this.



and 37 vulnerabilities in a system thats core has been scrutinized for over a decade and made up of millions of lines of code?

Quote

Guest wrote:
You guys are idiots. Go bed down with your mac's some more. What Symantec is saying is perfectly logical and factual truth.

There's nothing factual about it. It's pure conjecture. If it were factual, Symantec would have specific numbers, examples, and other facts to support their assertion. They have none.

Quote

The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain.

Let me forward an alternative idea that is also based on logic (no caps please, that's childish) and equally as valid as yours in every way: Because Macs are harder to penetrate relative to other operating systems, hackers will continue to pick the other low-hanging non-Mac fruit simply because it's easy. A greater number of targets does not immediately make those targets more "lucrative". There is a cost / benefit analysis that occurs.

Quote

Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

Safari is not a Mozilla-based browser. It's based on KHTML. Firefox is not a Mac-speficic browser, so including it as a Mac-specific vulnerability is a straw man. Whatever point you were trying to make here is invalid. Safari, as noted in the article, has zero vulnerabilities.

Quote

So did any of you even read the article?

You apparently didn't bother to read it, or learn anything about Macs before posting.

I realize I'm probably feeding a troll. The reason I find this story ridiculous and a bit annoying is because Symantec says that an increase in Mac market share that hasn't happened yet will result in an unquantified increase in unspecified attacks, for which Symantec coincidentally happens to sell the antidote. They admit outright that there is no data, instead relying on assumption when valid examples to the contrary and logical arguments of equal rhetorical weight exist to indicate the opposite. The complete lack of data here precludes the validity of assertions made on either side of this issue.

"Considering MS actually abandoned IE for the Mac, of course the number of concerns with Mozilla would outpace it."

You don't know if they are comparing to IE for Windows for for Mac.

"Why is anybody at Symantec even discussing exploits in Web Browsers? They don't do anything with them to begin with, so what's their point? Symantec is an ANTIVIRUS company, not a web browser or operating system company."

Your ignorance shows forth. Symantec has long been making firewalls, trojan blockers, pop-up blockers, spyware removal tools, etc... Pretty much anything and everything related to basic home user security for your computer. The fact that you think Symantec concentrates just on viruses shows your limited knowledge of the subject. I.e. ignorance.

"And what you call "factual truth" is a joke, even they admit it's speculation. Sure, the attempts may increase. Is that logical? Of course."

So first you say what I present as a factual truth is a joke, but two-three sentences later you're agreeing with me?

"the platform doesn't have enough units in the field - sorry, but hackers don't just attack based on the size of the victim. They do it because they can, and I'm sure there isn't a hacker..."

Swtzrs, you got the right idea.

"With such a wonderful command of the "when to use an apostrophe" rule, you must realize that most of us "idiots" just dismiss your views as the ramblings of an illiterate fool. Thanks for the laugh, troll. Maybe you should have paid more attention in school."

What are you talking about? When quoting a quote, you use double quotation. Also, they are called quotation marks, not apostrophes. Maybe YOU should have paid some attention to school yourself, Troll. Thanks for puttting your foor in your mouth and letting me put dressing all over it.

There will never be a major kind of virus on the Mac..

No Mac viruses....case closed!

swtzrs:

Here's another for you. How about the people who purchase and/or use a Mac have no ill will against it. So the urge to create a virus/worm/trogan is not there.

Hey there spinner (AaronAdams). Way to use only some of what I said in order to make a spin to fit what you want to say. Here's everything I said and I'll put it into context for you.

"Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

"We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer." "

This was in reply to this.
"How the hell are we going to sell any product to the increasing number of Mac users if they don't have viruses?"

And this.
"Can't remember last time I bougt NAV (nortin antivirus) for mac. Plus with (paid) .mac service you already have a virus scanning capability."

Oh, and this.
"... so geez, don't buy a Mac, 'cause they might possibly somehow, someway, someday get a (singular case) virus. Your best bet is to stay in the Windows fold, where we have the capabilities to keep the 40,000 active viruses in the wild at bay from attacking your outmoded piece of sheet-metal & silicon..."

One more.
"Number of viruses has doubled! 0*2=0!"

And yet still, after I post that they do more than monitor viruses, I still get this.

"Why is anybody at Symantec even discussing exploits in Web Browsers? They don't do anything with them to begin with, so what's their point? Symantec is an ANTIVIRUS company, not a web browser or operating system company."

Sigh.

"You apparently didn't bother to read it, or learn anything about Macs before posting.

I realize I'm probably feeding a troll."

So actually yeah, I did read the article. The fact that you're quoting me, quoting from the article should give you a clue or two as to whether or not I read the piece. As for learning more about macs, I would be curious to see if they are in fact harder to hack then a windows machine. My guess is that yes they are, in that the scriptkiddie stuff won't work, but any real virus writer wouldn't have any more trouble writing for mac than for windows, it's just there's more point in writing one for windows.

Also, what's with you guys on this site and calling people trolls? One person I can understand, but more than one...it must be the site.

Quote

Guest wrote:
You guys are idiots. Go bed down with your mac's some more. What Symantec is saying is perfectly logical and factual truth. The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain.

Geez you know I was about to mock you, talking about how obviously we all know that as the user base increases so will the possibility of an attack and how your statement of obvious facts is not worthwhile... but then I noticed all these people actually disagreeing with your statement. So I will not mock you. I guess there are a bunch of idiots here. How can anyone argue against the concept of risk increasing as user base increases? Is that not a simple and obvious concept?

But, at the same time its also obvious that this is just a PR stunt by Symantec. Its so obvious just from the carefully chosen wording of their press release. But then at the same time you have to feel for these guys. They want to dump Mac since there is almost NO business, but then at the same time they don't want to dump Mac now that the market is starting to expand and seems destined to go much higher.

Wow. Guest, I'm speechless. I hope you don't have "excellent written communication skills" on your resume.

The best thing about using antivirus on my mac is the knowleged that I will not accidently forward a mail to one of my windows owning friends. I havenÒ‘t seen a virus on the mac sinc the hong kong quicktime exploit back in 1996 og 1997. But that one shot down most of the danish dtp houses for a will and gave the danish apple dealers a lot of work getting their clients machines up and running again. The security on a newly installed Mac is however far better than that of a newly installed pc. Run a port scan on my own mac in a standard setup showed 4 or 5 open ports some of them there ports for internal communication like itunes streaming and rendezvous discovering one was to access websites and one for retrieving mails. when i download something to install I will have to write my password.

Ya know, I really have occasionally wondered if Rendezvous (or whatever it is going to eventually be called) is a possible danger to OS X.

I'm sure I would have read something about it if it was possible to exploit it, but I have often wondered if there might be some characteristic of it that would basically make it a magnet for OS X malware.

Does anybody have any details about the protocol? I'm fairly certain that it is active when you install OS X.

Instant networking - it sounds great until you find a bunch of uninvited guests in your house.

The people are clearly going out of business. They are desperate to find Mac users to sell their shitty security software too. The fact is, soon your product will not even exist.

This is just the old "security through obscurity" myth repackaged. It has been thoroughly debunked, but just refuses to go away. (One good review of the technical reasons OSX is more secure is at http://www.baltimoresun.com/technology/custom/pluggedin/bal-mac082803,0,1353478.column. A Google search of "security through obscurity myth" will find you more.)

Too many analysts won't state the obvious - Macs have fewer problems because the technology is simply more secure - because it sounds like they're taking sides, and no longer unbiased. (Either that, or they just can't be bothered to learn the facts. However, I prefer to think more positively.)

As others have said above, however, what is truly unforgivable is that a vendor's completely unsupported claims are widely reported as fact. If ADT announced as fact that there was going to be an increase in home break-ins without any supporting data, would we this as a lead news item all over the web?

Quote

Guest wrote:
You guys are idiots. Go bed down with your mac's some more.

You generally don't use an apostrophe to make a plural. In this case, it looks like a possessive. Bed down with your mac's what, exactly?

Quote

Guest wrote:
What Symantec is saying is perfectly logical and factual truth.

Factual truth? Are you a member of the society for redundancy society?

Quote

Guest wrote:
The more mac systems that get out there,

Don't anthropomorphize your computer. They hate that.

Quote

Guest wrote:
the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain.

OK... I'll have to take your word for it on that one. But I am happy you got the apostrophe correct this time.

Quote

Guest wrote:
Your mac users,

Oh, but you are still having problems with the possessive thing. Or maybe the apostrophe thing. Probably both. In other words, using "you're" would make a lot more sense.

Quote

Guest wrote:
so you're supposed to be all smart, hip, and artsy, so why can't you use logic? Symantec is also not trying to say mac's are bad or you should stay away from them. Let me prove it.

Interesting. You got the "you're" this time, but messed up by saying "mac's" again.

Quote

Guest wrote:
"The report was clear to say that while the number of vulnerabilities in Mac OS X is expected to increase, they will likely be outnumbered by vulnerabilities in other operating systems, such as Microsoft Windows, for some time to come."

Wow. A perfect paragraph. Oh wait. You were quoting.

Quote

Guest wrote:
Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

I take that back. This paragraph was correct too.

Quote

Guest wrote:
""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

I have no beef with this quote of a quote. So you did learn something in school.

Quote

Guest wrote:
So did any of you even read the article? See, this is why mac people suck. Bunch of wannabe hipsters.

I don't see what "this" refers to. I am trying to use logic, as you asked me to do at the start, but there is no logic to explain why mac people suck. And how any of this relates to wannabe hipsters.

Rendezvous itself is a DNS protocol adapted for service discovery. Short of unusual buffer overruns, it is unlikely to create any security issues in and of itself.

The possible concern is if Rendezvous happily advertises how to connect to some ports that you would rather not have advertised. However, this is more an issue of making sure those ports cannot be exploited, as someone with a port scanner could find them without Rendezvous.

here is the truth translation of symantec's statements:

"as macs become more popular, we seem them as having more and more potential for selling virus software. Our elite team of hackers is currently trying to write some mac viruses so you better buy our software soon!"

"You generally don't use an apostrophe to make a plural. In this case, it looks like a possessive. Bed down with your mac's what, exactly?"

Well, in some cases you do. E.g., 1960's (although personally I prefer 1960s).

Apart from this and one other error (your for you're), there was no need for such a long and pointless posting trying to pillory this guy's usage of English.

You may have noticed, by the way, that the Symantec article also had an error, which no one even bothered to pick up:

"Their have been 21 documented security concerns with Mozilla in the past six months,..."

So what is this selective trashing all about, then?

I'm afraid Symantec's widely reported marketing material is misleading and self-serving (it would after all be surprising for them not to attempt to encourage the development of new market segments in light of Microsoft's competitive entry into the AV market).

Let's look at the statistics:

Microsoft Windows:
Viruses and Worms = 70,000+ (symantec.com)
Spyware programs = 78,000 (www.pestpatrol.com)
Burrowers = 40 (www.pestpatrol.com)
80% of PCs infected with spyware (webroot.com)
Last year alone (www.pestpatrol.com):
500 new Trojans
500 new keyloggers
1,287 new adware apps
40 burrowers

Mac OS X:
Viruses and Worms = 0
Spyware programs = 0
Adware = 0
Keyloggers = 0
Burrowers = 0
Trojans = 3
Rootkit = 1

Note that Trojans can't spread by themselves - they are bits of code that pretend to be something innocuous and need to be downloaded and opened by an authorised user. In the case of the three targeting Mac OS X, two are harmless while the third issues a rm -rf command if run by a user.

Note also the Rootkit discovered on a couple of OS X machines is a set of scripts that requires root access to be turned on (turned off by default on all Macs). The hacker also needs to know the root password and the malware has no mechanism of spreading and infecting other computers by itself.

Symantec's espousal of the theory of "Security through Obscurity" fails to explain the fact that the number 1 web server, open source Apache with around 69% marketshare has far fewer attacks (including viruses and worms) than Microsoft's IIS which comes in at only 21% marketshare (Netcraft.com). It also does not explain why the many flavours of Linux suffer from so many instances of malware despite having as small a marketshare as OS X.

37 vulnerabilities (mostly in open source components of Mac OS X) which were promptly patched by Apple does not constitute "increased attacks on OS X" as no attacks using any of these now closed vulnerabilities have been recorded.

John Gruber has a useful article on why Windows suffers so much malware:
http://daringfireball.net/2004/06/broken_windows

However, no software can be perfect and it would be foolish to say there won't eventually appear some malware targeting the 10 million+ OS X users out there - however, today is not that day. Mac OS X has been sitting untouched for 4 years now pretty much without blemish which speaks to a very impressive security story even if/when some effective malware appears. This would be a much more constructive issue for you to be writing about.

Martin Hill
Information Management Services
Curtin University of Technology
Western Australia

"the Mac will be impacted by sales of the much lower priced Mac mini ... which may be purchased by less "security-savvy" users."
If what we hear is right about the staggering numbers of switchers, the Mac mini is going mostly to ex- (or till current, for now) Windows users tired of the crapware on their machines … these people can hardly be qualified as "less 'security-savvy' users" …
It would be nice to have the feeling that the people who are talking are not just spewing off any old stupidity that came to mind, but rather some type of thoroughly thought-out argument, which obviously isn't the case here …

I would think most Windows user would see through this story. Don't you think a hacker would love to be the first one to write a successful OS X virus? The fact that none have surfaced to date is amazing. For all you Windows users just try to turn off your virus protection for a week and see how well your system holds up.
If this non-story gets this much attention think how many stories will come when a successful virus finally appears.

I used to think that the relative rarity of Macs on the Internet would make a worm that automatically spread to them a very difficult proposition, because there would have to be some way established to find Macs, as opposed to the more common Windows systems.

However, the spread of the Witty worm makes it appear that this is not the case. The Witty Worm targeted computer users with a specific brand of firewall software, and it infected nearly all vunerable computers within a very short time. Here is an account of the worm and its spread:

http://www.caida.org/analysis/security/witty/

What this means is that a similarly written worm could target Mac users, and it could spread very quickly if there was a way for it to gain a foothold.

So far - knock on plastic, titanium or aluminum, depending on the vintage of your Mac - there has not been.

Here are a few reasons for this:

(1) The Mac has a very cohesive user community. Almost nobody wishes ill of Apple. The public image of Windows is - to put it charitably - mixed.

(2) For those who want their worm's name up in lights, a massive user community (Windows) is always going to trump a small one (Mac or Linux).

(3) I suspect that most people who write virii and worms write them for the computers they use: Windows, and to a lesser extent, Linux. Buying a Mac means a pretty high investment, just to try out a platform used by a tiny minority.

(4) Let's think about how virii and other malware spread.

(i) Through email messages that are forwarded by scripting in email clients;
(ii) Through vunerabilities in web browsers allowing "drive by" installs of malware;
(iii) Through inclusion of malware in "free" programs;
(iv) Through vunerabilities in services running on the machines;
(v) Through attempts to access neighboring network shares.

The overwhelming majority of MacOS X machines have no support for scripting in their email clients, so nothing can be spread that way.

Safari doesn't have vunerabilities that allow drive-by installs, so nothing gest spread that way.

The market for spyware/malware in the Mac has not yet emerged. If I were to predict what I felt would be the first bad thing to happen in the Mac security universe, it would be the emergence of spyware/adware for the Mac. But it would be largely included in popular free programs, and the trivial solution would be to not install those programs.

So you can see that we have most of the major vectors of infection covered. I think that's the main reason we haven't had trouble with malicious software. Many would love to do it but I don't think it's profitable and I don't think it's easy.

Hope that helps.

D

Quote

Guest wrote:
"You generally don't use an apostrophe to make a plural. In this case, it looks like a possessive. Bed down with your mac's what, exactly?"

Well, in some cases you do. E.g., 1960's (although personally I prefer 1960s).

Hence the "generally".

Quote

Guest wrote:
Apart from this and one other error (your for you're), there was no need for such a long and pointless posting trying to pillory this guy's usage of English.

Apostrophe abuse is a pet peeve of mine. Plus, it will help his arguments look more respectable, as one earlier poster pointed out. Consider it a public service.

Quote

Guest wrote:
So what is this selective trashing all about, then?

If the trolls can do it, why can't I?

"The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC."

Lucrative? You're saying the more Macs are sold, the more money hackers can make by attacking them. Can you explain how that makes sense, or did you say that because you don't know what the word "lucrative" means?

As for as being a target, the most desirable systems for hackers are the ones that claim to be invulnerable to them. If a person writes a Windows virus, then it has to compete with about 70,000 other viruses for noteriety, and they don't accomplish anything out of the ordinary. If a person writes a virus for OS X, they don't have to compete with anything, and they difinitely accomplish something out of the ordinary. They get to be hailed as the person who ruined Mac users' virus-free utopia.

In other words, there's a whole lot more fame and recognition in being responsible for OS X virus #1, than in being responsible for Windows virus #70,001.

Windows may be a punching bag for small-time hackers, but operating systems like OS X are what the serious ones have their eyes on, because serious hackers are in it for the thrill of the challenge. And in four years, they haven't been able to produce anything.

You've made it clear that you're clueless about both Macs and hackers. You'd do great as a Symantec salesman.

Hmmm. Please, will someone, anyone, name one Mac Virus that has attacked OSX. The silence is defening.

First we have Microsoft saying that the reason their system has so many viruses versus none for OSX is because Apple has such a small market share. Then we have a company who would go broke if virus free computers caught on say that Microsoft is right. Obviously Windows is plagued with flaws because Apple is so small and when Apple gets big, they will also have viruses. If you believe the first FUD spread by Microsoft, then the second FUD spread by Symantec sounds logical. WOW, how gullible can Windows users be?

it says:
[quote: symantac]In the first half of 2004, there were two vulnerabilities affecting Safari compared to a single
vulnerability in the second half of 2003.[/quote]

so don't think safari was invulnerable.

Even if someone finds an exploit and takes control of a browser running on a Mac OS X system, the browser application does not have full access to OS X as if it were running as root. It is only running as a user, and so it can't run rampant throughout the machine. it could do a number on the user's folder contents, but I think this is quite different from what can happen on a PC, which is that mysterious software packages install themselves deeply into the code and siphon cycles on behalf of some mysterious someone out there on the net.

-Mike Bentley

""Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code," said the report, which was issued on Monday."

FUD. Mac OS 9 was a completely different OS than OS X.

Yes, of course OS X is not attack-proof in all circumstances. No OS is. But it is so much harder to get into... because it exposes so much smaller a surface area to attacks... thet there are ZERO viruses or active exploits in the wild...

None.

Symantec is seeing the market for Mac Antivirus software, like the market for PalmOS and Pocket PC antivirus software, dry up like the morning mist. Why? Because the way antivirus software works you're better off NOT HAVING ANY unless there's actual exploits to combat. It's a necessary evil on Windows, but just a plain evil anywhere else. Why? Because... like innoculations... AV software is not risk free. Installing AV software when you don't need it is just going to make your machine slightly less reliable and more likely to crash, and there's no benefit until after a REAL virus has been out for long enough that they've developed a signature to identify it, which can be days or weeks after it starts circulating. Wait for ONE useful signature, if it ever comes, THEN buy and install it.

Instead of software that fixes you up after the fact, would be something that prevents your PC from getting the virus anyway.

Give me a software package that can alert me when potrentially dangerous things are about to happen to my system, delaying that action until I have confirmed it is OK or not, then I would buy it. But wait, this is built into the OS. It is called admin authorization.

I guess the main worry about Rendezvous would be that it could be used as a shortcut to a security hole rather than actually being a security hole itself.

I frequently worry that we Mac users spend too much time looking for ways that our platform is better than the competition rather than considering the things we can do as preventive measures. I wouldn't say that Symantec is a million miles off base by stating that changes in the Mac's numbers will change the platform's security. Their data is fuzzy, and their conclusions might be suspect. However, their release's motivating factor of more Mac users means greater risk is, if anything, "Well, Duh"-worthy.

It does mean that spreading malware on OS X would be easier than it was before, and perhaps it would do the Mac community some good to consider some of the possible ways our platform could be compromised.

I've been pretty relaxed about anti-virus/spyware utilities. I don't do a whole lot beyond my weekly backup, system updates, and the occasional port scan. Chances are that I'm the type of user that Symantec is trying to warn - not stupid, but not entirely alert either.

Irresponsible journalism fanning the flames of unsubstantiated warnings of death, destruction and (gasp) VIRUSES???? Geez..that NEVER happens.

OH..I have to go...I think I just heard that Homeland Security raised the threat-level again!

OSX is far more secure than it's Windows counterparts. That's a fact and has been proved over and over again. The bogus answer would be there aren't enough Macs out there. Come on people there are over 10 million out there if there was a real threat of a real virus no one has proven it yet. And there has been no virus that has been able to get into the Mac and cause any damage known to date since OSX has come out. I'm a desktop support technician and have been doing my job for over 15 years working with both Macs and PC's.

who are trashing usage of apostrophe's in someone's comment, get an opinion. Instead of commenting on the article or the substance of someone's comment, you have to lower yourselves to nit-picking at what someone typed in on the fly. To expect perfect grammer, spelling, and in this case apostrophe usage, from comments about an article on mac os security...well, it's expecting too much. The fact that you then comment on it without offering any views or ideas on the subject at hand is just slander and it belittles you as a person. It shows you have nothing to offer to the discussion and makes you look childish. I mean come on, you're making fun of sentences structure.

Anyways, I think it's funny that so many people here think that macs are so safe and I believe that's why you've been referred to as idiots. You're so biased towards the mac, you look logic right in the face and deny it. Just keep on thinking that way. There was a time when people thought Windows was safe too. The viruses, the spyware, the malware, the trojans, the keyloggers, they will come and for those of you who think your mac is impenetrable, it will be too late for you. Just look at PDA's, the Firefox browser, and even cell phones. The more popular they become, the more malicious code gets written for them. Simple.

"The more popular they become, the more malicious code gets written for them. Simple."

Maybe simple to write the code, but impossible to install it on my OS X Mac unless I do it myself. IT'S SECURE, STUPID.

"Apostrophe abuse is a pet peeve of mine. Plus, it will help his arguments look more respectable, as one earlier poster pointed out. Consider it a public service."

I consider it public pollution.

"You're so biased towards the mac, you look logic right in the face and deny it."

Windows viruses: 70,000. Mac OS X viruses: 0. You look the fact that OS X has proven itself to be more secure than Windows right in the face and deny it. Logic dictates that if Object Y suffers from an epidemic that Object X doesn't even though both are equally esposed to it, then Object X is immune from said epidemic.

"There was a time when people thought Windows was safe too."

Those people were called complete idiots at the time, because Windows was never a safe operating system. In a single year of Windows being on the market, those people were proven very, very wrong. In four years of OS X being on the market, Mac users have been proven very, very right in saying that OS X is extrardinarily safer than Windows.

"The viruses, the spyware, the malware, the trojans, the keyloggers, they will come and for those of you who think your mac is impenetrable, it will be too late for you."

And when will this mythical day of reckoning come, huh? OS X has been a big shiny target for the last four years, and in fours years no one has so much as grazed it.

"Just look at PDA's, the Firefox browser, and even cell phones."

Yes, let's look at them and see that Mac OS X is more secure than Firefox or any number of cellphone or PDA operating systems with security holes in them.

"You look the fact that OS X has proven itself to be more secure than Windows right in the face and deny it."

Actually, I'm not comparing the security of Windows and Mac, you are. I never once made the comparison. I'm simply saying that logic denotes that the more users of a OS there are, the more viruses/trojans/spyware/etc...will come out for it. I'm saying that you are so pro-mac, you will say that the mac is impervious, impenetrable, impossible to hack, when it's not, it just hasn't happened yet.

"In a single year of Windows being on the market, those people were proven very, very wrong."

Really? Can you provide some evidence? I'm pretty sure when Windows 3.0 came out, people thought it was secure for a long time, specially since barely anyone had a modem.

"In four years of OS X being on the market, Mac users have been proven very, very right in saying that OS X is extrardinarily safer than Windows."

There you go again, comparing Windows to the Mac. Only you are doing this. No one is saying the mac is less secure or that the two are even equal in security, what is being said is that the more macs that are out there, the more viruses, trojans, and hacks will be written. You are missing the arguement completely. Again, this is due to your mac bias. You're so pro-mac you can't even get the arguement right, it has to be all about mac is better than windows, not just the mac will not be as safe as it was the more people start to use it. You can't deny that logic and still consider yourself intelligent.

"And when will this mythical day of reckoning come, huh? OS X has been a big shiny target for the last four years, and in fours years no one has so much as grazed it."

Yes, continue to think that way. Because it hasn't happened yet, it won't happen. That's sound reasoning right there. With that kind of mentality, you'd be a terrorists best friend. By your logic because al-qaeda hasn't attacked on U.S. soil since 9/11, they aren't ever going to do it. Because mac osx hasn't had a virus yet, it's never going to.

"Actually, I'm not comparing the security of Windows and Mac"

Liar. By saying that spyware and viruses and trojans will effect OS X when enough people come to use it, you're implying that it has no more security than Windows.

Infact, you're justifying Windows' abysmal security by saying that it's a natural result of having so many people using it, rather than ineptness on Microsoft's part.

"I'm simply saying that logic denotes that the more users of a OS there are, the more viruses/trojans/spyware/etc...will come out for it."

What you're saying is an apologist ruitine on Microsoft's behalf. The amount of malware on an operating system doesn't automatically increase just because more people are using it. More users simply means that more people will be probing for exploitable security holes. And if there aren't any security holes exploitable enough to enable malware, then there won't be any malware for that operating system, no matter how many people use it.

"I'm saying that you are so pro-mac, you will say that the mac is impervious, impenetrable,
impossible to hack, when it's not, it just hasn't happened yet. "

I never said that OS X is impervious, impenetrable, or impossible to hack. But I did say that OS X is extraordinarily secure in comparison to Windows. It looks like you're so clueless that four years of the malware community's failure to gain even a foothold in OS X doesn't give you the hint it's too secure of an operating system to ever face the same virus/trojan/spyware epidemic as Windows.

"I'm pretty sure when Windows 3.0 came out, people thought it was secure for a long time, specially since barely anyone had a modem."

Okay, I got my dates mixed up. It took two years for Windows 3.0 to be hit by a virus, not one. You're right, though, barely anyone had a modem. It was a very different time back then. The term 'malware' wasn't even coined, and virus authors were alot less sophisticated. In more modern times, however, viruses have progressed and split off into several sub-catagories. The internet enables them to spread at an incredible pace, and things like Active X, Java, and Javascript enable the exploitation of security holes to install or load malware. It's a whole lot harsher today than it was back then, and so far OS X has enjoyed four years of immunity to these extremely harsh times for computer users.
"You can't deny that logic and still consider yourself intelligent."

Saying that any operating system will eventually get plagued by malware when enough people come to use it can't be considered logic, because it presumes that all operating systems have the security holes that make malware possible.

You took a nice shot at rationalizing why OS X has been completely immune to the plague effecting Windows, but the "security though obscurity" myth has been used, and debunked, way too many times. It's old and tired. Find some new FUD to spread.

"Because mac osx hasn't had a virus yet, it's never going
to."

Because it hasn't had a virus yet in four years on the market, it's obviously a much more secure operating system than Windows, which has had 500 new viruses spring up on it in the last year alone. And I'm not saying OS X will never have a virus because it hasn't so far, I'm saying that because the conditions that have allowed Windows to be plagued with malware don't exist in OS X, it's very reasonable to say that the chances of there ever being malware for it are very slim.

Thanks for that retarded 9/11 analogy, though.