Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Mac Trojan Fallout: Apple Security Glory Days Gone?
Newest First  |  Oldest First  |  Threaded View
ANON1237925156805
ANON1237925156805,
User Rank: Apprentice
4/23/2012 | 5:36:33 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
I take slight issue with this article. There's no question that the "bang for the buck" has some validity. It doesn't follow that one serious malware attack proves that the Mac environment was never all it was cracked up to be.

Macs are far from invulnerable and I've never seen an Apple ad that said they were. Still there are legitimate technical reasons why Macs have been deemed more robust, especially compared to older versions of Windows. These relate to the inherently secure nature of the Unix kernel. It's hard for malware to penetrate and hard for it to remain in place undetected. All of Unix's children inherit these qualities including OS X, iOS, Linux and Android.

IW has written several articles about this in the past and there are plenty of objective descriptions on the web as well. Bill Gates certainly acknowledged this when he chose to spend his last days at Microsoft heading the effort to harden Windows/Office. (No question that Microsoft has greatly improved in this area.)

The challenge today is in our n-tiered client server world, there many layers through which malware can attack and do harm and many places for it to lodge. Even if a bad actor can't take up permanent residence in the kernel, it can do a lot of damage before it's detected. Think of how much a burglar could remove from your home in 10 minutes were you to leave the door open while running a quick errand.

That's why anyone with common sense treats all PCs and mobile devices as being at risk, whether they be Windows, Mac or Linux. We all know the steps to take, ranging from anti-virus to WEP 2 Wi-FI to hardware/software firewalls, to absolutely never ever install upgrades from pop-ups of unknown origin. Dare I say that this is especially true for Adobe software?

Microsoft, Apple and Google must take the lead in educating users about risks and solutions. So far that hasn't happened to the extent that it should, perhaps because no vendor wants to publicly admit that its products have weaknesses. So in the meantime, users have a responsibility to learn what to do and to implement it.

In terms of Apple's post-attack behavior, it's WAY too soon to say that they failed a critical test. The problem is that their defensiveness in the past makes us not give them the benefit of the doubt. Apple will have to earn our trust by being more forthcoming and responsive when problems occur and evolving proactively as threats morph over time.

Sad as Mr. Job's departure is, Apple without him is starting to show signs of change in this area. May it continue so that they retain their deserved reputation for quality and security.
Tronman
Tronman,
User Rank: Apprentice
4/20/2012 | 5:16:45 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
Another mac user in denial.
YMOM100
YMOM100,
User Rank: Apprentice
4/20/2012 | 11:16:22 AM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
Why "gone"? Apple never had security glory days, they just were lucky that their desinterest and tardiness in regards to security did not get punished sooner.
Mathew
Mathew,
User Rank: Apprentice
4/20/2012 | 9:55:09 AM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
@Puggsly and others, you're correct -- 600k isn't 3% of Mac users; didn't mean to imply that it was (article wasn't clear). Initial stats from some security firms had estimated that 2% to 3% of all active Macs were infected, but later stats settled on the 1% to 2% figure.
Likewise, you're correct that the Java-vulnerability-exploiting Flashback didn't make its appearance in February, but also it wasn't April; it was the end of March.
Other dates: The bug exploited by attackers was patched by Oracle in its Feb. 17th Java update for Windows. Apple then released an update patching the Java bug in OS X on April 3.
We'll update the story to correct the stats.

Thanks,
Mathew
ANON1237837896902
ANON1237837896902,
User Rank: Apprentice
4/19/2012 | 11:06:47 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
The discussion is still relevant as it concerns people's choices about what computer platform to purchase. This has been a deciding factor for many people so one of the questions posed is should people still purchase Mac's to be safe and yes this is debatable, but it is no pointless.

What is important is that facts are used in these discussions. Facts like 600k systems represents about 1% of active Mac's. Facts like the first known occurrence of the Java exploit was at the beginning of this month, not early February.

Apple was a couple days late delivering the patch but followed it up with removal code and a hardening of the way the Java plugin is treated. Apple shut down Command and control servers with in days and infection rates are thought to be less than 100k today.

Your concern with the assertion that things are "worse" on windows is no more grounded in fact than the authors. Statements that Microsoft has "proven ability" or "effective distribution" sound hollow when the last major windows attack held on to over 5-9 Million systems for the better part of a year. There was no automated patch that removed conficker or any other virus or trojan I know of by Microsoft. The core OS has no built in quarantine system that I know of. Now I know that Microsoft distributes a free tool, but you have to choose to load it. That tool may be much more robust than Apple's current system, but that is because it has to be. Apple has shown a willingness to deliver exactly what it needs to, to keep ahead of the malware writers.

I would argue that they continue to succeed in making the Mac an unattractive target and thus make Mac users safer, if not down right safe. If we continue to see large scale successful attacks against mac users, I will be proven wrong. But I'm betting that we will continue to hear about 1 or 2 of these every year and Apple will squash them like the bugs they are, and Mac and iOS users will continue to pay little to no attention to concerns of viruses.
jbelkin
jbelkin,
User Rank: Apprentice
4/19/2012 | 8:48:55 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
So far, it seems more people swear they've been abducted by aliens than people who actually have this Mac malware ... Well, unless you believe everything on a Russian website s real and Symantec who of course has no ulterior motive to convince u there's malware ... Has anyone on earth outside of labs admit they found this on their machine? Anyone? Anyone? It seems more people emit to see Bigfoot r the loch ness monster ...
jgeiss4p
jgeiss4p,
User Rank: Apprentice
4/19/2012 | 7:51:53 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
There are a large number of anti-Apple people gloating over this. Yes, Apple could have (and, likely, should have) released this patch faster. However, it is important to note that the number of infected systems has reportedly dropped in the last few days from 600,000 to 140,000. That is a very substantial drop, especially considering that most Mac users have had no previous experience in dealing with such an attack.
In addition, the 600,000 infected machines is a very small number of users (alas, they are those clients who were 'stupid' enough to trust an unsolicited pop-up window instructing them to 'upgrade' their flash! Come on, people!). I have three MacOS X machines at home, and NONE of them were infected (and that's with my children using two of them, clicking on EVERYTHING that they can find!)
Apple has a long way to go before they get to the point where they have to deal with the problems that the Windows systems have been taking for granted for the last decade.
RSL
RSL,
User Rank: Apprentice
4/19/2012 | 3:55:14 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
My point is that there was no need to even mention Windows in this article. None of this constant comparing is necessary G this is a genuine issue with Apple/Macs, period. This article should simply address what is going on relative to the topic. Percentages and numbers can be argued, interpreted, and skewed to the point that they are totally inaccurate.
veggiedude
veggiedude,
User Rank: Apprentice
4/19/2012 | 3:36:29 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
What is wrong with the article is saying 600,000 infected Macs constitutes 3% of Mac users, when it is actually 1%.

And yes, that is far less than the normal exposure rate that infects Windows.
RSL
RSL,
User Rank: Apprentice
4/19/2012 | 3:13:33 PM
re: Mac Trojan Fallout: Apple Security Glory Days Gone?
I am becoming very disillusioned with Information Week and the integrity of its articles. What relevance is there in an article about security issues with Macs, does the text "windows security still looks worse" have to appear right after the headline? Besides irrelevance, the author obviously misuses, the word "worse". There have been issues with the speed and results with regard to the response to this threat on Apple's part. Microsoft has a proven ability, experience, and an effective distribution mechanism to handle updates to their OSes. Worse? Of course Windows has a much greater field to attack, but that is not "worse". Users who do not patch their machines will exist across all platforms, not just Windows - again, "worse"? Furthermore, the article itself, does not elaborate on how and why Windows is purportedly "worse"...

On the flipside, an up to date Windows machine is "better".

As a professional, I would appreciate newsworthy articles that span the full scope of the issue at hand versus constant sensationalism style headlines and content.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45786
PUBLISHED: 2023-02-04
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition ...
CVE-2023-22849
PUBLISHED: 2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling Ap...
CVE-2023-25193
PUBLISHED: 2023-02-04
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-0676
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.