Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
6 Ways Apple Is Polishing Mac Security
Oldest First  |  Newest First  |  Threaded View
hlubinv8l
hlubinv8l,
User Rank: Apprentice
6/29/2012 | 4:49:21 PM
re: 6 Ways Apple Is Polishing Mac Security
It's easy to understand why Apple had to change the statement that Macs don't get viruses. Since some Mac owners run Windows on their Macs (either in Boot Camp or in emulation), those users can get Windows viruses infecting their Windows installations.

Even though Windows viruses have no effect on OS X, they still count as viruses. So for those people running Windows on a Mac, the statement would not be true.

The statement should have read that Mac OS X (the operating system) has never been susceptible to viruses.... simply because there has never been an OS X virus.

There have been a few examples of malware for OS X in the past, like the recent Flashback Trojan, but nothing that spreads to other users without user interaction (as Windows viruses do).
Tronman
Tronman,
User Rank: Apprentice
6/29/2012 | 5:10:46 PM
re: 6 Ways Apple Is Polishing Mac Security
Want to buy a bridge?
ANON1251568162539
ANON1251568162539,
User Rank: Apprentice
6/29/2012 | 6:58:10 PM
re: 6 Ways Apple Is Polishing Mac Security
YouGd have to prove that you own it.
ANON1251568162539
ANON1251568162539,
User Rank: Apprentice
6/29/2012 | 7:11:59 PM
re: 6 Ways Apple Is Polishing Mac Security
The essential question is GǣWho gets hurt here?Gǥ

Novice Mac users want a walled garden. Especially, those who fled from Windows.

Power users get vetted third party apps. And a means of automatically removing accidentally installed malware.

Expert Mac users and Linux advocates get to take the level of risk they choose.

Malware writers donGt lose, because they were never on Macs anyway. You canGt lose what you never had.

The only losers I see are the Windows Anti-virus venders who have been fraudulently coercing people into buying their worthless software. They were the oneGs who corrupted the word Gǥ virusGǥ into meaning any malware regardless of type or function.

Apple doesnGt lose when they give up a contention which no one believed.
ANON1237925156805
ANON1237925156805,
User Rank: Apprentice
6/29/2012 | 9:19:34 PM
re: 6 Ways Apple Is Polishing Mac Security
It's hard to inject viruses into any UNIX-based system, whether it be Mac OS, Android, Linux, or any of the original flavors of UNIX. This publication has clearly explained why that is more than once. That why since Apple released OS X they have legitimately made the claim that Windows viruses can't hop over to the Mac.

At this point malware other than viruses has become the dominant threat, particularly via the interet. Plenty of malware that is OS agnostic can wreak as much havoc on a Mac as it could on a Windows box; the UNIX advantage has diminished. Flashback is emblematic of this situation.

Apple is wisely reframing its strategies and its marketing language to reflect this changing reality. This is what they should do, so no need for outsized praise. On the other hand finding fault with a strategy that was more than adequate several years ago is not useful.

It would be nice if Apple did a better job of explaining patches but what's most important to me is frequency and efficacy of patches and ease of installing. Apple seems to be heading down the right path on that front. Now let's just turn on the security features rather than ignoring them. . .
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
7/3/2012 | 2:39:50 AM
re: 6 Ways Apple Is Polishing Mac Security
I think the biggest takeaway here is that Apple is trying to do what it can to protect the user from their own actions which is the primary attack vector on the OS X platform.

The theory goes that if you keep your Mac updated (i.e. all of the relevant OS updates, all of the security updates, all of the application updates), that you'll be much better off with regards to defending against threats in the wild.

However, keeping updated is part of proper system hygiene - and there aren't too many people that are diligent about it because Macs are supposed to be easier to work with and impervious, so users don't think twice about "set it and forget it". That's the bane of the security pro's existence and the best case scenario for the malware crowd.

Andrew Hornback
InformationWeek Contributor
MROBINSON000
MROBINSON000,
User Rank: Apprentice
7/12/2012 | 8:10:34 AM
re: 6 Ways Apple Is Polishing Mac Security
This article does a great job of summarizing the aspects regarding Mac security. Recently, Kaspersky said that Apple is 10 years behind Microsoft in terms of security. But, we think itGs more significant to look at the software, not the operating system when thinking about security.
As security professionals, we expect Apple to be more transparent and change the way they deal with security researchers.
For more information on our vision, check out this article http://blog.securityinnovation...


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file