Print 107 comment(s) - last by Smilin.. on Dec 8 at 9:51 AM

Sadly, even Macs need to practice computer safety these days.  (Source: GameSpot)
Macs are not the virus-free playground they once were, says Apple

Most computer users take buying or otherwise obtaining antivirus software protection for granted as part of normal computer maintenance.  However, users of Apple's Macs, while being greatly in the minority compared to PCs for years have most gone with no virus protection.  Apple even supported this belief, through ads indicating that Macs don't get viruses.  And while Apple's software security-related patching rate is among the worst in the industry, for years Apple was mostly right; its computers just didn't get targeted in great numbers by malicious users.

Recently, however, Mac has been building up a slightly larger market share, thanks to multiple months in the number 3 computer retailer spot.  While PCs still greatly outnumber Macs, there are now many more Macs, and that spells trouble for Mac security.  This growing problem is exacerbated by Apple's poor patching as was demonstrated at a recent hacker convention, in which an Apple machine was easily compromised a full day before Linux and Windows machines could be.

Now Apple has recognized this new problem and for the first time is recommending its users install antivirus software.  A little notice popped up on its support website, entitled "Mac OS: Antivirus utilities".  In the page Apple states, "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult."

Apple goes on to suggest three products -- Intego VirusBarrier X5 and Symantec Norton Anti-Virus 11 for Macintosh, both available from the Apple Online Store, and McAfee VirusScan for Mac.  Just three months ago Brian Krebs, who first noticed the notice and reported on it in Washington Post, bought a MacBook and was told by Apple employees that he didn't need antivirus software.

Similarly, Apple ads like this have long indicated that Apple is immune to viruses.

So what caused Apple to change its tune?  One major factor appears to be the rise in non-OS attacks.  While Apple's base OS is relatively secure, many of its programs, both Apple and third party have numerous vulnerabilities; among them Flash and Apple's Safari web browser.  Dave Marcus, director of security research and communications at McAfee states, "Apple is realizing that malware these days is targeting data, and valuable data exists just as much on an OS platform that is a Mac as it does on an OS platform that is Windows."

Apple is likely also conscious of the increasingly strong security from Microsoft, and its possible effect on its own users.  With Microsoft beefing up its patching system, adding more OS security layers, and offering free antivirus and malware protection for Windows Vista in mid-2009, hackers may turn to easier hijack Mac computers as a source of bots for botnets or other malicious schemes.

One type of malicious program Apple is particularly vulnerable to is password-stealing Trojans.  Explains Mr. Marcus, "The malware we see today is Trojans, password-stealing Trojans," Marcus said. "They are little apps that are dropped onto the machine to do something. They don't infect files and copy themselves. They are looking for specific information and they send that information somewhere else."

Several such Trojans have popped up, such as the AppleScript.THT Trojan, and another one that targeted Mac users searching pornographic sites.

Apple also has to worry about its adoptees -- Microsoft Office for Mac and Firefox for Mac, both popular targets of exploits.

While some, particularly Mac users may find Apple's new announcement surprising, Mr. Marcus says at the end of the day, it is merely an acknowledgment of reality.  He continues, "At the end of the day, they're (Apple is) advising people to be safe and take precautions.  That's a prudent thing to tell people in Web 2.0 world."

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Hi I'm a MAC
By foolsgambit11 on 12/2/2008 3:14:32 PM , Rating: 5
I'm just going off of what everybody has said in this thread here, because I wasn't aware of this bug.

Why could other operating systems patch it? Because you can tell the OS to handle a specific situation (even within an open protocol) to keep it from becoming a security vulnerability. The other poster was saying that MS put out a patch to ensure that this problem with the DNS protocol wouldn't result in security vulnerabilities in MS OSes. Apple took months, and during that time, people figured out how to turn the DNS vulnerability into an OSX vulnerability. Which is to say, that is a vulnerability in the OSX code. If an OS cannot handle process errors safely, that is an OS vulnerability.

RE: Hi I'm a MAC
By Gzus666 on 12/2/08, Rating: -1
RE: Hi I'm a MAC
By foolsgambit11 on 12/2/2008 4:24:26 PM , Rating: 5
Typical. First off, I'm not the person you were arguing with first - so I don't know what makes more sense now than before my post. I haven't been paying attention to security for a couple years, but I'm not completely ignorant.

Instead of explaining things I already know to me (the basics of TCP/IP and DNS servers), or trying to explain things you don't know (the actual specifics of this attack, not the generality that it allows DNS poisoning), why don't you explain why it's not an OS vulnerability. Here's the argument for why it was an OS vulnerability:

For about a month, major vendors had had their patches in place. Apple's patch wasn't forthcoming (and then it didn't actually work initially). So for that period, individuals on OSX systems, and OSX systems exclusively, were exposed to the threat of, for example, installing malware when they thought they were installing updates from Apple's website. The only major client OS's who were vulnerable to this attack (for a month or so) were people using OSX. Prior to that month, most every major OS was vulnerable to this attack.

Now, to debunk the idea that this is a DNS vulnerability only. Macs were vulnerable because of their implementation of DNS protocols. Other systems were vulnerable as well, but were patched quickly. Yet other systems weren't vulnerable to begin with, because they already implemented DNS port randomization, recognizing the potential vulnerabilities of non- or poorly-randomized ports. All of these DNS server and client programs 'properly' implemented DNS protocols. But not all proper implementations are created equal, nor are they equally safe or unsafe. The majority of DNS systems were implemented in an unsafe way, I will grant. But the implementation of DNS protocols in Macintosh systems is entirely Apple's creation, and the failure to patch it in a timely manner was entirely Apple's fault. The DNS implementation in Macs is part of the OS (you're not going to limit the definition of an OS vulnerability to the kernel, are you?). It leaves users of OSX open to malicious code, activated by user actions. User actions taken, for instance, because the user was tricked into trusting that was, in fact,, (the Apple IP address), when it could actually have been any site. During that same month, a user on a Windows box would not have been vulnerable to this attack (obviously, when trying to get their updates from the MS Update website, not the Apple site).

I guess the counterargument would be that a user could have installed a different DNS handler than the one that comes standard with OSX (assuming OSX allows this?). But this isn't like a web browser, where the average user can decide to switch away from IE6 because it's not very safe. Networking protocols and how they are handled and implemented is part of what people are talking about when they talk about OSX or Windows or Linux. Therefore, this is an OS vulnerability. The same way it would be an OS vulnerability if it was discovered that, due to how it was implemented, only Vista had some DNS bug.

RE: Hi I'm a MAC
By Gzus666 on 12/2/2008 9:52:10 PM , Rating: 2

" The real vulnerability is not in Windows or Linux but in BIND, the most widely deployed DNS software everywhere. A security feature in BIND creates a transaction ID for communications between an IP host and a DNS server. Supposedly, that transaction ID is supposed to be randomized using a 15-bit binary number. But the way it's typically deployed, each limitation or option added to the system reduces the number of bits in that random number by one each time, and reduces the number of guesses a malicious script requires to guess the transaction ID by a power of two."

Nothing to do with the OS, inherent to how the protocol is handled, enjoy.

RE: Hi I'm a MAC
By ZmaxDP on 12/3/2008 2:45:01 AM , Rating: 3
Ahhh, the power of bold...

"... But the way it's typically deployed, each limitation or option added to the system reduces the number of bits in that random number by one each time, and reduces the number of guesses a malicious script requires to guess the transaction ID by a power of two."

In other words, some OS vendors changed how it was deployed in their OS to remove the vulnerability, and Apple didn't. I understand that the SOURCE of the vulnerability wasn't the OS, but the deployment of that vulnerability (and the fix) is in the OS. So, I think this can be used as a comparison pretty effectively...

RE: Hi I'm a MAC
By Gzus666 on 12/3/2008 9:02:53 AM , Rating: 2
No, they patched the vulnerability with an update. It still wasn't a hole in the OS, it was a whole in the DNS implementation that is platform neutral. As I stated before, you can easily fault Apple with taking forever to patch the thing, but when you realize like 2 servers in the world are Mac, you see why they would probably not care to do it in a timely manner.

Berkley made it so you expect all the OS manufacturers to be responsible for its problems? They integrate it in cause it follows the standards, there was a problem, so it was fixed independent of OS. No inherent problem will go across all operating systems just for the pure fact that they don't share the exact same code. Any problem that is across them all is a problem with a shared program or protocol, like Flash for instance, not their core OS.

What next, we blame Microsoft for an HTTP flaw that allows an attack? I don't like Apple, but it's kinda hard to fault them for something like 4 people in the world use on their machines and isn't even their fault or any of the OS maker's fault.

RE: Hi I'm a MAC
By Smilin on 12/3/2008 11:18:30 AM , Rating: 2
Wow you guys are really missing my original point which was this:

The DNS vulnerability (a RFC deficiency that manifested in nearly every RFC implementation) created a level playing field that made for a great real-world comparison of how companies react to security flaws. In this level playing field it became very obvious that Apple sucks. Period.

Regarding the "OS" debate:
There is no such thing as "THE dns implementation". There is the DNS specification which frankly is riddled with ambiguity on on a great number of topics. It is up to OS makers to follow the *specification* to come up with an *implementation*. In the case of this vulnerability the net result was that everyone had a problem in their implementation. In other words it's an OS vulnerability. The fact that everyone had the same one doesn't change this.

And to answer your question (as a Microsoft fan), yes we would blame MS for an HTTP flaw that allows an attack...if they fail to fix it once the flaw becomes known. I therefore blame Apple for leaving their customers vulnerable to the DNS flaw.

Flip the argument:
If MS had waited two months to fix the DNS flaw what would everyone be saying? You're damn right MS would catch hell. So don't go cutting Apple any slack.

RE: Hi I'm a MAC
By Gzus666 on 12/3/2008 11:56:24 AM , Rating: 2
The DNS vulnerability (a RFC deficiency that manifested in nearly every RFC implementation) created a level playing field that made for a great real-world comparison of how companies react to security flaws. In this level playing field it became very obvious that Apple sucks. Period.

I agreed with this in my post. On that same basis, also stated in my subsequent post that the obvious reason they weren't in a hurry to patch it is cause what runs on a Mac server? Nothing. Windows and Linux had to patch it quickly, cause they are actually used for this, Apple most likely realized the 2 people who run a Mac server weren't priority.

Also, no the OS manufacturers do not make DNS, as I showed they are all made by third parties. The most popular being BIND by Berkley.

I am not cutting Apple slack, Apple is a piece of crap company with other examples of piss poor patch times, the DNS issue is just a stupid example for the above reasons. The difference is I hate Apple for things they actually do wrong, you hate them just to hate them.

Also, if you are dumb enough to blame MS for an HTTP attack, why don't we blame them for driver problems and browser problems while we are at it? Can we also blame them for any 3rd party program issues? How about we blame them for holes in Flash? Good fun, needlessly blaming those not involved. If it falls beyond the Kernel, I wouldn't really blame the OS maker, since they are not in direct control of it. Granted there are areas where this is gray and we aren't sure, but this problem isn't one of those times.

RE: Hi I'm a MAC
By Smilin on 12/3/2008 1:32:37 PM , Rating: 1
I'm going to disagree on one final point:

I don't think apple wasn't in a hurry because nobody uses their DNS. I think they actually were in a hurry and simply lacked the capability respond properly.

It's doubly sad because for months they were able to look at others fixed source code (FreeBSD).

MS had to do their own fix (NT 4.0 DNS was BIND but that code all but gone) and put it through far more rigorous regression testing given the size of their install base.

We forget just how shitty apple is at writing OSes. They essentially had to give up and start over because they had fallen so far behind. FreeBSD caught them back up but unless something changes they'll eventually lag again.

"There's no chance that the iPhone is going to get any significant market share. No chance." -- Microsoft CEO Steve Ballmer

Related Articles
Apple's Safari Security Woes
March 31, 2008, 12:22 PM
Microsoft Gets Cozy With The iPhone
March 26, 2008, 2:39 PM
MacBooks Get Hacked Within 60 Seconds
August 4, 2006, 12:46 PM

Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki