backtop


Print 124 comment(s) - last by hiscross.. on Sep 12 at 12:42 PM


Is Apple's Snow Leopard as attack proof as the company believes? Probably not, but it does add some significant protections. Security companies, though, are coming out with criticism against Apple's efforts, in what seems a mix of sour grapes and legitimate points.  (Source: Simple Thoughts -- Computer Security Blog)
Are security firms' Snow Leopard gripes legitimate or just sour grapes? The answer may be be that they are a bit of both..

Just as attacks against Macs were beginning in earnest, and security software makers were ready to step into this new market and begin selling customers security suites, Apple dropped a bomb on the security software vendors -- OS X 10.6 "Snow Leopard" comes with built-in malware detection for a few Mac-specific viruses.

Apple, which has long lambasted Windows PCs as dangerously insecure in its advertisements, brags that its new OS offers unmatched protection against malware and cyber-attacks.  It points to hardware-based execution control for heap memory, stronger checksums for preventing memory corruption attacks, and built in antivirus protection -- dubbed XProtect -- as strong improvements in its OS design.

Now security companies are responding to Apple's boasts via blogs and emails that range from skeptical to scathing. 

Symantec was among the most critical, stating, "It is not a full-featured antivirus solution and does not have the ability to remove malware from the system.  File Quarantine is also signature-based only. Malware signatures are only as good as the definitions, requiring Apple to provide regular, timely updates."

The company points out that OS X's Software Update is not fully automatic and that it does not inform users what signatures have been downloaded, to indicate the current level of protection.  They also criticize that Apple's firewall is turned off by default and lacks the configurability of most third-party solutions.  Also they point out that the OS provides little to no protection against unauthorized access of sensitive information on disc or for information being transmitted over networks.  Finally, they say that Apple's reliance on site lists for its anti-phishing efforts make its blocking close to useless as the attacking sites typically change on a daily basis.

Andrew Storms, director of security operations at nCircle Network Security, also criticized the new software. "It feels like they are just trying to put a tic mark in the anti-malware compliance box for the enterprise customers they are still trying to woo.  So far, it looks like a pretty 'featureless feature.' Compared to other third party options, the functionality is pretty low. It's a lot like getting a warranty on your car that only covers floor mats, " he remarks.

Sophos researcher Paul O Baccas takes a more measured approach, stating that Apple's XProtect may be somewhat useful for certain programs -- Entourage, Safari, Mail, Firefox, Thunderbird -- which call LSQuarantine, an XProtect utility that detects malware.  However, for Skype, Adium, BitTorrent and Apple's Finder -- USB drives, shared network volumes, etc. -- there is no protection, he conversely points out.  He elaborates, "They haven't really integrated an antivirus program.  They've added something which can block some malware under some conditions."

He does say that the changes are better than nothing, however.  Apple meanwhile, refused to directly respond or comment on the criticism from security software vendors.

Security vendors will be facing a double-whammy when Microsoft officially releases its more full-featured security solution for Windows XP, Vista, and the new Windows 7.  Microsoft is set to drop this free security suite, dubbed Microsoft Security Essentials, before the end of the year.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Did Apple Actually Market XProtect?
By ltcommanderdata on 9/1/2009 7:54:36 AM , Rating: 3
The article seems to imply that Apple is promoting XProtect as a integral security feature and antivirus solution for Snow Leopard. However, I don't believe Apple has actually mentioned XProtect in any of their marketing at all. A search of XProtect in Apple.com yields nothing. I think news websites overhyped about this feature rather than Apple. At best, it's a step towards the monthly Windows Malicious Software Removal Tool that Microsoft makes available in Automatic Updates rather than an antivirus.




RE: Did Apple Actually Market XProtect?
By Zstream on 9/1/2009 8:12:55 AM , Rating: 5
That is incorrect, the general feeling in the world is that Apple has less virus and malware. Unfortunately less is an accurate term, people do not understand that Apple is just as easy to hack as a windows machine. Due to market share, the amount of virus infected software is smaller.

You would not believe how many CEO's, CIO's, CPO's and CLO's all believe MAC is a more secure OS. Little do they know....


RE: Did Apple Actually Market XProtect?
By erikejw on 9/1/2009 9:33:52 AM , Rating: 5
I've always felt Apple users felt insecure ;)


RE: Did Apple Actually Market XProtect?
By Visual on 9/1/09, Rating: -1
By Mitch101 on 9/1/2009 12:39:48 PM , Rating: 5
Your post was so confusing to me I nearly went into a coma.

Steve Jobs tried to call the editor to have the story retracted because gods cannot have viruses but then his iPhone started smoking.


RE: Did Apple Actually Market XProtect?
By Tellem on 9/1/09, Rating: -1
RE: Did Apple Actually Market XProtect?
By Tellem on 9/1/09, Rating: -1
RE: Did Apple Actually Market XProtect?
By Gondorff on 9/1/2009 10:27:52 AM , Rating: 5
You must be new here......

Apple Gets Its Own Trojan Viruses for the First Time
http://www.dailytech.com/Apple+Gets+Its+Own+Trojan...

New Attack Compromises Apple Keyboards
http://www.dailytech.com/New+Attack+Compromises+Ap...

Another Major Mac Computer Security Flaw Discovered
http://www.dailytech.com/Another+Major+Mac+Compute...

Apple Patches Java Hole Nearly a Year After Initial Discovery
http://www.dailytech.com/Apple+Patches+Java+Hole+N...

So yes, the super hackers (and even one amateurish hacker from the looks of the first trojan) have had their way with Macs. The smugness of Mac users and the propaganda from Apple simply don't allow such ideas to be heard.

Security through obscurity may not be the only thing protecting Macs from viruses, but it certainly is one of the main ones. Viruses these days are made to create botnets for DoS attacks, or are scams to make money. Neither are very useful with a target audience that is as small as the Mac userbase.


RE: Did Apple Actually Market XProtect?
By Tellem on 9/1/09, Rating: -1
By SavagePotato on 9/1/2009 10:51:19 AM , Rating: 2
I think the term you were looking for there is that you are a little bit thicker, not a little bit broader.


RE: Did Apple Actually Market XProtect?
By Gondorff on 9/1/2009 10:56:36 AM , Rating: 5
Oh I see what you did there! You're so clever, you!
You took the word 'virus', which is used as a blanket term for all malware, and spun it around on me to be just the more restricted definition. So cute... but it doesn't help your argument on Mac security. Cuz you've still got worms and trojans. :)

And next time, instead of the ad hominem on me for being a DailyTech reader, how about you try to debate with my sources like a grownup. The stories are all legit, and reported by other sites--the DailyTech search function was just the simplest way to find them.


RE: Did Apple Actually Market XProtect?
By Gzus666 on 9/1/09, Rating: 0
By Gzus666 on 9/1/2009 9:20:18 PM , Rating: 2
Site*, I had a long day.


RE: Did Apple Actually Market XProtect?
By jragosta on 9/2/2009 8:37:50 AM , Rating: 2
"Actually he is correct, they are technically not viruses. They work differently.

In all honesty it is a bit of a technicality, but legitimately, he was correct. I find it odd at this sight the mob mentality rather than just looking to see if someone is correct."

No, it's not a technicality - it's a fundamental and critical difference.

A virus self-propagates without user intervention. You can become infected simply by receiving email (in some cases without even opening the email) or visiting a web site. That is clearly a HUGE problem.

Trojans can do a lot of damage, but only in the hands of stupid users. The Trojan ASKS to be installed and the user has to tell the computer to install it. I guess you could design a computer that won't install ANYTHING, even if the user asks it to, but that would be the only way to protect against a trojan (and wouldn't be very useful for most people). To a large degree, then, Trojans are a USER security issue more than a COMPUTER security issue.


RE: Did Apple Actually Market XProtect?
By The Irish Patient on 9/2/2009 10:20:54 PM , Rating: 3
I get the difference between viruses and trojans. My personal gripe with Apple is that the company wants it both ways, depending on whether the target was using a Mac PC or a Windows PC.

Win PC user downloads a trojan -- Apple says PCs are full of viruses. Buy us, don't buy them.

Mac PC user downloads a trojan -- Jobs says some Mac users are stupid, the problem is not Apple's fault. Apples don't get viruses.


By hiscross on 9/12/2009 12:42:43 PM , Rating: 2
"Jobs says some Mac users are stupid" Not true. Actually to technically correct you've just lied.


By Belard on 9/1/2009 12:41:04 PM , Rating: 2
fail


RE: Did Apple Actually Market XProtect?
By Iaiken on 9/1/2009 10:39:04 AM , Rating: 5
Is that so? What about the following?

- Newton virus?
- OSX/Leap-A worm?
- RSPlug Trojan?
- iBotNet?
- AppleScript.THT Trojan

All of the above have been found in the wild and some of them were actually pretty wide spread. However, an interesting aspect that limited their spread was the limited extent to which OSX machines actually interface with each other. The odds that any two Macs interface is so statistically low (outside of friends) that it was all but impossible for it to spread.

There are lots of smart developers out there who are perfectly capable of writing petty nasty viruses for OSX and I am sure it wouldn't take long for them to cook something up for the Mac community. But many of them won't bother. Why? Well securemac.com interviewed people at Black Hat and the the survey says: "Not worth it." That's right, the hackers who make their money hacking, say it is not worth it to them. More likely than not, it's just as "not worth it" for the criminal hacker...

Who knows, maybe you are right, but there is an abundance of evidence that points to the contrary...


RE: Did Apple Actually Market XProtect?
By Tellem on 9/1/09, Rating: -1
By Fanon on 9/1/2009 11:43:24 AM , Rating: 5
Viruses aren't the big security threat anymore; I haven't seen viruses in years. Trojans and other malware are the viruses of the day.


By omnicronx on 9/1/2009 12:13:19 PM , Rating: 2
quote:
Those are trojans that have to be installed by the user.
A virus requires user intervention also (its also just self replicatating, some would even argue that a trojan can be a virus depending on how it is written), and believe me a few of those are malware/viruses and not merely trojans. What you are talking about are worms, which OSX essentially does not have.


By Etern205 on 9/1/2009 11:10:42 PM , Rating: 2
The Newton virus (Troika) isn't really a virus, but a prank-like program that collapse the whole desktop and falls where ever the user moves it to due some notebooks with a build in accelerometer. It's a neat program to install for certain Mac users as wake up call that Macs aren't that all secure.

You can however you can get it for a cheap price of $4.99
http://troika.uk.com/newtonvirusdownload


By someguy123 on 9/1/2009 11:06:22 AM , Rating: 4
Claiming you are from the opposing side seems to be the hot method of trying to win arguments before they even start.


RE: Did Apple Actually Market XProtect?
By jragosta on 9/1/09, Rating: -1
By SavagePotato on 9/1/2009 10:42:27 AM , Rating: 5
If aids is rampant in Africa it doesn't mean you are immune to aids because you live in Tasmania and haven't got it yet.

Point of fact it is an extremely insecure platform that has not been targeted by serious threats yet. This has been proven and confirmed by security experts time and again.(see pwn to own competition)

If apples market share shot up to 70% overnight and Mac's outnumbered Windows machines they would be attacked into the stone age and left in a smoking pile of ruin within a couple weeks.


RE: Did Apple Actually Market XProtect?
By StevoLincolnite on 9/1/2009 11:44:33 AM , Rating: 5
You make it sound as if using Windows you will get a Virus every 5 seconds of casual web surfing, which is false.

With the correct software, and the correct browsing precautions you are pretty safe.

The biggest way to not get a virus is to only visit Trusted websites, not websites which have Cracks for your shiny new PC game, or Pr0n websites to get a fix, and most of all don't open an email attachment which says: Earn1milliondollars.exe.txt

The biggest chances of getting a virus is through the stupidity of the person using the computer.


RE: Did Apple Actually Market XProtect?
By snbdr on 9/1/09, Rating: -1
RE: Did Apple Actually Market XProtect?
By peritusONE on 9/1/2009 12:34:48 PM , Rating: 5
quote:
You do realize that the majority of web based attacks come from "trusted" web sites that have been compromised, right?


You can't post a statement as fact and not back it up with some data. Come on now...


RE: Did Apple Actually Market XProtect?
By michael2k on 9/1/2009 7:02:02 PM , Rating: 2
But it's true that Macs have less virus and malware. How is that even contestable?


RE: Did Apple Actually Market XProtect?
By Targon on 9/2/2009 9:01:05 AM , Rating: 5
Security through obscurity is the term often used here. Because Apple has a fairly small percentage of the overall computer market, there are fewer people making malware that targets MacOS. That has nothing to do with how secure MacOS is though.

The chances of being robbed in a small town far away from a large city is smaller than if you lived in or close to a large city. As a result, many people in these small towns don't even bother locking their doors. The problem is that if you assume you are secure and stay blind to changes in the population, you won't take proper precautions by locking your doors.

So, Apple....many people assume they are secure, when it is simply a case of no one bothering to take advantage of the holes in the security of MacOS. As a result of this, it would be VERY easy to fool Mac users into doing something blatantly stupid because of that overconfidence in their security.

With the popularity of the iPod and iPhone, Apple has made a larger target for their brands, and it won't take much longer before people start to target people who use Apple computers...


By michael2k on 9/2/2009 5:11:40 PM , Rating: 1
Agreed. Macs are arguably less secure than PCs.

That still doesn't change two things:
1) Less malware
2) Less marketshare

I asked and you ignored the question. How can you contest that Macs have less malware?


By DominionSeraph on 9/5/2009 7:36:28 AM , Rating: 2
Where did Zstream say otherwise?


By hiscross on 9/12/2009 12:39:23 PM , Rating: 2
"Apple is just as easy to hack as a windows machine." Oh really, prove it.


RE: Did Apple Actually Market XProtect?
By Digimonkey on 9/1/2009 8:14:56 AM , Rating: 5
I think you don't see mention of it because it's not something Apple really wants to brag about. They're still trying to hold most of their consumers to the belief macs are impervious to malware/viruses.


RE: Did Apple Actually Market XProtect?
By bighairycamel on 9/1/2009 11:03:14 AM , Rating: 3
Probably, and after reading some of the clueless posts on this topic, it seems like their brainwashing is still pretty successful.


RE: Did Apple Actually Market XProtect?
By themaster08 on 9/2/2009 3:16:08 AM , Rating: 5
If all Macs fell tomorrow, Steve Jobs would still find a way to make his lemmings believe that their wonder machines are still immune to any form of malware.

The man is a marketing genius. After all, he was able to successfully market a phone incapable of the most basic tasks, that my 4 year old phone is capable of doing.


By smackababy on 9/2/2009 9:52:15 AM , Rating: 2
Hey! It isn't his fault the iPhone can't send MMS. Clearly AT&T is to blame because every other phone on their network can send MMS.


RE: Did Apple Actually Market XProtect?
By ImSpartacus on 9/1/2009 8:46:05 AM , Rating: 3
I agree. It is a step in the right direction. However much of Apple's ads have revolved around ease of use and security when the Mac actually don't have any security. Once their market share gets bigger people will wise up and see that they are just another MS in disguise.

I mean they are both great operating systems, I have a MBP and a modest gaming rig. Both run great; they just do different tasks for me.


By invidious on 9/1/2009 9:55:16 AM , Rating: 5
And what exactly is the task that the MBP is s good at? Hanging out at Starbucks looking cool while you twitter your friends?


RE: Did Apple Actually Market XProtect?
By tlampen on 9/1/2009 12:21:52 PM , Rating: 5
I agree, both OSes have their benefits and are both pretty good. Both are secure in their own way. This is how you should compare them.
Windows = you sitting in full body armor in a tank in the middle of the Afganistan.
Mac = a tree hugging hippie stones out their mind sitting in Alaska.
Both secure but completely different reasons.


By FITCamaro on 9/1/2009 12:36:30 PM , Rating: 5
Polar bears can climb trees.


“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki