Malware Authors Get Boost from Apple's Sluggish Updates, Infect 600K Macs
April 6, 2012 8:40 AM
comment(s) - last by
(Source: Science Photo)
Apple refuses to let Oracle patch Java directly, cybercriminals celebrate 2 months of easy hunting
If you have a Mac and you browse the internet, there's a chance your "secure" Apple, Inc. (
) computer may have been compromised, allowing hackers to
use your computer as part of a botnet
to spread spam and launch distributed denial of service (DDOS) attacks.
I. Half a Million Macs Infected
by security firm Dr Web claims to have discovered at least 600,000 Macs to be infected by "Flashback" the latest in a growing deluge of Mac malware [
The new malware first takes root by masqerading as a Flash player update, which many users haplessly approve. It then does various devious and dastardly deeds, depending on the variant.
Early versions disabled XProtect,
Apple's pseudo-secret antivirus program
, which it quietly slipped in version 10.6.7. The crippling of the protector program was a multi-step sophisticated process where the trojan first decrypted a file attached to the program, then decrypted the path of the updater binary, and finally stopped the updater daemon and overrwrote key files.
The latest version v39, has even more dangerous capabilities:
The exploit then reportedly downloads other malicious programs to control the computer, conscripting it into the authors' botnet. Typically every program installed on the Mac requires user permission to install, a process similar to
the user account control (UAC) warnings
in Windows. However, after the Java exploit, users no longer receive such warnings about the malware installations.
II. Apple Moves Sluggishly to Fix Gaping Holes
In recent months Flashback has been exploiting three specific known Java vulnerabilties. Oracle Corp. (
) had fixed these vulnerabilities way back on Feb. 14, but Mac users did not have access to the free protection as Apple does not allow Oracle to directly update its machines.
Instead Mac users had to wait until 4/4/2012 -- this Wednesday -- to receive
for the last of the flaws. A second update was released yesterday,
security firm Intego. Given that there are commonly other flaws that are patched by Oracle, but not on Macs, these latest patches are likely only to slow -- not stop -- the malware.
In addition, Apple does not automatically install such critical updates on users machines. Rather it prompts them that the update is available in OS X, then allows them to install the update at their own convenience. As a result, many users may never patch the flaws or go weeks unprotected. This contrasts with Microsoft who forces users to endure the
occasional nightly reboot
in the name of security.
Apple has long practiced a negligent approach when it comes to security. Where Microsoft rewards developers who point out potential security flaws,
Apple bans them
III. Macs -- Not That Safe Anymore
Apple users, like Linux users, long trumpeted their platform's "superior security". Even Apple joined in this fun,
attacking veteran operating system maker Microsoft
). While there was some truth in these claims, it was largely due to Apple's miniscule market share -- malicious hacking tends to be profit-motivated and spending a whole lot of work to infect a small portion of a few million machines seemed a lot less attractive than being able to infect hundreds of millions of machines with Windows-geared exploits.
But Apple has
risen in market share
, shipping 16.8m Macs in its fiscal 2011 (which ended in calendar Q3 2011). Now it's learning the pain Microsoft felt for years.
Many Apple users blindly believe their favorite company will protect them sufficiently. In reality Apple does less than Microsoft to protect its users. [Image Source: Eater]
Apple's reaction has been slow at best. Apple still insists on redistributing third parties security updates, but
does so at a leisurely pace
, endangering its users. At the same time, the company was revealed to have been instructing its technicians to
lie to users
and not tell them if their systems are infected.
Timur Tsoriev, an analyst at Kaspersky Lab
, "People used to say that Apple computers, unlike Windows PCs, can't ever be infected - but it's a myth."
Unfortunately many Mac users don't realize that, faithfully believing that Apple is delivering them superior protection. Sadly their faith is misplaced.
This article is over a month old, voting and posting comments is disabled
RE: It is superior
4/6/2012 1:42:50 PM
OS X is based on BSD Unix. Unix was built from the ground up for a multi-user environment (terminals connected to a server). Consequently, it's designed to be multi-user in its core. Apps are written with the assumption that the user does not have root privileges. Functions which need root privileges are called only when absolutely needed. Usually they're run as a separate daemon, with the user making calls to the daemon.
Windows is (originally) based on DOS. DOS was built from the ground up for a single-user environment. Consequently it had no concept of user privileges. In the Windows 3.x - Win 98 days, apps were written with the assumption that the user had admin (root) privileges.
Windows NT/2k/XP/7 supplanted this with a stronger user/admin security model like Unix. It's getting better. But the mindset among Windows developers continues to be to assume that the user can invoke admin privileges whenever it's convenient (for the developer). Instead of doing the hard thing and coding the app so that it doesn't need admin privileges, most developers will just take the shortcut of having the user invoke admin privileges. Every vertical business app I can think of which I've installed for clients has required admin privileges to work properly. Some of them even instructed me to turn off Windows 7's user account control (basically making everything run as administrator).
I'd agree that there are a sufficient number of Unix and OS X bugs that a malware author, if he tried hard enough, could exploit to get root privileges. It's not foolproof. But it's still a higher level of security than you get with Windows. The only thing Windows has going for it is that Microsoft has been pretty open about vulnerabilities and quick to patch them. Apple likes to bury them under the rug shoved into a closet hidden behind a dresser.
RE: It is superior
4/6/2012 5:33:44 PM
I have first hand experience with the problems in how programs can be written to link deep within the kernel in Windows. We have software to run our analytical instruments in the laboratory that was originally written in 16 bit code and still requires the Windows on Windows to function even at the Windows XP and Windows 7 levels. Also it is so tied into the kernel that the XP version will only install if you have up to SP 2, if you have SP 3 in your computer the program will not even install. The Win95 version will not work with W2K or above, and was iffy on Win98. While this may be an easier way for the programmers to code the software, it is a nightmare when the expensive equipment the software runs has a usable lifetime of 10-20 years and you end up having to replace a $100k piece of equipment just because a $1500 computer has died and you can no longer purchase one with WinNT4 installed so that it will be compatible.
"We are going to continue to work with them to make sure they understand the reality of the Internet. A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis
Wrath of the Titans: Microsoft, U.S. Feds Slay Godly "Zeus" Botnets
March 26, 2012, 3:21 PM
Windows 8 Looks to Ditch the "Zombie" Security Restarts of Windows 7
November 15, 2011, 4:38 PM
Developer Demonstrates Serious Security Breach in iOS, Apple Bans His Account
November 8, 2011, 9:06 AM
"Devil Robber" Trojan Infects Macs, Leeches Their GPUs for Bitcoin Profit
November 1, 2011, 10:59 AM
Analysts: Apple Now Has More Than 10 Percent of the U.S. PC Market
July 14, 2011, 1:52 PM
Skrillex Releases Free Album Inside App, But Crashes Torture Fans
March 13, 2014, 8:04 PM
Microsoft Waives Windows Phone OS Licensing Fees for Two Hardware Makers in India
March 13, 2014, 1:07 PM
Huawei Says Windows Phone is "Low Priority", Relegates It to Dual OS
March 13, 2014, 11:21 AM
$1,200 Nikon 1 V3 Mirrorless Camera Offers 120fps Slow Motion Capture
March 13, 2014, 9:04 AM
Surface 2 LTE Tipped for AT&T, Power Cover Available for Pre-order
March 12, 2014, 9:15 AM
HTC One Leaks: LED Smart Cover, Carrier Models, Google Play Ed.
March 11, 2014, 5:30 PM
Most Popular Articles
Bitcoin King Pt. II: Mt. Gox's Dictator Karpelès Proves Tragically Flawed
March 7, 2014, 1:12 PM
Hack Reveals Fallen Bitcoin CEO's Posh Tokyo Penthouse
March 10, 2014, 4:28 PM
Tesla Motors Calls New Jersey Out on New Rule Against Its Direct Sales Model
March 11, 2014, 12:01 PM
NASA Considering SpaceX "Red Dragon" for Returning Mars Samples to Earth
March 10, 2014, 2:43 PM
India Could Rock Google With Its Biggest Antitrust Fine Yet -- $5B USD
March 10, 2014, 8:12 PM
Latest Blog Posts
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
Is The Period Becoming an Expression of Anger?
Nov 26, 2013, 2:02 PM
NSA and Congress -- You Will Never Kill the Constitution, It's an Idea
Nov 10, 2013, 2:00 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information