backtop


Print 40 comment(s) - last by The Raven.. on Apr 10 at 12:06 PM


  (Source: Science Photo)
Apple refuses to let Oracle patch Java directly, cybercriminals celebrate 2 months of easy hunting

If you have a Mac and you browse the internet, there's a chance your "secure" Apple, Inc. (AAPL) computer may have been compromised, allowing hackers to use your computer as part of a botnet to spread spam and launch distributed denial of service (DDOS) attacks.

I. Half a Million Macs Infected

A report by security firm Dr Web claims to have discovered at least 600,000 Macs to be infected by "Flashback" the latest in a growing deluge of Mac malware [1][2][3][4] [5].  

The new malware first takes root by masqerading as a Flash player update, which many users haplessly approve.  It then does various devious and dastardly deeds, depending on the variant.  

Early versions disabled XProtect, Apple's pseudo-secret antivirus program, which it quietly slipped in version 10.6.7.  The crippling of the protector program was a multi-step sophisticated process where the trojan first decrypted a file attached to the program, then decrypted the path of the updater binary, and finally stopped the updater daemon and overrwrote key files.
Macs

The latest version v39, has even more dangerous capabilities:

Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code.

The exploit then reportedly downloads other malicious programs to control the computer, conscripting it into the authors' botnet.  Typically every program installed on the Mac requires user permission to install, a process similar to the user account control (UAC) warnings in Windows.  However, after the Java exploit, users no longer receive such warnings about the malware installations.

II. Apple Moves Sluggishly to Fix Gaping Holes

In recent months Flashback has been exploiting three specific known Java vulnerabilties.  Oracle Corp. (ORCL) had fixed these vulnerabilities way back on Feb. 14, but Mac users did not have access to the free protection as Apple does not allow Oracle to directly update its machines.

Instead Mac users had to wait until 4/4/2012 -- this Wednesday -- to receive a patch for the last of the flaws.  A second update was released yesterday, according to security firm Intego.  Given that there are commonly other flaws that are patched by Oracle, but not on Macs, these latest patches are likely only to slow -- not stop -- the malware.

In addition, Apple does not automatically install such critical updates on users machines.  Rather it prompts them that the update is available in OS X, then allows them to install the update at their own convenience.  As a result, many users may never patch the flaws or go weeks unprotected.  This contrasts with Microsoft who forces users to endure the occasional nightly reboot in the name of security.

Apple has long practiced a negligent approach when it comes to security.  Where Microsoft rewards developers who point out potential security flaws, Apple bans them.

III. Macs -- Not That Safe Anymore

Apple users, like Linux users, long trumpeted their platform's "superior security".  Even Apple joined in this fun, attacking veteran operating system maker Microsoft Corp. (MSFT).  While there was some truth in these claims, it was largely due to Apple's miniscule market share -- malicious hacking tends to be profit-motivated and spending a whole lot of work to infect a small portion of a few million machines seemed a lot less attractive than being able to infect hundreds of millions of machines with Windows-geared exploits.

But Apple has risen in market share, shipping 16.8m Macs in its fiscal 2011 (which ended in calendar Q3 2011).  Now it's learning the pain Microsoft felt for years.

Blind Faith Cafe
Many Apple users blindly believe their favorite company will protect them sufficiently.  In reality Apple does less than Microsoft to protect its users. [Image Source: Eater]

Apple's reaction has been slow at best.  Apple still insists on redistributing third parties security updates, but does so at a leisurely pace, endangering its users.  At the same time, the company was revealed to have been instructing its technicians to lie to users and not tell them if their systems are infected.

Timur Tsoriev, an analyst at Kaspersky Lab tells BBCNews, "People used to say that Apple computers, unlike Windows PCs, can't ever be infected - but it's a myth."

Unfortunately many Mac users don't realize that, faithfully believing that Apple is delivering them superior protection.  Sadly their faith is misplaced.

Sources: Dr Web, BBCNews



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Lies.
By Motoman on 4/6/2012 8:54:32 AM , Rating: 5
Once again, the liberal media fabricating stories to bolster it's position against the Truth of the Apple platform.

Everyone knows Apple is immune to such base infection. So say we all. Now gather your iThings and the petroleum jelly and let us begin.




RE: Lies.
By Gio6518 on 4/6/2012 8:57:29 AM , Rating: 2
Will the public believe the facts now that Jobs isn't around to pull his Jedi mind trick...


RE: Lies.
By amanojaku on 4/6/2012 9:34:33 AM , Rating: 4
Apple doesn't have "worms". It has "independent processes".


RE: Lies.
By H33r0 on 4/6/2012 11:56:12 AM , Rating: 2
quote:
Apple doesn't have "worms". It has " innovated processes".


FTFY


RE: Lies.
By CrazyBernie on 4/6/2012 2:04:09 PM , Rating: 5
quote:
Apple doesn't have "worms". It has " magical processes".


FTFY


RE: Lies.
By JediJeb on 4/6/2012 5:00:09 PM , Rating: 4
Those aren't the worms you are looking for..


RE: Lies.
By Crazyeyeskillah on 4/6/2012 9:39:00 AM , Rating: 5
i want nothing more than for apple to bleed an obscene amount of money. I have no love for evil companies like that.

They literally are the evil big brother from the original mac commercial.


RE: Lies.
By ShaolinSoccer on 4/6/2012 10:22:08 AM , Rating: 2
People who get this malware are just using their Macs wrong... lol

This is supposedly how to get rid of it:

http://www.f-secure.com/v-descs/trojan-downloader_...


RE: Lies.
By Motoman on 4/6/2012 11:00:26 AM , Rating: 2
ROFL. Good thing Apple products are so "easy to use."


600,000 Macs infected
By lailin on 4/6/2012 2:39:56 PM , Rating: 1
That means nearly all the Macs in the world /s




Hmm interesting ...
By Shark Tek on 4/6/12, Rating: -1
RE: Hmm interesting ...
By RedemptionAD on 4/6/2012 11:27:44 AM , Rating: 2
Apple is 25% of the market in the USA and around 5% around the world. The end game with all malware is taking personal info and reselling it for monetary gain. Virus people will always target the largest opportunity. Biggest issue I can see with apple is that most apple users with use an ipod and iphone and all centrally utilizing itunes. Meaning if the main computer is compromised the whole ecosystem is. Windows at least decentralizes as in other makers can make things utilize their own software, and problems are more localized rather than bringing the whole consumers world to the ground.
It's like 3 burgalers trying to break into your house vs a battallion of special forces trying to break in. If apple ever got to the windows market share as it stands security wise it would be an absolute massacre.


RE: Hmm interesting ...
By dgingerich on 4/6/2012 11:53:45 AM , Rating: 3
Not entirely true. Thieves, and therefore hackers after personal info, are generally lazy. They'll do what takes the least effort with the greatest reward. For a long time, that meant Windows users. These days, the stupider and lazier users are migrating to Apple, making Macs and iThings the easier and more rewarding target. However, this requires learning new skills to hack OSX, so the changeover is a bit slower for hackers than it is for general users.

It's funny, Mac users would make such easy targets. Apple is slow with updates, has fewer AV programs that work with their system, cooperates less with security companies, and has a more easily hacked platform. It's kind of funny that lazy hackers have taken such a long time to switch over. They're just too lazy to learn the new skills to exploit such easy targets. lazy vs lazy gets some interesting results.


RE: Hmm interesting ...
By Motoman on 4/6/2012 1:38:35 PM , Rating: 2
No it isn't...not from an installed base standpoint. Apple is ~5% of all personal computers worldwide...period.

Take a look around and you'll quickly see that not every 4th computer is a Mac. It's more like every 20th.

Recent upticks in sales aren't changing the basic population % of Macs vs. actual computers.


RE: Hmm interesting ...
By Gio6518 on 4/6/2012 5:28:03 PM , Rating: 2
quote:
No it isn't...not from an installed base standpoint. Apple is ~5% of all personal computers worldwide...period.


yes it does from Apple's standpoint, they're counting iPad's as personal computers to bump their numbers up


RE: Hmm interesting ...
By The Raven on 4/10/2012 11:36:14 AM , Rating: 1
quote:
II. Apple Moves Sluggishly to Fix Gaping Holes In recent months Flashback has been exploiting three specific known Java vulnerabilties. Oracle Corp. (ORCL) had fixed these vulnerabilities way back on Feb. 14, but Mac users did not have access to the free protection as Apple does not allow Oracle to directly update its machines. Instead Mac users had to wait until 4/4/2012 -- this Wednesday -- to receive a patch for the last of the flaws. A second update was released yesterday, according to security firm Intego. Given that there are commonly other flaws that are patched by Oracle, but not on Macs, these latest patches are likely only to slow -- not stop -- the malware. In addition, Apple does not automatically install such critical updates on users machines. Rather it prompts them that the update is available in OS X, then allows them to install the update at their own convenience. As a result, many users may never patch the flaws or go weeks unprotected. This contrasts with Microsoft who forces users to endure the occasional nightly reboot in the name of security. Apple has long practiced a negligent approach when it comes to security. Where Microsoft rewards developers who point out potential security flaws, Apple bans them.

I'm guessing you didn't read this part.
I have a machine running XP and it is clean as a whistle also. But you will not hear me defending MS or XP because of that. It is because of my own know how. This article is about the fact that so many people were infected and points out why. You are not pertinent to the story.
quote:
The same vulnerability affects Linux and Windows with outdated java plugin. I wonder how many of them were affected or are at risk too.
Re: MS see the underlined in the quote and also keep in mind that Oracle is free to push an update directly which they did (pointed out in article). Re: Linux, it depends on your distro as far as how/when you get notified. But it should be said that if you are running linux you are either a) smart enough to know not to install flash spoof or b)not smart enough to know how to install ANYTHING ;-)


It is superior
By nafhan on 4/6/12, Rating: -1
RE: It is superior
By Motoman on 4/6/2012 11:02:18 AM , Rating: 4
quote:
The platform does have a superior security model


No it doesn't. Which is why it's broken first at hacker conventions.

There are no upsides to the Apple platform. Only downsides. In all directions. Uphill, in the snow, both ways.


RE: It is superior
By nafhan on 4/6/12, Rating: -1
RE: It is superior
By Motoman on 4/6/2012 1:41:14 PM , Rating: 3
quote:
If that was true, they would sell 0 systems.


...I correct myself. I should have said something like "there are no functional, technical, or practical upsides to the Apple platform."

The percieved "upside" as seen by the Apple consumer base is an increase in individuality and a greater sense of self-expression, gained by giving Apple large amounts of money in order to do the exact same thing all the other Apple consumers have done. You're not buying a product from Apple - you're buying a sense of self-worth.


RE: It is superior
By nafhan on 4/6/2012 2:51:20 PM , Rating: 2
Eh, I'd still say you're wrong... I'd also say you've gone off on a huge tangent here. I was making a statement specifically about security, and how thanks to it's Unix underpinnings, OSX/iOS has a good base to work from. That's it. You seem to be arguing that Apple is icky and no one should like them, which is a mostly unrelated argument that I don't feel like pursuing any further.

To be perfectly clear, I don't own and I'm not interested in owning any Apple products. Couple my enjoyment of PC gaming, Linux, and getting a good deal, with my dislike for Apple corporation, and there's really no reason for Apple stuff in my house.


RE: It is superior
By TakinYourPoints on 4/7/12, Rating: 0
RE: It is superior
By Solandri on 4/6/2012 1:42:50 PM , Rating: 4
OS X is based on BSD Unix. Unix was built from the ground up for a multi-user environment (terminals connected to a server). Consequently, it's designed to be multi-user in its core. Apps are written with the assumption that the user does not have root privileges. Functions which need root privileges are called only when absolutely needed. Usually they're run as a separate daemon, with the user making calls to the daemon.

Windows is (originally) based on DOS. DOS was built from the ground up for a single-user environment. Consequently it had no concept of user privileges. In the Windows 3.x - Win 98 days, apps were written with the assumption that the user had admin (root) privileges.

Windows NT/2k/XP/7 supplanted this with a stronger user/admin security model like Unix. It's getting better. But the mindset among Windows developers continues to be to assume that the user can invoke admin privileges whenever it's convenient (for the developer). Instead of doing the hard thing and coding the app so that it doesn't need admin privileges, most developers will just take the shortcut of having the user invoke admin privileges. Every vertical business app I can think of which I've installed for clients has required admin privileges to work properly. Some of them even instructed me to turn off Windows 7's user account control (basically making everything run as administrator).

I'd agree that there are a sufficient number of Unix and OS X bugs that a malware author, if he tried hard enough, could exploit to get root privileges. It's not foolproof. But it's still a higher level of security than you get with Windows. The only thing Windows has going for it is that Microsoft has been pretty open about vulnerabilities and quick to patch them. Apple likes to bury them under the rug shoved into a closet hidden behind a dresser.


RE: It is superior
By JediJeb on 4/6/2012 5:33:44 PM , Rating: 2
I have first hand experience with the problems in how programs can be written to link deep within the kernel in Windows. We have software to run our analytical instruments in the laboratory that was originally written in 16 bit code and still requires the Windows on Windows to function even at the Windows XP and Windows 7 levels. Also it is so tied into the kernel that the XP version will only install if you have up to SP 2, if you have SP 3 in your computer the program will not even install. The Win95 version will not work with W2K or above, and was iffy on Win98. While this may be an easier way for the programmers to code the software, it is a nightmare when the expensive equipment the software runs has a usable lifetime of 10-20 years and you end up having to replace a $100k piece of equipment just because a $1500 computer has died and you can no longer purchase one with WinNT4 installed so that it will be compatible.


RE: It is superior
By dgingerich on 4/6/2012 11:48:04 AM , Rating: 2
quote:
The platform does have a superior security model* (vs. Windows).


Obscurity is not a superior security model. Sure, small town occupants can frequently leave their doors unlocked, but that doesn't mean they can't get robbed if a big city burglar comes to town. As a matter of fact, that burglar is more likely to have an easier job of it and get away without penalty. Same thing with Apple, just because there are few hackers who pay attention to Apple doesn't mean they aren't easier targets.


RE: It is superior
By nafhan on 4/6/2012 1:03:01 PM , Rating: 2
Congratulations for making it through the first sentence of my post... responding to just one part of while ignoring the rest is kind of pointless, though.

Anyway, it sounds like you don't know what you're talking about, so I'll let you in on a little secret: obscurity is not the primary security model on Unix-like operating systems. Apple could do a better job implementing patches, etc., but the overall model is still superior, and has been since before Windows (or OSX) were even around.


RE: It is superior
By Smilin on 4/6/2012 3:18:07 PM , Rating: 3
Newsflash: Unixlike isn't stuck in the 90s and neither is win32k.

Neither is using the model they began with and Windows has become incredibly strong since the Trusted Computing Initiative.

Windows also leads the charge in areas elsewhere in the ecosystem. If Apple had been following the Windows patch model this worm wouldn't have gotten far at all.

I'm ignoring the obscurity tripe just like you are but please elaborate on these security models and why you think one is better than the other.


RE: It is superior
By Obujuwami on 4/6/2012 4:01:08 PM , Rating: 2
Stop feeding the troll and they will go away!


RE: It is superior
By nafhan on 4/6/12, Rating: 0
RE: It is superior
By TakinYourPoints on 4/7/2012 4:01:27 PM , Rating: 2
How is stating an argument and backing it up with supported facts "trolling"?

You may not agree with him, but the last thing he is doing is trolling.


RE: It is superior
By nafhan on 4/6/12, Rating: 0
RE: It is superior
By Smilin on 4/6/2012 5:47:50 PM , Rating: 2
I didn't interpret your post as an insult. I just interpeted it as very dated.

As further example just now you mention granularity of user level permissions. I think what you are saying is true for NT 4.0 in the mid 90s.

In general I find peoples views of microsoft as a whole to be very stuck in the past.


RE: It is superior
By nafhan on 4/6/2012 8:43:12 PM , Rating: 1
It's still true today. Again, I'm just saying the Unix implementation is still superior. I'm NOT saying that Windows is unworkable or anything (it's pretty obvious by usage numbers alone that it IS workable), and I'm definitely not saying that Windows hasn't changed since NT 4.0 (?). The server versions of Windows, especially, have been getting more Unix-like with each release over the past 10 years or so. PS is a great example of this trend. I'd consider it over-complicated for what it needs to do, but it's certainly a huge improvement over previous shell environments for Windows.

If it helps, I 'm coming at this from more a server admin perspective, and I would say that for normal desktop usage the differences would be less significant...


RE: It is superior
By TakinYourPoints on 4/9/2012 5:15:58 PM , Rating: 2
You've done nothing but provide well informed posts that are well backed up and people still downvote you. The DT hivemind is ridiculously ignorant.


RE: It is superior
By The Raven on 4/10/2012 11:48:37 AM , Rating: 2
quote:
Linux users, long trumpeted their platform's "superior security".
The platform does have a superior security model* (vs. Windows). Superior and perfect, however, are quite different. Linux users were propagating the belief that their computers were bulletproof, and that's a really bad thing to believe about ANY connected system. *Implementation obviously plays a big part in this. A properly configured Windows machine WILL be more secure than a poorly configured Linux based machine.

FTFY. Now watch me get uprated to a 5 as opposed to your -1's because I didn't mention any round fruit. And I, like you, detest tech companies named after fruit.


Beside the point
By Andrew D. on 4/6/12, Rating: -1
RE: Beside the point
By borismkv on 4/6/2012 12:24:00 PM , Rating: 5
You know, I haven't had a virus in about 10 years on any of my Windows machines...People get viruses because they fall for social engineering tactics. The security of the OS doesn't matter at all when the person behind the keyboard clicks on every pop-up warning they see. I have no jealousy about Apples having fewer viruses, because I know that the people who use Apples are stuck with that idiotic OS.


RE: Beside the point
By Argon18 on 4/6/12, Rating: -1
RE: Beside the point
By Hyperion1400 on 4/8/2012 2:31:31 AM , Rating: 2
quote:
Say what you will about Apple's stance on security, or on how they run their company, but the FreeBSD operating system with a bit of Apple branding and UI "design" sprinkled on top is quite brilliant. Windows is a real turd in comparison.


Fixed :P

Anyway, now to a few legitimate points of contention I have with your post.

U-EFI is not the revolution in PC tech Intel keeps making it out to be. Yeah, it improves boot time, and that's about it; it offers no real performance advantage. All the low level stuff is still handled by the BIOS and U-EFI just acts as a go between.

However, it DOES make for a much nicer UI when you do need to fiddle with the BIOS, that much I will give it.

Windows XP-x64 hit the Market on April 25, 2005

OSX 10.4 (Intel Version) didn't show up until April 29th...

I'm will to call that a draw :P

As for viruses, nobody is willing to put forth the time and effort to develop a fully functional virus for OSX when building a trojan is far simpler and can accomplish what they need just as well. Most Black hats also tend to have hard-on for open source code and a fondness for Unix-like OSes and any virus they create will inevitably have some cross compatibility with FreeBSD since OSX shares kernel commonality with FreeBSD. So yeah, they don't want screw over their compandres.

And, when it comes up, may I direct your attention to the bottom of the page for a very insightful quote...may need to press refresh a few times...

Of course it take 50 tries when I'm actually looking for it:

"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller


RE: Beside the point
By The Raven on 4/10/2012 12:06:07 PM , Rating: 1
quote:
It is fully POSIX compliant, while Windows is not compliant with anything but itself.
Just noticed this part but depending on the product Windows is POSIX compliant. But at any rate you can install the layer if you should need it. So I wouldn't knock MS for that.

As far as the OSX being "brilliant" comment... compared to what? Windows? Hardly. If anything they both are equally impressive (in different areas). And certainly not compared to "name your flavor" of Linux where you are brilliantly free to do whatever the hell you want.

But I certainly agree that the OS itself should not be called idiotic. Though the company policies are...So essentially you would be an idiot to buy said OS given the subject matter.


"I modded down, down, down, and the flames went higher." -- Sven Olsen














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki