when apple enjoyed a much higher market share, i recall only one viruse in 90's, and it was nothing more than annoyance. i find it hard to take thier FUD serious.

"The report called the zero number of confirmed Safari vulnerabilities 'somewhat surprising given the increasing popularity of Mac OS X,'' but suggested that as the browser grows in usage, so will the attacks."

I can imagine the "surprise" at Symantec...
"What?!? Are you telling me there are NO vulnerabilities in Safari! How the hell are we going to sell any product to the increasing number of Mac users if they don't have viruses? Quick, come up with something! What? A press release telling the world the Mac is increasingly vulnerable? That's brilliant! Make it so."

Can't remember last time I bougt NAV (nortin antivirus) for mac. Plus with (paid) .mac service you already have a virus scanning capability.

Quote

While Mr. Cole admitted there is no actual data to prove a connection...

It doesn't say much for Symantec that, in the absence of any data to support their assertion, they went ahead and made it anyway. This isn't the company I want protecting me from the alleged looming onslaught of OS X malware.

Quote

The report said an increase in market share for the Mac will be impacted by sales of the much lower priced Mac mini ... which may be purchased by less "security-savvy" users.

There is no "actual data" showing that users more concerned about security spend more on their computer, while users who couldn't give a spit about security spend less.

Quote

Symantec said it had documented and Apple had confirmed 37 "high-severity vulnerabilities" in Mac OS X since July of last year.

And zero exploits.

Anyone who thinks any platform is bulletproof is naive, and the silent majority of Mac users know their OS isn't perfect. In fact, the only people who actively call Mac OS X "invulnerable" are those who dislike it for some irrational reason or another.

This whole topic is factless speculation based on false pretense.

... so geez, don't buy a Mac, 'cause they might possibly somehow, someway, someday get a (singular case) virus. Your best bet is to stay in the Windows fold, where we have the capabilities to keep the 40,000 active viruses in the wild at bay from attacking your outmoded piece of sheet-metal & silicon...

Sounds like the next single from the Stone Roses. Anyway...

This little marketing gem from Symantec is quickly spreading as "news" or fact. Reuters, for instance is reporting it, and InPlay (financial briefs for investors) is passing along Reuters report: http://finance.yahoo.com/mp#aapl (that URL may only be valid for a short time):

9:27AM Apple Computer -- Macintosh hacker attacks on the rise - Reuters (AAPL) 42.83: Reuters reports that hacker attacks on Apple's Macintosh OS X operating system, thought by many who use the Mac to be virtually immune to attack, are on the rise, according to a report from Symantec (SYMC). The report says "It is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems." An Apple spokesman said the co would have no comment on the report.

It's rather low of Symantec to pass this off as news, but they've at least got a blatant ulterior motive. But for news sources such as Reuters and InPlay to do so is irresponsible journalism.

Quote

jimothy wrote:
But for news sources such as Reuters and InPlay to do so is irresponsible journalism.

And, it's why people like the government use tools like video news releases that we've been hearing so much about lately but that have been around (especially in the corporate sector) for years.

If the media is willing to report your "spin" why not take them up on it?

Perception is reality, right?

Number of viruses has doubled! 0*2=0!

You guys are idiots. Go bed down with your mac's some more. What Symantec is saying is perfectly logical and factual truth. The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain. Your mac users, so you're supposed to be all smart, hip, and artsy, so why can't you use logic? Symantec is also not trying to say mac's are bad or you should stay away from them. Let me prove it.

"The report was clear to say that while the number of vulnerabilities in Mac OS X is expected to increase, they will likely be outnumbered by vulnerabilities in other operating systems, such as Microsoft Windows, for some time to come."

Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

So did any of you even read the article? See, this is why mac people suck. Bunch of wannabe hipsters.

while I agree that a lot of the users here are unquestioning apple dweebs... I think Hackers hate Macs less than microsoft, so they are less likely to attack Macs.. also Macs have a lot more security in their operating system.. Its not just because there are less macs, although I concede this may be a factor.. the fact is even if the Mac market share doubles, its still pretty insignificant in the grand scheme of things.

Quote

Guest wrote:
You guys are idiots. Go bed down with your mac's some more. What Symantec is saying is perfectly logical and factual truth. The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain. Your mac users, so you're supposed to be all smart, hip, and artsy, so why can't you use logic? Symantec is also not trying to say mac's are bad or you should stay away from them. Let me prove it.

"The report was clear to say that while the number of vulnerabilities in Mac OS X is expected to increase, they will likely be outnumbered by vulnerabilities in other operating systems, such as Microsoft Windows, for some time to come."

Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

So did any of you even read the article? See, this is why mac people suck. Bunch of wannabe hipsters.

Yep, I read the story, actually the first iteration of it more than a week ago in fact. I'm no wannabe hipster, I'm a communications professional who, through research and 15 years of experience, know where to put my faith in technology. And I don't go around telling people they suck. That's just classless.


""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

Considering MS actually abandoned IE for the Mac, of course the number of concerns with Mozilla would outpace it. It's a dead product. Microsoft was probably tired of getting slammed every single day up to that point. It's called lies, damned lies, and statistics. They were only updating it every few months anyway. Mozilla updates at a much faster rate to fix problems. It's called responsiveness.

Why is anybody at Symantec even discussing exploits in Web Browsers? They don't do anything with them to begin with, so what's their point? Symantec is an ANTIVIRUS company, not a web browser or operating system company.

And what you call "factual truth" is a joke, even they admit it's speculation. Sure, the attempts may increase. Is that logical? Of course. But put out there that Mac OS X is now four years old and there has YET to be a single successful virus introduced to the world that actually works and gets into the system. Not one. Yet Symantec reports more than 68,000 viruses for Windows.

That statistic points out very well how badly MacOS X is hurting their programmers business. That's not speculation. That's real.

And that's why this article is so bogus.

I have been expecting a genuine virus/worm/trojan to appear on OS X for a couple of years now. Yet, all I keep hearing about are "potential" problems. I have no doubt that anybody with the slightest bit of social engineering savvy could easily port one of the many Linux-based malware worms into a tricky-to-detect wrapper and unleash it onto a macintosh software site. I still have not ever heard of much beyond that fake-Windows Office trojan that was floating around, and I don't think that one really infected too many people anyway.

Opener wasn't widespread. Heck, I don't think it was even discovered on more than a couple of machines.

I have no doubt in my mind that someone could write software that could rip my machine a new one and then run off looking for another machine to victimize, but I have not yet heard ample evidence of the existence of such a monster.

The real question we need to ask ourselves is this:

Why have there been no widespread attacks on Mac OS X?

a.) the platform doesn't have enough units in the field - sorry, but hackers don't just attack based on the size of the victim. They do it because they can, and I'm sure there isn't a hacker out there who wouldn't love to see all the OS X users running for cover and crying about the mean people who beat them up after school

b.) virus writers simply aren't bothering to learn how to exploit OS X - this one makes a lot more sense to me, but it still doesn't completely prevent the situation described in 'a'.

c.) OS X has better security settings by default - I actually think this is closer to the truth. It isn't that Windows systems are potentially less secure. I think it's that many Windows systems had default settings that left them more subject to attack. OS X requires you to activate ports and access levels after the install.

d.) Mac users are smarter the Windows users - Sorry, I don't buy this one either. The only way this logic could be rearranged to approximate something close to the truth would be to say, "There are more easily fooled Windows users than there are easily fooled Mac users." - The only thing is that if Mac does increase market share, it's hard to tell how many of the new Mac users will be security-savvy users and how many will be "I don't wanna think about security - I'm fed up with it!"-users.

Are there other points I might be missing? It's something I've heard quite a bit of discussion about, but I still am not completely satisfied with the possible answers I've heard or come up with myself. Symantec's arguement is based on one reading of why Mac's haven't been attacked, but are there others that Symantec isn't taking into account?

Quote

Guest wrote:
You guys are idiots. Go bed down with your mac's some more. What Symantec is saying is perfectly logical and factual truth. The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain. Your mac users, so you're supposed to be all smart, hip, and artsy, so why can't you use logic? Symantec is also not trying to say mac's are bad or you should stay away from them. Let me prove it.

"The report was clear to say that while the number of vulnerabilities in Mac OS X is expected to increase, they will likely be outnumbered by vulnerabilities in other operating systems, such as Microsoft Windows, for some time to come."

Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

So did any of you even read the article? See, this is why mac people suck. Bunch of wannabe hipsters.

With such a wonderful command of the "when to use an apostrophe" rule, you must realize that most of us "idiots" just dismiss your views as the ramblings of an illiterate fool. Thanks for the laugh, troll. Maybe you should have paid more attention in school.

-Ken P

what i find ironic is the assertion that mac mini users are less savvy at security, given that it is designed to appeal to switchers from windows, seriously who is more practiced in protecting their machine from viruses than windows users?

it also is marketed as a second mac for current users. generally people who need a 2nd computer are savvy from my annedotal experince, which is just as valid as the PR guy's who wrote this.



and 37 vulnerabilities in a system thats core has been scrutinized for over a decade and made up of millions of lines of code?

Quote

Guest wrote:
You guys are idiots. Go bed down with your mac's some more. What Symantec is saying is perfectly logical and factual truth.

There's nothing factual about it. It's pure conjecture. If it were factual, Symantec would have specific numbers, examples, and other facts to support their assertion. They have none.

Quote

The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain.

Let me forward an alternative idea that is also based on logic (no caps please, that's childish) and equally as valid as yours in every way: Because Macs are harder to penetrate relative to other operating systems, hackers will continue to pick the other low-hanging non-Mac fruit simply because it's easy. A greater number of targets does not immediately make those targets more "lucrative". There is a cost / benefit analysis that occurs.

Quote

Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

Safari is not a Mozilla-based browser. It's based on KHTML. Firefox is not a Mac-speficic browser, so including it as a Mac-specific vulnerability is a straw man. Whatever point you were trying to make here is invalid. Safari, as noted in the article, has zero vulnerabilities.

Quote

So did any of you even read the article?

You apparently didn't bother to read it, or learn anything about Macs before posting.

I realize I'm probably feeding a troll. The reason I find this story ridiculous and a bit annoying is because Symantec says that an increase in Mac market share that hasn't happened yet will result in an unquantified increase in unspecified attacks, for which Symantec coincidentally happens to sell the antidote. They admit outright that there is no data, instead relying on assumption when valid examples to the contrary and logical arguments of equal rhetorical weight exist to indicate the opposite. The complete lack of data here precludes the validity of assertions made on either side of this issue.

"Considering MS actually abandoned IE for the Mac, of course the number of concerns with Mozilla would outpace it."

You don't know if they are comparing to IE for Windows for for Mac.

"Why is anybody at Symantec even discussing exploits in Web Browsers? They don't do anything with them to begin with, so what's their point? Symantec is an ANTIVIRUS company, not a web browser or operating system company."

Your ignorance shows forth. Symantec has long been making firewalls, trojan blockers, pop-up blockers, spyware removal tools, etc... Pretty much anything and everything related to basic home user security for your computer. The fact that you think Symantec concentrates just on viruses shows your limited knowledge of the subject. I.e. ignorance.

"And what you call "factual truth" is a joke, even they admit it's speculation. Sure, the attempts may increase. Is that logical? Of course."

So first you say what I present as a factual truth is a joke, but two-three sentences later you're agreeing with me?

"the platform doesn't have enough units in the field - sorry, but hackers don't just attack based on the size of the victim. They do it because they can, and I'm sure there isn't a hacker..."

Swtzrs, you got the right idea.

"With such a wonderful command of the "when to use an apostrophe" rule, you must realize that most of us "idiots" just dismiss your views as the ramblings of an illiterate fool. Thanks for the laugh, troll. Maybe you should have paid more attention in school."

What are you talking about? When quoting a quote, you use double quotation. Also, they are called quotation marks, not apostrophes. Maybe YOU should have paid some attention to school yourself, Troll. Thanks for puttting your foor in your mouth and letting me put dressing all over it.

There will never be a major kind of virus on the Mac..

No Mac viruses....case closed!

swtzrs:

Here's another for you. How about the people who purchase and/or use a Mac have no ill will against it. So the urge to create a virus/worm/trogan is not there.

Hey there spinner (AaronAdams). Way to use only some of what I said in order to make a spin to fit what you want to say. Here's everything I said and I'll put it into context for you.

"Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

"We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer." "

This was in reply to this.
"How the hell are we going to sell any product to the increasing number of Mac users if they don't have viruses?"

And this.
"Can't remember last time I bougt NAV (nortin antivirus) for mac. Plus with (paid) .mac service you already have a virus scanning capability."

Oh, and this.
"... so geez, don't buy a Mac, 'cause they might possibly somehow, someway, someday get a (singular case) virus. Your best bet is to stay in the Windows fold, where we have the capabilities to keep the 40,000 active viruses in the wild at bay from attacking your outmoded piece of sheet-metal & silicon..."

One more.
"Number of viruses has doubled! 0*2=0!"

And yet still, after I post that they do more than monitor viruses, I still get this.

"Why is anybody at Symantec even discussing exploits in Web Browsers? They don't do anything with them to begin with, so what's their point? Symantec is an ANTIVIRUS company, not a web browser or operating system company."

Sigh.

"You apparently didn't bother to read it, or learn anything about Macs before posting.

I realize I'm probably feeding a troll."

So actually yeah, I did read the article. The fact that you're quoting me, quoting from the article should give you a clue or two as to whether or not I read the piece. As for learning more about macs, I would be curious to see if they are in fact harder to hack then a windows machine. My guess is that yes they are, in that the scriptkiddie stuff won't work, but any real virus writer wouldn't have any more trouble writing for mac than for windows, it's just there's more point in writing one for windows.

Also, what's with you guys on this site and calling people trolls? One person I can understand, but more than one...it must be the site.

Quote

Guest wrote:
You guys are idiots. Go bed down with your mac's some more. What Symantec is saying is perfectly logical and factual truth. The more mac systems that get out there, the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain.

Geez you know I was about to mock you, talking about how obviously we all know that as the user base increases so will the possibility of an attack and how your statement of obvious facts is not worthwhile... but then I noticed all these people actually disagreeing with your statement. So I will not mock you. I guess there are a bunch of idiots here. How can anyone argue against the concept of risk increasing as user base increases? Is that not a simple and obvious concept?

But, at the same time its also obvious that this is just a PR stunt by Symantec. Its so obvious just from the carefully chosen wording of their press release. But then at the same time you have to feel for these guys. They want to dump Mac since there is almost NO business, but then at the same time they don't want to dump Mac now that the market is starting to expand and seems destined to go much higher.

Wow. Guest, I'm speechless. I hope you don't have "excellent written communication skills" on your resume.

The best thing about using antivirus on my mac is the knowleged that I will not accidently forward a mail to one of my windows owning friends. I havenÒ‘t seen a virus on the mac sinc the hong kong quicktime exploit back in 1996 og 1997. But that one shot down most of the danish dtp houses for a will and gave the danish apple dealers a lot of work getting their clients machines up and running again. The security on a newly installed Mac is however far better than that of a newly installed pc. Run a port scan on my own mac in a standard setup showed 4 or 5 open ports some of them there ports for internal communication like itunes streaming and rendezvous discovering one was to access websites and one for retrieving mails. when i download something to install I will have to write my password.

Ya know, I really have occasionally wondered if Rendezvous (or whatever it is going to eventually be called) is a possible danger to OS X.

I'm sure I would have read something about it if it was possible to exploit it, but I have often wondered if there might be some characteristic of it that would basically make it a magnet for OS X malware.

Does anybody have any details about the protocol? I'm fairly certain that it is active when you install OS X.

Instant networking - it sounds great until you find a bunch of uninvited guests in your house.

The people are clearly going out of business. They are desperate to find Mac users to sell their shitty security software too. The fact is, soon your product will not even exist.

This is just the old "security through obscurity" myth repackaged. It has been thoroughly debunked, but just refuses to go away. (One good review of the technical reasons OSX is more secure is at http://www.baltimoresun.com/technology/custom/pluggedin/bal-mac082803,0,1353478.column. A Google search of "security through obscurity myth" will find you more.)

Too many analysts won't state the obvious - Macs have fewer problems because the technology is simply more secure - because it sounds like they're taking sides, and no longer unbiased. (Either that, or they just can't be bothered to learn the facts. However, I prefer to think more positively.)

As others have said above, however, what is truly unforgivable is that a vendor's completely unsupported claims are widely reported as fact. If ADT announced as fact that there was going to be an increase in home break-ins without any supporting data, would we this as a lead news item all over the web?

Quote

Guest wrote:
You guys are idiots. Go bed down with your mac's some more.

You generally don't use an apostrophe to make a plural. In this case, it looks like a possessive. Bed down with your mac's what, exactly?

Quote

Guest wrote:
What Symantec is saying is perfectly logical and factual truth.

Factual truth? Are you a member of the society for redundancy society?

Quote

Guest wrote:
The more mac systems that get out there,

Don't anthropomorphize your computer. They hate that.

Quote

Guest wrote:
the more targets are available, making it a more lucrative system for hackers. It's plain and simple LOGIC. You don't need evidence to back this one up. It's LOGIC. Use your brain.

OK... I'll have to take your word for it on that one. But I am happy you got the apostrophe correct this time.

Quote

Guest wrote:
Your mac users,

Oh, but you are still having problems with the possessive thing. Or maybe the apostrophe thing. Probably both. In other words, using "you're" would make a lot more sense.

Quote

Guest wrote:
so you're supposed to be all smart, hip, and artsy, so why can't you use logic? Symantec is also not trying to say mac's are bad or you should stay away from them. Let me prove it.

Interesting. You got the "you're" this time, but messed up by saying "mac's" again.

Quote

Guest wrote:
"The report was clear to say that while the number of vulnerabilities in Mac OS X is expected to increase, they will likely be outnumbered by vulnerabilities in other operating systems, such as Microsoft Windows, for some time to come."

Wow. A perfect paragraph. Oh wait. You were quoting.

Quote

Guest wrote:
Also, he's not just talking about viruses in the article, he's talking about all kinds of security concerns. Like exploits in web browsers, not just viruses.

I take that back. This paragraph was correct too.

Quote

Guest wrote:
""We saw a large increase over the past six months in security attacks as the market share for Mozilla-based browser climbed," he said. "Their have been 21 documented security concerns with Mozilla in the past six months, which is more than (Microsoft) Internet Explorer.""

I have no beef with this quote of a quote. So you did learn something in school.

Quote

Guest wrote:
So did any of you even read the article? See, this is why mac people suck. Bunch of wannabe hipsters.

I don't see what "this" refers to. I am trying to use logic, as you asked me to do at the start, but there is no logic to explain why mac people suck. And how any of this relates to wannabe hipsters.

Rendezvous itself is a DNS protocol adapted for service discovery. Short of unusual buffer overruns, it is unlikely to create any security issues in and of itself.

The possible concern is if Rendezvous happily advertises how to connect to some ports that you would rather not have advertised. However, this is more an issue of making sure those ports cannot be exploited, as someone with a port scanner could find them without Rendezvous.

here is the truth translation of symantec's statements:

"as macs become more popular, we seem them as having more and more potential for selling virus software. Our elite team of hackers is currently trying to write some mac viruses so you better buy our software soon!"

"You generally don't use an apostrophe to make a plural. In this case, it looks like a possessive. Bed down with your mac's what, exactly?"

Well, in some cases you do. E.g., 1960's (although personally I prefer 1960s).

Apart from this and one other error (your for you're), there was no need for such a long and pointless posting trying to pillory this guy's usage of English.

You may have noticed, by the way, that the Symantec article also had an error, which no one even bothered to pick up:

"Their have been 21 documented security concerns with Mozilla in the past six months,..."

So what is this selective trashing all about, then?

I'm afraid Symantec's widely reported marketing material is misleading and self-serving (it would after all be surprising for them not to attempt to encourage the development of new market segments in light of Microsoft's competitive entry into the AV market).

Let's look at the statistics:

Microsoft Windows:
Viruses and Worms = 70,000+ (symantec.com)
Spyware programs = 78,000 (www.pestpatrol.com)
Burrowers = 40 (www.pestpatrol.com)
80% of PCs infected with spyware (webroot.com)
Last year alone (www.pestpatrol.com):
500 new Trojans
500 new keyloggers
1,287 new adware apps
40 burrowers

Mac OS X:
Viruses and Worms = 0
Spyware programs = 0
Adware = 0
Keyloggers = 0
Burrowers = 0
Trojans = 3
Rootkit = 1

Note that Trojans can't spread by themselves - they are bits of code that pretend to be something innocuous and need to be downloaded and opened by an authorised user. In the case of the three targeting Mac OS X, two are harmless while the third issues a rm -rf command if run by a user.

Note also the Rootkit discovered on a couple of OS X machines is a set of scripts that requires root access to be turned on (turned off by default on all Macs). The hacker also needs to know the root password and the malware has no mechanism of spreading and infecting other computers by itself.

Symantec's espousal of the theory of "Security through Obscurity" fails to explain the fact that the number 1 web server, open source Apache with around 69% marketshare has far fewer attacks (including viruses and worms) than Microsoft's IIS which comes in at only 21% marketshare (Netcraft.com). It also does not explain why the many flavours of Linux suffer from so many instances of malware despite having as small a marketshare as OS X.

37 vulnerabilities (mostly in open source components of Mac OS X) which were promptly patched by Apple does not constitute "increased attacks on OS X" as no attacks using any of these now closed vulnerabilities have been recorded.

John Gruber has a useful article on why Windows suffers so much malware:
http://daringfireball.net/2004/06/broken_windows

However, no software can be perfect and it would be foolish to say there won't eventually appear some malware targeting the 10 million+ OS X users out there - however, today is not that day. Mac OS X has been sitting untouched for 4 years now pretty much without blemish which speaks to a very impressive security story even if/when some effective malware appears. This would be a much more constructive issue for you to be writing about.

Martin Hill
Information Management Services
Curtin University of Technology
Western Australia