Print 124 comment(s) - last by hiscross.. on Sep 12 at 12:42 PM

Is Apple's Snow Leopard as attack proof as the company believes? Probably not, but it does add some significant protections. Security companies, though, are coming out with criticism against Apple's efforts, in what seems a mix of sour grapes and legitimate points.  (Source: Simple Thoughts -- Computer Security Blog)
Are security firms' Snow Leopard gripes legitimate or just sour grapes? The answer may be be that they are a bit of both..

Just as attacks against Macs were beginning in earnest, and security software makers were ready to step into this new market and begin selling customers security suites, Apple dropped a bomb on the security software vendors -- OS X 10.6 "Snow Leopard" comes with built-in malware detection for a few Mac-specific viruses.

Apple, which has long lambasted Windows PCs as dangerously insecure in its advertisements, brags that its new OS offers unmatched protection against malware and cyber-attacks.  It points to hardware-based execution control for heap memory, stronger checksums for preventing memory corruption attacks, and built in antivirus protection -- dubbed XProtect -- as strong improvements in its OS design.

Now security companies are responding to Apple's boasts via blogs and emails that range from skeptical to scathing. 

Symantec was among the most critical, stating, "It is not a full-featured antivirus solution and does not have the ability to remove malware from the system.  File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates."

The company points out that OS X's Software Update is not fully automatic and that it does not inform users what signatures have been downloaded, to indicate the current level of protection.  They also criticize that Apple's firewall is turned off by default and lacks the configurability of most third-party solutions.  Also they point out that the OS provides little to no protection against unauthorized access of sensitive information on disc or for information being transmitted over networks.  Finally, they say that Apple's reliance on site lists for its anti-phishing efforts make its blocking close to useless as the attacking sites typically change on a daily basis.

Andrew Storms, director of security operations at nCircle Network Security, also criticized the new software. "It feels like they are just trying to put a tic mark in the anti-malware compliance box for the enterprise customers they are still trying to woo.  So far, it looks like a pretty 'featureless feature.' Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats, " he remarks.

Sophos researcher Paul O Baccas takes a more measured approach, stating that Apple's XProtect may be somewhat useful for certain programs -- Entourage, Safari, Mail, Firefox, Thunderbird -- which call LSQuarantine, an XProtect utility that detects malware.  However, for Skype, Adium, BitTorrent and Apple's Finder -- USB drives, shared network volumes, etc. -- there is no protection, he conversely points out.  He elaborates, "They haven't really integrated an antivirus program.  They've added something which can block some malware under some conditions."

He does say that the changes are better than nothing, however.  Apple meanwhile, refused to directly respond or comment on the criticism from security software vendors.

Security vendors will be facing a double-whammy when Microsoft officially releases its more full-featured security solution for Windows XP, Vista, and the new Windows 7.  Microsoft is set to drop this free security suite, dubbed Microsoft Security Essentials, before the end of the year.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Did Apple Actually Market XProtect?
By ltcommanderdata on 9/1/2009 7:54:36 AM , Rating: 3
The article seems to imply that Apple is promoting XProtect as a integral security feature and antivirus solution for Snow Leopard. However, I don't believe Apple has actually mentioned XProtect in any of their marketing at all. A search of XProtect in yields nothing. I think news websites overhyped about this feature rather than Apple. At best, it's a step towards the monthly Windows Malicious Software Removal Tool that Microsoft makes available in Automatic Updates rather than an antivirus.

RE: Did Apple Actually Market XProtect?
By Zstream on 9/1/2009 8:12:55 AM , Rating: 5
That is incorrect, the general feeling in the world is that Apple has less virus and malware. Unfortunately less is an accurate term, people do not understand that Apple is just as easy to hack as a windows machine. Due to market share, the amount of virus infected software is smaller.

You would not believe how many CEO's, CIO's, CPO's and CLO's all believe MAC is a more secure OS. Little do they know....

RE: Did Apple Actually Market XProtect?
By erikejw on 9/1/2009 9:33:52 AM , Rating: 5
I've always felt Apple users felt insecure ;)

RE: Did Apple Actually Market XProtect?
By Visual on 9/1/09, Rating: -1
By Mitch101 on 9/1/2009 12:39:48 PM , Rating: 5
Your post was so confusing to me I nearly went into a coma.

Steve Jobs tried to call the editor to have the story retracted because gods cannot have viruses but then his iPhone started smoking.

RE: Did Apple Actually Market XProtect?
By Tellem on 9/1/09, Rating: -1
RE: Did Apple Actually Market XProtect?
By Tellem on 9/1/09, Rating: -1
RE: Did Apple Actually Market XProtect?
By Gondorff on 9/1/2009 10:27:52 AM , Rating: 5
You must be new here......

Apple Gets Its Own Trojan Viruses for the First Time

New Attack Compromises Apple Keyboards

Another Major Mac Computer Security Flaw Discovered

Apple Patches Java Hole Nearly a Year After Initial Discovery

So yes, the super hackers (and even one amateurish hacker from the looks of the first trojan) have had their way with Macs. The smugness of Mac users and the propaganda from Apple simply don't allow such ideas to be heard.

Security through obscurity may not be the only thing protecting Macs from viruses, but it certainly is one of the main ones. Viruses these days are made to create botnets for DoS attacks, or are scams to make money. Neither are very useful with a target audience that is as small as the Mac userbase.

RE: Did Apple Actually Market XProtect?
By Tellem on 9/1/09, Rating: -1
By SavagePotato on 9/1/2009 10:51:19 AM , Rating: 2
I think the term you were looking for there is that you are a little bit thicker, not a little bit broader.

RE: Did Apple Actually Market XProtect?
By Gondorff on 9/1/2009 10:56:36 AM , Rating: 5
Oh I see what you did there! You're so clever, you!
You took the word 'virus', which is used as a blanket term for all malware, and spun it around on me to be just the more restricted definition. So cute... but it doesn't help your argument on Mac security. Cuz you've still got worms and trojans. :)

And next time, instead of the ad hominem on me for being a DailyTech reader, how about you try to debate with my sources like a grownup. The stories are all legit, and reported by other sites--the DailyTech search function was just the simplest way to find them.

RE: Did Apple Actually Market XProtect?
By Gzus666 on 9/1/09, Rating: 0
By Gzus666 on 9/1/2009 9:20:18 PM , Rating: 2
Site*, I had a long day.

RE: Did Apple Actually Market XProtect?
By jragosta on 9/2/2009 8:37:50 AM , Rating: 2
"Actually he is correct, they are technically not viruses. They work differently.

In all honesty it is a bit of a technicality, but legitimately, he was correct. I find it odd at this sight the mob mentality rather than just looking to see if someone is correct."

No, it's not a technicality - it's a fundamental and critical difference.

A virus self-propagates without user intervention. You can become infected simply by receiving email (in some cases without even opening the email) or visiting a web site. That is clearly a HUGE problem.

Trojans can do a lot of damage, but only in the hands of stupid users. The Trojan ASKS to be installed and the user has to tell the computer to install it. I guess you could design a computer that won't install ANYTHING, even if the user asks it to, but that would be the only way to protect against a trojan (and wouldn't be very useful for most people). To a large degree, then, Trojans are a USER security issue more than a COMPUTER security issue.

RE: Did Apple Actually Market XProtect?
By The Irish Patient on 9/2/2009 10:20:54 PM , Rating: 3
I get the difference between viruses and trojans. My personal gripe with Apple is that the company wants it both ways, depending on whether the target was using a Mac PC or a Windows PC.

Win PC user downloads a trojan -- Apple says PCs are full of viruses. Buy us, don't buy them.

Mac PC user downloads a trojan -- Jobs says some Mac users are stupid, the problem is not Apple's fault. Apples don't get viruses.

By hiscross on 9/12/2009 12:42:43 PM , Rating: 2
"Jobs says some Mac users are stupid" Not true. Actually to technically correct you've just lied.

By Belard on 9/1/2009 12:41:04 PM , Rating: 2

RE: Did Apple Actually Market XProtect?
By Iaiken on 9/1/2009 10:39:04 AM , Rating: 5
Is that so? What about the following?

- Newton virus?
- OSX/Leap-A worm?
- RSPlug Trojan?
- iBotNet?
- AppleScript.THT Trojan

All of the above have been found in the wild and some of them were actually pretty wide spread. However, an interesting aspect that limited their spread was the limited extent to which OSX machines actually interface with each other. The odds that any two Macs interface is so statistically low (outside of friends) that it was all but impossible for it to spread.

There are lots of smart developers out there who are perfectly capable of writing petty nasty viruses for OSX and I am sure it wouldn't take long for them to cook something up for the Mac community. But many of them won't bother. Why? Well interviewed people at Black Hat and the the survey says: "Not worth it." That's right, the hackers who make their money hacking, say it is not worth it to them. More likely than not, it's just as "not worth it" for the criminal hacker...

Who knows, maybe you are right, but there is an abundance of evidence that points to the contrary...

RE: Did Apple Actually Market XProtect?
By Tellem on 9/1/09, Rating: -1
By Fanon on 9/1/2009 11:43:24 AM , Rating: 5
Viruses aren't the big security threat anymore; I haven't seen viruses in years. Trojans and other malware are the viruses of the day.

By omnicronx on 9/1/2009 12:13:19 PM , Rating: 2
Those are trojans that have to be installed by the user.
A virus requires user intervention also (its also just self replicatating, some would even argue that a trojan can be a virus depending on how it is written), and believe me a few of those are malware/viruses and not merely trojans. What you are talking about are worms, which OSX essentially does not have.

By Etern205 on 9/1/2009 11:10:42 PM , Rating: 2
The Newton virus (Troika) isn't really a virus, but a prank-like program that collapse the whole desktop and falls where ever the user moves it to due some notebooks with a build in accelerometer. It's a neat program to install for certain Mac users as wake up call that Macs aren't that all secure.

You can however you can get it for a cheap price of $4.99

By someguy123 on 9/1/2009 11:06:22 AM , Rating: 4
Claiming you are from the opposing side seems to be the hot method of trying to win arguments before they even start.

RE: Did Apple Actually Market XProtect?
By jragosta on 9/1/09, Rating: -1
By SavagePotato on 9/1/2009 10:42:27 AM , Rating: 5
If aids is rampant in Africa it doesn't mean you are immune to aids because you live in Tasmania and haven't got it yet.

Point of fact it is an extremely insecure platform that has not been targeted by serious threats yet. This has been proven and confirmed by security experts time and again.(see pwn to own competition)

If apples market share shot up to 70% overnight and Mac's outnumbered Windows machines they would be attacked into the stone age and left in a smoking pile of ruin within a couple weeks.

RE: Did Apple Actually Market XProtect?
By StevoLincolnite on 9/1/2009 11:44:33 AM , Rating: 5
You make it sound as if using Windows you will get a Virus every 5 seconds of casual web surfing, which is false.

With the correct software, and the correct browsing precautions you are pretty safe.

The biggest way to not get a virus is to only visit Trusted websites, not websites which have Cracks for your shiny new PC game, or Pr0n websites to get a fix, and most of all don't open an email attachment which says: Earn1milliondollars.exe.txt

The biggest chances of getting a virus is through the stupidity of the person using the computer.

RE: Did Apple Actually Market XProtect?
By snbdr on 9/1/09, Rating: -1
RE: Did Apple Actually Market XProtect?
By peritusONE on 9/1/2009 12:34:48 PM , Rating: 5
You do realize that the majority of web based attacks come from "trusted" web sites that have been compromised, right?

You can't post a statement as fact and not back it up with some data. Come on now...

RE: Did Apple Actually Market XProtect?
By michael2k on 9/1/2009 7:02:02 PM , Rating: 2
But it's true that Macs have less virus and malware. How is that even contestable?

RE: Did Apple Actually Market XProtect?
By Targon on 9/2/2009 9:01:05 AM , Rating: 5
Security through obscurity is the term often used here. Because Apple has a fairly small percentage of the overall computer market, there are fewer people making malware that targets MacOS. That has nothing to do with how secure MacOS is though.

The chances of being robbed in a small town far away from a large city is smaller than if you lived in or close to a large city. As a result, many people in these small towns don't even bother locking their doors. The problem is that if you assume you are secure and stay blind to changes in the population, you won't take proper precautions by locking your doors.

So, Apple....many people assume they are secure, when it is simply a case of no one bothering to take advantage of the holes in the security of MacOS. As a result of this, it would be VERY easy to fool Mac users into doing something blatantly stupid because of that overconfidence in their security.

With the popularity of the iPod and iPhone, Apple has made a larger target for their brands, and it won't take much longer before people start to target people who use Apple computers...

By michael2k on 9/2/2009 5:11:40 PM , Rating: 1
Agreed. Macs are arguably less secure than PCs.

That still doesn't change two things:
1) Less malware
2) Less marketshare

I asked and you ignored the question. How can you contest that Macs have less malware?

By DominionSeraph on 9/5/2009 7:36:28 AM , Rating: 2
Where did Zstream say otherwise?

By hiscross on 9/12/2009 12:39:23 PM , Rating: 2
"Apple is just as easy to hack as a windows machine." Oh really, prove it.

RE: Did Apple Actually Market XProtect?
By Digimonkey on 9/1/2009 8:14:56 AM , Rating: 5
I think you don't see mention of it because it's not something Apple really wants to brag about. They're still trying to hold most of their consumers to the belief macs are impervious to malware/viruses.

RE: Did Apple Actually Market XProtect?
By bighairycamel on 9/1/2009 11:03:14 AM , Rating: 3
Probably, and after reading some of the clueless posts on this topic, it seems like their brainwashing is still pretty successful.

RE: Did Apple Actually Market XProtect?
By themaster08 on 9/2/2009 3:16:08 AM , Rating: 5
If all Macs fell tomorrow, Steve Jobs would still find a way to make his lemmings believe that their wonder machines are still immune to any form of malware.

The man is a marketing genius. After all, he was able to successfully market a phone incapable of the most basic tasks, that my 4 year old phone is capable of doing.

By smackababy on 9/2/2009 9:52:15 AM , Rating: 2
Hey! It isn't his fault the iPhone can't send MMS. Clearly AT&T is to blame because every other phone on their network can send MMS.

RE: Did Apple Actually Market XProtect?
By ImSpartacus on 9/1/2009 8:46:05 AM , Rating: 3
I agree. It is a step in the right direction. However much of Apple's ads have revolved around ease of use and security when the Mac actually don't have any security. Once their market share gets bigger people will wise up and see that they are just another MS in disguise.

I mean they are both great operating systems, I have a MBP and a modest gaming rig. Both run great; they just do different tasks for me.

By invidious on 9/1/2009 9:55:16 AM , Rating: 5
And what exactly is the task that the MBP is s good at? Hanging out at Starbucks looking cool while you twitter your friends?

RE: Did Apple Actually Market XProtect?
By tlampen on 9/1/2009 12:21:52 PM , Rating: 5
I agree, both OSes have their benefits and are both pretty good. Both are secure in their own way. This is how you should compare them.
Windows = you sitting in full body armor in a tank in the middle of the Afganistan.
Mac = a tree hugging hippie stones out their mind sitting in Alaska.
Both secure but completely different reasons.

By FITCamaro on 9/1/2009 12:36:30 PM , Rating: 5
Polar bears can climb trees.

If it was Microsoft...
By Hieyeck on 9/1/2009 8:48:57 AM , Rating: 4
...I'm pretty sure Mick would've lambasted it. Judging from the "features" I'd say in this case nothing would've been better than something. At least then users wouldn't be lulled into a false sense of security.

Then again, we're talking about mac users. Security through obscurity! [/sarcasm-for-those-to-thickheaded-to-read-it]

Also, I nominate a new footer quote:
Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats.

RE: If it was Microsoft...
By cabjf on 9/1/2009 9:24:55 AM , Rating: 3
There really is something to Security through Obscurity. If I have a house in a city compared to a house in the country, and I leave both unlocked, which is more likely to be robbed? It's like Apple moved from the country to the suburbs. Their house is still less likely to be robbed than in the city, but less safe than in the country.

This seems to be a first step towards installing some actual security underpinnings. The only things in the wild for Mac at this point are viruses that require the user to run something still. Mac OS X was already asking if you were sure you wanted to run something that was downloaded. This is the next step. Now it looks at the files and if it matches any known viruses, it will let the user know a little more explicitly.

They have been beefing up on their security experts lately though. I would expect to see something more significant in the next release or two. It's going to require some major changes to the way they operate though (admitting to security holes, releases fixes quicker, etc), so who knows if they are willing to make those changes.

RE: If it was Microsoft...
By SavagePotato on 9/1/2009 10:47:15 AM , Rating: 5
Nonetheless your house in the country is actually less secure. When the city limits push closer and closer to your little country cottage, Johnny crack smoker decides to take a trip out to your cottage now that it is in his territory and finds it easy pickins as he carts all your stuff off to the pawn shop back in the city, which is now only a few miles away.

That's the thing about security through obscurity, it's only good till you get noticed.

RE: If it was Microsoft...
By cabjf on 9/1/2009 11:25:00 AM , Rating: 2
For the most part though, virus writers aren't paying attention to Mac's yet. Unless every crack smoker from the city (or at least a good majority) decides to take "shopping" trips to the country, the unlocked country house will still be safer than an unlocked city one, even with a few incidents. I guess it's more about the difference between security a safety. The guy with a bullet proof vest is more secure than the guy without one, but the guy with a bullet proof vest being shot at by an army of attackers is less safe than the guy with no vest and no one (or even a few people) attacking him. Not that levels of safety is the way to describe any situation where one is being shot at.

I think Mac OS X is going to be easier to secure than Windows. Not that it is more secure now, but the way the back end is designed (over top of Unix) is going to make it easier to secure the operating system. Like I said before, they are hiring more security minded people, but it will all depend on how willing they are to listen to them.

RE: If it was Microsoft...
By Alexstarfire on 9/1/2009 2:36:42 PM , Rating: 2
I'm sorry. I didn't expect to come on here today and see a person make themselves look stupid, though it happens a lot. I think you need to learn the definition of secure. Safer != secure, and you should really remember that.

RE: If it was Microsoft...
By adiposity on 9/1/2009 6:12:09 PM , Rating: 2
But what is the meaning of "secure" if nothing is truly 100% secure?

Safer == more secure?

Regardless of whether the two are synonyms, the truth is that Macs aren't "safer" unless "less likely to be targeted" means "safer."

A combination of the number of threats and their frequency with the steps you take to "secure" your system will determine your total likelihood of "infection."

The fact is, the likelihood of infection is all that really matters from an end user's point of view. And it is lower on Macs. For now.


RE: If it was Microsoft...
By Alexstarfire on 9/1/2009 6:29:12 PM , Rating: 5
I would say secure is the odds that someone could hack it provided they tried. Why you think Macs are the first to go down at a hackers convention? Windows and Linux don't usually go down until they allow user intervention. Mac goes down day 1 which is when they only allow like remote access and a lot of restrictions. If they can't get past that......

And yes, less likely to be targeted does mean safer. That's why I don't have a bodyguard protecting me 24/7 from assassins. I doubt someone would waste the resources to do that since I'm a nobody. Takes more effort to kill someone with security forces, ironic enough, than it does me, yet I'm far safer from being killed.

RE: If it was Microsoft...
By adiposity on 9/1/2009 6:41:19 PM , Rating: 2
Ok, I don't really disagree with anything you said.

However, you do realize, that in the dictionary, secure and safe are basically synonyms, right?

So, you are working with a computer definition that is different from the general definition. If so, that's important to state upfront, rather than just telling someone two synonyms aren't synonyms.

Perhaps you meant to use the term "secured." That term is better, perhaps, as it implies steps have been taken to make something safer, rather than just measuring inherent safety.


RE: If it was Microsoft...
By michael2k on 9/1/2009 7:13:59 PM , Rating: 4
A Mac is safer than a PC; there is literally less chance of being attacked because of it's low marketshare.

Safe and secure may be synonyms in the English language, but they aren't in computing. A secure system is one that has been protected. Macs are arguably less secure than Windows PCs.

A safe system is one that is not being attacked. Macs are safer.

Just like I am perfectly safe in an unlocked house, but because the house is unlocked I am not secure.

RE: If it was Microsoft...
By MonkeyPaw on 9/1/2009 6:21:48 PM , Rating: 3
There really is something to Security through Obscurity. If I have a house in a city compared to a house in the country, and I leave both unlocked, which is more likely to be robbed?

The problem is, all the other houses in the "city" are likely locked, since that is the common practice and assumption among city dwellers (even dumb criminals). That's why when I forget to lock my house in the city every once in a while, I don't come home to it being completely cleaned out. If I did it all the time, yeah, I'd probably get robbed. However, the only time you hear about robbers just walking in an unlocked house is in the suburbs, where people think they are safe because of where they live. You see, Apple is not the house in the country. Apple is the ritzy little suburb--safe probably 99% of the time, yet a sitting duck to a motivated criminal.

RE: If it was Microsoft...
By gstrickler on 9/1/09, Rating: 0
RE: If it was Microsoft...
By Alexstarfire on 9/1/2009 5:45:55 PM , Rating: 2
You mistake security for good coding and design. We say security like anti-virus/anti-malware programs. Doesn't matter how good your code is there are always ways to take advantage of it. If you think Mac has great security programs..... then idk what to say. It's false, but you're not on my computer so I don't give a rats ass.

RE: If it was Microsoft...
By gstrickler on 9/1/2009 7:08:05 PM , Rating: 3
You've mistaken having anti-malware software for having security. Anti-malware programs are one part of a security system, but they're not the security system . Anti-malware isn't any more effective against new attacks than having a good security system to start with. Many of the types of "suspicious" activities that anti-malware programs on Windows look for are already prohibited by the kernel in Unix derived systems.

Security starts with the design of the system (access control, etc.), and continues through the coding, installation, user permissions, file system permissions, firewalls, etc. Anti-malware tools look for specific, known infections, and/or look for "suspicious" types of activity, and as such, they can be useful as another layer to the security, but they're nearly useless if you don't have a good design and implementation of the security model for the system.

The claim that the Mac has no anti-malware is incorrect, as many of the capabilities Windows users rely on anti-malware to provide are built-in on Unix derived systems. It's also incorrect to state that the Mac doesn't have anti-malware software available, there are 3rd party anti-malware tools, they're just not used by most Mac owners because it hasn't been necessary yet.

I've been installing, using, and supporting PCs (mostly) and Macs for 24 years. I've set up and secured thousands of machines in large, medium, and small businesses, as well as some home/home office machines. None of the Windows NT/2K/XP Pro or Mac OS X machines I've secured have become infected by malware, except those where the user had to run as administrator (usually because of software that won't work any other way, but occasionally because the boss/owner demanded to be an administrator and wouldn't take no for an answer). That doesn't mean users didn't manage to download any malware, just that the malware didn't do any damage, and didn't spread.

RE: If it was Microsoft...
By Alexstarfire on 9/2/2009 12:40:23 AM , Rating: 2
I wasn't suggesting that none existed or that the programs I mentioned where the whole thing. It just seemed like you were trying to say that security was how well the OS is "locked down" so-to-speak, which isn't the whole story.

The worst part of security is the user, so a lot of times when a computer get's infected there is little a program can do other than minimize the damage.

RE: If it was Microsoft...
By Hieyeck on 9/1/2009 3:33:42 PM , Rating: 2
Good god. I make one comment and everyone picks up on the sarcastic remark. All I implied was that Apple's security record is good only because nobody cares enough to try to REALLY break it.

Nothing that Apple released in the "security package" highlighted in this article looks in the least bit promising. Users just THINK they're secure, making them more reckless in their practices.

By FITCamaro on 9/1/2009 8:12:09 AM , Rating: 5
Them offering anti-virus and malware protection software is anti-competitive and therefore they need to make available a version stripped of these features.

Oh what? We're talking about Apple? Oh ok, then go ahead. They can do whatever they want. Thought we were talking about Microsoft for a second.

RE: Clearly
By Motoman on 9/1/2009 10:35:19 AM , Rating: 5
...I find it hilarious that Apple is marketing their next OS as "more secure" - I mean, it was 100% perfectly secure before, right? Because Macs can't get viruses, trojans, worms, or malware of any kind...right? That's a PC problem...right? So - how can this new release be "more secure" than before?


RE: Clearly
By dark matter on 9/1/2009 1:15:52 PM , Rating: 2
Same way snow leopard "just works" better.

RE: Clearly
By sprockkets on 9/1/2009 5:55:04 PM , Rating: 2
No, it isn't that way. You have to give it to Apple and their sly, marketing techniques when they say:

"And Macs do not get PC viruses, ever."

Which then most people think: "Oh, they don't get any viruses!"

It is a true statement so they can get away with it, until someone shows them a cross platform Java trojan, which does exist.

RE: Clearly
By Motoman on 9/2/2009 8:02:37 PM , Rating: 2
No, they categorically don't specify "PC viruses" - they just say "viruses."

Security by obscurity FTL.

RE: Clearly
By sprockkets on 9/2/2009 11:25:39 PM , Rating: 1
Read their web site. If you are referring to the commercials, that's different

RE: Clearly
By Motoman on 9/2/2009 11:52:31 PM , Rating: 3
...K, well, different how? It's still advertising, and it's still deliberately misleading. No matter where it is.

RE: Clearly
By akugami on 9/1/09, Rating: 0
RE: Clearly
By theapparition on 9/1/2009 1:04:13 PM , Rating: 4
How about a combined total of close to 2 billion in fines from the EU.

Is that what you consider a slap on the wrist? All because they dared to include IE in Windows.

RE: Clearly
By akugami on 9/1/2009 3:16:09 PM , Rating: 2
I was thinking more in terms of the USA and, no offense, forgot about the EU but the EU is pretty wacky and seem to be fine happy. Not sure I agree with some of the fines because they seemed very borderline, and some of them were on MS and Intel among others.

Let's be honest, getting fined billions for including a web browser in your OS is pretty retarded. Even if we all agree (and it's hard to argue against this) that MS is a monopoly and that monopolies require careful watching.

It's not like Apple hasn't been on the EU watch list either.

But getting back to the USA, you can't argue that considering how damning the evidence against MS was, all they (MS) got was a slap on the wrist. I mean, any small company (or most companies period) would not be able to go to a court, submit fake evidence, get caught and still have relatively minor repercussions.

Apple is also the new MS considering how dominant they are. They are also control happy, manipulative and screwing people left and right. While MS has toned down such practices, Apple has actually gone up.

RE: Clearly
By Lightnix on 9/3/2009 6:56:28 AM , Rating: 2
I have to wonder how the graph in that first link would look if they also included JavaME applications - which the iPhone specifically cannot run.

RE: Clearly
By Bender 123 on 9/1/2009 12:43:58 PM , Rating: 2
I dont understand why Apple continues to try to draw the eye of black me crazy, but when your software has security by obscurity, the last thing you want to do is run around and dare people to test your untested defenses.

"HA!!!! I have never been had a break in at my forested cabin on 80 acres in the middle of nowhere! I keep all my money and gear there and only ten people know it exists. I DARE you to try to rob it, because nobody has ever been successful...or even tried for that matter..." Man comes home and the entire house is gone...

RE: Clearly
By michael2k on 9/1/2009 6:59:25 PM , Rating: 3
The problem is that if no one knows where your cabin is, it'll take a while to break in.

The same is true of Macs right now. 1 in 21 systems are Macs on the internet. Send out a Mac virus to 1,000 people and only 40 Macs will respond, and of those 40 Macs maybe only 1 will get infected.

Try the same thing with PCs... 960 targets and if only 1/40 of them get infected you've got 24 infected PCs.

If each infected Mac sends another 1,000 trojans and those 24 PCs send 1,000 each (24,000 total), you will see another Mac but 576 infected PCs. Rather, rinse, repeat, and at the end of day you will have a couple hundred Macs (not enough for a DDOS) but several thousands of PCs.

Security Question for Apple and Windows users
By honestIT on 9/1/09, Rating: 0
By Alexstarfire on 9/1/2009 2:47:38 PM , Rating: 2
And when/if Macs get big later and she's still on that same computer you think it'll matter then? Yea, that's what I thought. If you have a Windows machine that has pretty much any anti-virus and/or anti-malware program on it that updates even semi-regularly then you'll at least have the same level of protection throughout your purchase.

If Macs make it big and she's stuck on that ancient computer she'll be back buying a new one within a day of a virus coming out because it has little/no protection on it.

Of course if you're assuming that Macs will never make it big..... then yea it'd be better. But you know what they say about assuming, right?

RE: Security Question for Apple and Windows users
By sapiens74 on 9/1/09, Rating: -1
RE: Security Question for Apple and Windows users
By snikt on 9/1/2009 3:18:21 PM , Rating: 3
Your IT dept needs to re-evaluate their Windows boxes or their abilities.

We have over 100 Windows boxes that have been accessible to the Public for 7+ years now and not one of them have been compromised...not one.

By sapiens74 on 9/1/2009 3:48:43 PM , Rating: 2
this is on a network of 40k+

By Alexstarfire on 9/1/2009 7:34:51 PM , Rating: 2
You can't get around user stupidity. That goes for everything, not just PCs, or even computers.

I swear that people need to learn the differences in what they say. SAFE != SECURED. In no way did I imply that PCs were safer. I specifically said they were more protected, meaning more secured.

Do people even go to school anymore?

By sapiens74 on 9/1/2009 9:25:20 PM , Rating: 2
bottom line is an idiot user, which comprises the majority of computer users are hard pressed to mess a MAC up

They can with Windows with very little effort

By Alexstarfire on 9/2/2009 12:41:42 AM , Rating: 2
Very true.

By Bateluer on 9/2/2009 5:47:08 PM , Rating: 2
People still go to school, but they can't get less than a 50% any more.

I wonder how many of the infected PCs are running Windows XP Pre-SP1 or 2?

By OmegaVX on 9/1/2009 10:25:01 AM , Rating: 5
With everything apple have been doing and saying recently it really begs the question, are apple compulsive liars or complete idiots?

RE: *sigh*
By dark matter on 9/1/2009 1:21:24 PM , Rating: 3
Well, like attracts like. Explains a lot about Apple users then.

Apple and security? Where?
By HrilL on 9/1/2009 12:57:36 PM , Rating: 2
This whole thing is getting rather old. Apple has never had good security and a small market share has been their savvier for all of time. The pwn to own competition shows this every year when the mac is the first to go down in less than 24 hours. The iPhone could be completely taken over with an SMS message.

MAC doesn't have the servers that make targeting an OS so important. If I were to be making my own botnet I'd want servers with lots of bandwidth and power. As it could take as many as 100 home computers and internet connections to get the same amount of bandwidth and use. Targeting a MAC right now is just a waste of time. But if fall for the mac brainwashing maybe in the future it will be worth while but until then there is not much of a point. Hackers want bang for their buck be it time spent or money and MAC's currently don't have the same bang for the buck and PCs

RE: Apple and security? Where?
By gstrickler on 9/2/09, Rating: 0
RE: Apple and security? Where?
By HrilL on 9/2/2009 1:15:25 PM , Rating: 3
Well you're miss informed. This was able to be exploited and it could allow them to take over the phone completely. You read the proof on concept when it first came out but after that people were able to exploit this. This was shown at black hat. Before you go off defending apple maybe you should know the facts. The black hat event is what lead apple to finally release OS 3.0.1 to fix this vulnerability.

RE: Apple and security? Where?
By gstrickler on 9/2/2009 4:54:04 PM , Rating: 1
You're misinformed, the only part of my post that needs updating is that Miller did figure out a way to exploit it.

The Miller/Mulliner attack was performed via Wi-Fi on a jailbroken iPhone with their fuzzing framework installed, not via OTA SMS messages. Android and Windows Mobile phones were susceptible to the same attack. Android firmware was updated before the Black Hat demonstration, and the iPhone firmware was updated within 24 hours, so the only vulnerable phones are those who haven't updated their firmware and those running Windows Mobile. As far as I can determine, no one has yet demonstrated that this attack and be performed via OTA SMS messages through a carrier network, although the Miras/Lackey attack make me suspect that it might be possible using some carrier(s).

The Miras/Lackey attack is a carrier and GSM problem, it's not specific to the iPhone, and it may be limited to specific (unidentified) carrier(s). As demonstrated, it does not allow taking control of the phone, just changing it's settings such as the Proxy, so it can be used to redirect internet traffic and perform man-in-the-middle attacks.

Oh please...
By snookie on 9/2/09, Rating: 0
RE: Oh please...
By deegee on 9/2/2009 1:02:37 AM , Rating: 3
Get excited about things much? ;-)

I think most people here (including snookie) are missing the BIG picture...

I have been using mainly DOS/Windows for 25 years now, and in all of that time I have [honestly] only caught at most two or three malwares (malwai?), and always from myself doing something I knew I shouldn't have (darn pr0n sites! ;-) ).

In my opinion, I'll take those extremely low odds of getting infected if it means that I can have a computer platform that costs half what a Mac does, with twice the power and expandability, can run 1000x more applications, and gives me more freedom of choice. Thank you.

RE: Oh please...
By Akrovah on 9/2/2009 11:10:25 AM , Rating: 2
I kneel at your altar!

Symantec would know...
By Amiga500 on 9/1/2009 8:09:33 AM , Rating: 1
Seeing as they sell the No. 1 piece of malware on the planet.

I propose a new name for such software.

Instead of shareware.... we have shi... well, I think you can guess.

RE: Symantec would know...
By Belard on 9/1/2009 12:44:16 PM , Rating: 2
Yep... They should know.

RE: Symantec would know...
By chagrinnin on 9/1/09, Rating: 0
By hsvandrew on 9/1/2009 9:50:02 AM , Rating: 1
I can't wait for the day when virus writers release a killer virus for the Mac. Mac users are loaded with cash and very un-savvy computer users and when Mac finally gets a market share large enough to be worth attacking they will all be left with their pants down. Having been lulled into a false belief that they are secure, when really they are just a group of computer users hackers couldn't give a dam about because there is too few of them will see them all watching the hole blown in there wallet. Giving people security software that doesn't work well is very dangerous - take AVG free on Windows as an example. Many users use this thinking they have scored a free virus scanner - the reality is you better hope you don't get a "this season" virus because you won't be protected. If you don't understand why consider how it is free and yet so much work goes into finding and creating update definitions? Thats why others charge... to give you up-to-date protection.

By DCstewieG on 9/1/2009 10:29:17 AM , Rating: 2
With absolutely nothing to back it up, I would bet that the percentage of un-savvy users is about the same on both. Don't forget it's the people on Windows who open EXEs from strangers in their e-mail. And unknowingly become and stay part of a botnet. Meanwhile there are hardcore UNIX nerds who use OS X for that command line.

And I don't know why you're knocking AVG. It's not free because it's crappy and not up to date, but for 2 reasons. First, it's only for home use with no support. It gets the name out there so companies may consider buying it. Second, they're able to upsell support and their more Norton-like package which goes above simple virus/spyware cleaning.

By Martel on 9/1/2009 10:53:00 AM , Rating: 3
After all these years, it's beyond insanity to continue the Windows vs. Mac security nonsense. Neither system is inherently secure and it's quite likely that neither will ever be inherently secure.

On the other hand - in the space-time continuum in which we all live - there is only one side to this issue.

MacOSX systems are secure in the real world; but that's only because they aren't under attack and that could easily change tomorrow; or 5 years from now. Windows systems are typically not secure in the real world TODAY because there are more attack vectors than any organization could reliably count...and any currently updated defense against those attacks can never be perfect even when it's actually in use, which is the case on only about one-quarter to one-third of Windows systems.

The real question with which all Windows users should be concerned has nothing to do with Macs, since there's no problem there - at the moment. That real question is: when will everyone who uses a Windows system be smacked in the face enough times by hackers and those working to defeat the hacks that they will run high quality, currently updated anti-virus software, ALL THE TIME AND ON EVERY SYSTEM?

At the very least, when will they stop pretending that their personal computers don't always need such security, even if their office systems do? And when will ALL businesses become unfailingly serious about enforcing system security measures on all of their systems?

Oh yeah, one more thing. Fanboys. Listen up. Leave the tech discussions to people with some intelligence, knowledge and common sense. Go write some love-letterish emails to Sarah Failin or John Boner instead; and bear in mind that although it's permissible to express your opinion, not all opinions are created equal. Most of them are worthless, and you become an object of scorn when expressing one of those. (I say that as if it were possible for such people to either feel or comprehend the resulting shame...but it's always worth a shot.)

By T2k on 9/1/2009 10:23:55 AM , Rating: 2
...and that's a very rare compliment especially coming from me - I hate MS' lousy-loser-fat-slow-shitty coding and approaches but Security Essential is a GREAT PRODUCT, no question about it.

Apple is a f'n joke when it comes to security, that's another fact beyond any doubt.

By sprockkets on 9/1/2009 9:18:32 PM , Rating: 2
Symantec was among the most critical, stating, "It is not a full-featured antivirus solution and does not have the ability to remove malware from the system. File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates."

Speak for yourself Symantec, since you lack the ability to remove anything either!

By Tony Swash on 9/2/2009 11:09:47 AM , Rating: 2
Meanwhile in the real world its window based PCs that get infected by their tens of thousands. In the real world there are no malware infections spreading in the mac user community. In the real world its PCs and not macs that get infected with nasty stuff.

These reports quoted in the article are from companies with a vested interest in raising anxiety in order to sell their products - its just marketing.

Reproducing its market material as news is cheap journalism.

By dark matter on 9/3/2009 7:11:22 AM , Rating: 2
As it downgrades your version of flash to which has known and active vulnerabilities. No mention of this when you upgrade.

(You should be using at least 10.0.32)

By 325hhee on 9/7/2009 11:04:48 PM , Rating: 2
Don't let the PC users get you Mac users down, we all know Macs are the most safest and secure of all OS. But wait, need a Mac virus? There's an App for that.

Sick of that picture
By SiliconJon on 9/1/2009 10:06:17 AM , Rating: 1
Anybody else beyond sick of that picture? Talk about an old joke that gets reused to often.

I'm just sayin', is all...I got it, it was funny, but can we find a new silly pic of Steve and run it into the ground now?

By UrbanBard on 9/1/2009 6:26:31 PM , Rating: 1
It means that your Mac or Linux OS has the full Unix permission system which prevents it from being vulnerable to the Virus', Worms, Adware and Spyware so common on the Windows operating system. Therefore, we Mac and Linux users do not need anti-virus software.
We are vulnerable to Trojan Horses, Spam and Phishing, because they are social engineering attacks which can trick us into giving away our passwords.

Apple just recently added Spam and Malware software. It is designed to help Mac Newbies avoid adding such malware to our system. It is not designed to remove such malware, because it is very easy to do so in the Terminal Application. Just Google the web to see how.

One thing that was not mention by any of those Anti-Virus sellers was that Snow Leopard sand-boxes all applications in their own virtual space, thus preventing any possibility of malware taking over the system. Just kill the misbehaving process and it is gone.

Snow Leopard is rather new, so we need to allow Mr. Miller and his supposedly White Hat hackers some time to try to spoof the system. It will be their actions, not their words, which will prove their case.

The really insecure OS on the Web is Windows. The following files explain why.,05.shtml

For more detail:,00.shtml

A solution is coming to the malware problem, but it is from Google, not from Apple. Google's Chrome OS will be secure Linux which can replace Microsoft Windows for Internet use. It is much better protected than Windows for light search engine use and for running web applications. Many people can, thus, remove MS Windows from thir system.

Neither the Chrome OS nor its browser conflicts with Apple. When the servers are converted to Linux or Xserve then the web will be much safer to use.,00.shtml

Sony is planning on making Chrome the default web browser on its computers. The Chrome OS will be coming next year and will be safe against against Virus', Worms, Adware and Spyware. Malware will become a thing of the past, If we can only get Window off of all the computer in the world.,00.shtml

Sure OS X is insecure...
By captainBOB on 9/1/2009 9:46:14 PM , Rating: 1
But really, all the "experts" can cry all they want about how Apple is complacent in this regard (shockingly complacent. Apple can do better than this), but so far the amount of security products for OS X has been mediocre, very few of the big AV vendors have any OS X AVs comparable to that of their Windows counterparts, most still use signature based detection, and don't get me started on firewalls.

Meanwhile in the land of Windows AVs are implementing heuristics, sandboxing, etc. non signature based methods. The UNIX base that OS X is built on has become its own worst enemy, heuristics protection for *nix based systems is almost nonexistent (not that most need heuristics anyway), but because Apple had to break several chains of security that made *nix OSes a challenge to break into for the sake of ease of use for the end user, it is much less secure than any other *nix based OS.

Apple isn't the only one who's complacent and since when does the company that develops the OS also have to make the AV? (Microsoft isn't forced into creating and maintaining Windows Defender) I thought that was the job of Symantec or Kaspersky to provide solutions in addition to the security updates that the OS receives from its maker. (Which is what Apple time and time again keeps dropping the ball on)

TL;DR Apple isn't the only one at fault here.

My two cents, corrections are always welcome, flaming isn't. : )

Please leave the pasions out
By jecast on 9/1/09, Rating: -1
By dark matter on 9/1/2009 1:24:47 PM , Rating: 3
I particularly enjoyed this line

[b]You are not getting points or money for trashing anybody[/b]

I guess you did it for the love then.

RE: Please leave the pasions out
By Alexstarfire on 9/1/2009 2:39:15 PM , Rating: 2
Talking about the MBP and security isn't technology related anymore?

RE: Please leave the pasions out
By jecast on 9/1/2009 6:20:42 PM , Rating: 1
"And what exactly is the task that the MBP is s good at? Hanging out at Starbucks looking cool while you twitter your friends?"

No, this is not related to technology or security. Ideas like this one are a misjudgment to human behavior. Who is "Hanging out at Starbucks looking cool...", the MBP or the persons who use it. This is a personal statement, a judgment about having a Mac. It looks as hate to any person who use a Mac. Is wrong, and it is not about technology.

The point is this is not a human gossip website, not a place to discharge your worst feelings anonymously and not a opportunity to promote hate to certain people or preferences. If you think that you have a valid point there are ways to say what you think without insulting or being vane, is up to all of us to find a proper way.

At work or with my clients I don't see people judging me because I have a Mac or a PC, I use both. Or is it that the few ones that have the problem say nothing in front of you and that is why they prefer to discharge under the comfort and security of a faked name. I don't use aked names to cover my worst feelings.

I am looking forward to upgrade my PC to Windows 7, a q6600 with Xp64 that I builded myself, and I already ordered Snow Leopard for my Mac Pro. As I said before I just want to know what to expect from each system. Yes I have been a bit concerned about not having a security software under OSX since the first incarnation and that is why I keep reading and asking, but until now I am not going to use one. And that may change tomorrow. And many people I know use Macs are aware of the situation, so it is not a security by obscurity issue. It is an opportunity while its still safe. I back up every day the system and I have my critical data replicated in different places, Macs or PCs. It is something I promote and talk about.

RE: Please leave the pasions out
By Alexstarfire on 9/1/2009 6:49:20 PM , Rating: 2
So let me get this straight. Asking what a product is good for is irrelevant? If that's the case then I guess EVERYTHING is irrelevant. I know the last part is, but that's not what I was talking about and you know it.

But if you don't considering talking security or about what products do relevant.... then I can't do anything for you.

RE: Please leave the pasions out
By snookie on 9/2/2009 12:42:36 AM , Rating: 2
Don't worry. Nobody is under the impression you have anything to offer.

By bighairycamel on 9/1/2009 11:09:58 AM , Rating: 2
Downrating a spammer to -1: Priceless

By sapiens74 on 9/1/2009 2:42:18 PM , Rating: 3
Would you be safer clicking that link on a Windows box or Apple?

By snikt on 9/1/2009 2:55:53 PM , Rating: 2
Would you be safer clicking that link on a Windows box or Apple?

If you mean my personal Windows box at home and/or work, I don't have any concerns about doing it. If you mean regular ol' Joe's Windows box, that's a different story. But that's because I'm not a "regular joe" when it comes to computers and technology. My box at home and work have been hardened, i.e current patches, non-admin user accounts, active scripting disabled, common sense, etc.

By sapiens74 on 9/1/2009 3:06:42 PM , Rating: 2
current patches, non-admin user accounts, active scripting disabled, common sense, etc.

That isn't common sense

Or otherwise I wouldn't be paid so well to do so.

By deegee on 9/2/2009 12:06:42 AM , Rating: 2
No offense, did you think about what you posted before posting?

If that link goes to a site that has Apple or Linux malware, then it is totally safe to click on it with a Windows box, even a non-secure Windows box.
Your post doesn't prove that any platform is more "secure", all that it says is that Windows is targetted more and that there is more malware released for Windows, hence a greater probability for issues if safe-surfing isn't practiced. This doesn't prove that Windows is less or more secure than another OS.

A large percentage of malware is to thieve information.
If I was a car thief would I go to a large city like New York or would I go to Amish country?

By DarkElfa on 9/2/2009 12:45:55 PM , Rating: 2
2 things, first, the hackers who make viruses would have to be bothered to buy a mac in order to rite a virus for it and second, there would have to be some beneift to ti and seeing as how no important industry uses Macs and not enough people own them to help viral dissemination, it seems unlikely.

The Weakest Link.
By TEAMSWITCHER on 9/1/09, Rating: -1
RE: The Weakest Link.
By mcnabney on 9/1/2009 2:50:53 PM , Rating: 2
The higher price of the mac means that your dealing with people of higher socio-economic status, and as such are better educated and less gullible

You do understand that you are an idiot. Instead of comparing gullibity to income (or willingness to wastefully dispose of income on overpriced toys) you would be better served taking the computer knowledgability angle. The average Apple user may be more affluent, but generally understand far less about computers. My wealthy extended family is full of Mac users who know nothing about their computer besides where the power button is and how to turn on the internet, process email, and download pictures off of their camera. I am actually amazed that Security by Obscurity has been able to protect this Honeypot of users who would gleefully install anything that has a file name of PicturesOfKids.

RE: The Weakest Link.
By TEAMSWITCHER on 9/1/09, Rating: 0
RE: The Weakest Link.
By gstrickler on 9/1/2009 6:10:45 PM , Rating: 2
I am actually amazed that Security by Obscurity has been able to protect this Honeypot of users who would gleefully install anything that has a file name of PicturesOfKids.
That's because it isn't security by obscurity. It has real security, starting with it's BSD foundations and open-source (Darwin project) kernel, to its sane defaults for user permissions. If it were as insecure and as much of a "honeypot" as people keep claiming, the bad guys would have been all over it. Let's see, millions of richer users with limited computer knowledge and no security, almost all of them on the Internet without anti-malware software installed. Sounds like a scammer's dream. So why haven't Mac users been attacked by the millions? Because Mac OS has very good security.

RE: The Weakest Link.
By Akrovah on 9/1/2009 6:18:10 PM , Rating: 2
I'm sorry, you seem to be implying that owning a Mac is automatically a sign of greater intellegence, because they are more exensive?

Completely outside of the Mac vs Windows debate more affluent != more intellegent. Exhibit A - Pick any one of a half dozen teen pop stars who turned 18 over the past decade. Very affluent, but I would argue that they are not exactly intellegent in many regards.

Getting back to the Mac vs Windows debate. Lets do this by your standards. The most affluent person in the world? Oh yeah, he's a Windows user. Meanwhile, on a more personnal level, my uncle, a starving artist, has so little money that they shut off his electricity and he had to huddle by his gas powered oven to keep warm in the middle of a New York winter, swears by Macintosh. Your argument is flawed.

RE: The Weakest Link.
By TEAMSWITCHER on 9/2/2009 11:46:53 AM , Rating: 2
You are talking about specifics, security is more the law of averages. On average, the mac user is better educated and (at the same time) less likely to engage in activity that would leave them vulnerable to malware. This makes the entire Mac community safer.

The "Security by Obscurity" argument is flawed. There are what 30 Million + mac users in the world. Is that number not big enough for a hacker? Especially if the Mac is so vulnerable (according to the security experts).

RE: The Weakest Link.
By Akrovah on 9/3/2009 12:13:40 PM , Rating: 2
How do you figure that the average Mac user is better educated? Do you have some kind of study to prove this? You are making generalizations that have no backing. I'm thinking it is going to be a law of percentages more than averages. For example lets say 50% of all people have higher education. Statistically speaking this means that 50% of Mac users will have had higher education, but also 50% of Windows users.

30 million users is not many in the grand scheme of things. Could also be that there simpy isn't anthing worth taking being stored on a mac. Governments (at least U.S.) use Windows. Most large corporations use Windows. From a business/profit standpoint it makes more sense, since you can get a perfectly adequate Windows workstation for under $1k. Security through obscurity is more than simply numbers, it is also about what they can get. Hackers and malware writers aren't doing it for kicks, they get something out of it. If they weren't it wouldn't be worth thier time. Programming is not an easy task and I'm thinking that most forms of malware are actually pretty complicated.

“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki