Silk Road forums

Discussion => Security => Topic started by: ilovelsd69 on July 08, 2012, 08:02 am

Title: The truth about viruses & malwares on Mac computers / devices.
Post by: ilovelsd69 on July 08, 2012, 08:02 am
Hi everyone, i want to talk a bit about security threats on Mac computers / devices because i see many people that are thinking they are completely safe from virus & other threats just because they own an Apple product and i think this is not a good habit to underestimate hackers those days. They are security flaws in ALL operating systems, Windows, Linux, Mac OS, Android, iOS (iPhone, iPad) & Mac OS, did you heard of the Chronic dev team? Those hackers that offer the jailbreak (unlocking) program for iOS devices? Well those guys uses security flaws in iOS to inject their own code in the device OS kernel to be able to execute programs that are not digitally signed by Apple (On a normal iPhone / iPad you can't run applications that doesn't come from the App Store because of this) by hacking the kernel or by Jailbreaking your device you allow the use of any applications digitally signed or not. This is a good example of what a skilled hacker can do, this team do this as a hobby just because they love to find security flaws in OS / Applications and their work really help in making the iOS better over the time (they find those flaws before Apple after all..). Apple has even offered a job to one of them (his pseudo is Comex). For Mac OS i have found a really good article called "History of Mac malware: 1982 - 2011" on the Sophos website :
Code: [Select]
http://nakedsecurity.sophos.com/2011/10/03/mac-malware-history/#2010 Sophos is a leader in IT security and has been in this market for more than 30 years, when i have to remove a nasty virus / rootkit that i'm unable to remove with my normal business AV i use Sophos tools to remove them, if Sophos tools cannot remove the nasty shit then i have to send a technician to re-image the computer completely (an image is a custom Windows that we configure to meet our business needs and that we can use to deploy 800-1000 computers at a time). Mac users i highly recommend you read that article, you will see that even if the number of virus / malwares on Mac are fewer than on Windows, their number are increasing year after year. You have to keep in mind that if the OS himself is pretty secure, every application you install add security flaws (A good example is Java software) and the recent popularity of Apple products will attract more hacker to create malwares that target those systems. A hacker will target the MOST used operating system primarily but this doesn't means that because Apple only share 10-15% of the computer operating system market that they will not be targeted at all, the use of an antivirus software is a good solution and people must stop of thinking they have not the need to install one. I have found another good article that talk about and compare available antivirus solutions for Mac:
Code: [Select]
http://antivirus.about.com/od/antivirussoftwarereviews/tp/aamacvir.htm and the best news is that you can find a decent one for free so why not installing one? I don't know which one is the best but from what i have read the Intego VirusBarrier one seems to be the the best of all (but it cost 70$ per license..) so considering the high price i recommend the Sophos one that offer business-grade protection for free
Quote
Sophos Anti-Virus for Mac Home Edition:
Sophos Anti-Virus for Mac Home Edition offers business-grade protection free for home use. And the protection literally is business-grade - the free version is based on the same Mac virus scanner Sophos uses in their Endpoint Security line. Best of all, Sophos Anti-Virus for Mac Home Edition detects both Mac and Windows malware. For example, if you use Parallels with a Windows virtual machine on your Mac, files in shared folders on your Mac will be scanned for both types of threats.
I hope this will be useful to all Mac users, knowledge is power guys. Stay safe !
Title: Re: The truth about viruses & malwares on Mac computers / devices.
Post by: Spedly on July 08, 2012, 04:25 pm
I appreciate the spirit and intent behind your message - thank you. But there's a few things that perhaps you should think about.

Relying on anti-virus as a primary means for desktop security creates a false sense of security. I'd like to focus on one particular sentence:

Quote
when i have to remove a nasty virus / rootkit that i'm unable to remove with my normal business AV i use Sophos tools to remove them

This sentence implies that this has happened more than once. What exactly are you doing that you end up with "a nasty virus / rootkit?"

I have been using computers for 30 years. I hit the BBS scene in 1982 and was actively using ARPANET by 1987, and was there when it transitioned to the Internet that we know today. My systems have been infected with a minor virus exactly twice in 30 years.

Security is not about technology. It's a frame of mind. It's about looking at your personal habits, identifying risks, and modifying them where possible. It's about staying under the radar and not engaging in risky behavior outside of a sandbox environment.

As for Mac Antivirus itself, I can understand why people would want to run it. The user base is growing and Apple is traditionally closed and slow when it comes to releasing security bulletins and the patches therein. But take a look at it from a higher level. Viruses, as they are traditionally know, are disappearing. Advanced attacks against unpatched holes and malware are much, much more prevalent.

An interesting endeavor is to check out the latest virus definitions for any given Mac anti-virus product. Count how many Mac-specific threats that can be detected and compare that to the number of Windows-specific threats that can be detected. Then ask yourself, "Does it make sense for me to waste CPU cycles on a product that's going to run all the time and slow my system down in order to protect me from 75,000 Windows viruses and 100 Mac viruses? Or should I retain the performance of my system and change the way I do things?" I always opt for the latter.
Title: Re: The truth about viruses & malwares on Mac computers / devices.
Post by: ilovelsd69 on July 08, 2012, 08:07 pm
I appreciate the spirit and intent behind your message - thank you. But there's a few things that perhaps you should think about.

Relying on anti-virus as a primary means for desktop security creates a false sense of security. I'd like to focus on one particular sentence:

Quote
when i have to remove a nasty virus / rootkit that i'm unable to remove with my normal business AV i use Sophos tools to remove them

This sentence implies that this has happened more than once. What exactly are you doing that you end up with "a nasty virus / rootkit?"

The impression I had was that he is responsible for looking after other people's machines.

I have been using computers for 30 years. I hit the BBS scene in 1982 and was actively using ARPANET by 1987, and was there when it transitioned to the Internet that we know today. My systems have been infected with a minor virus exactly twice in 30 years.

I could have written that, except that I hit the Canadian version of Arpanet (then dubbed NorthNet) in 1986, the year before you.

Security is not about technology. It's a frame of mind. It's about looking at your personal habits, identifying risks, and modifying them where possible. It's about staying under the radar and not engaging in risky behavior outside of a sandbox environment.

I agree wholeheartedly. The problem is that I can't put my head on other people's shoulders (nor can you, yours). Some advice just falls on deaf ears, as my own personal experience with extended family has demonstrated.

As for Mac Antivirus itself, I can understand why people would want to run it. The user base is growing and Apple is traditionally closed and slow when it comes to releasing security bulletins and the patches therein. But take a look at it from a higher level. Viruses, as they are traditionally know, are disappearing. Advanced attacks against unpatched holes and malware are much, much more prevalent.

Again, we are in compete agreement.

An interesting endeavor is to check out the latest virus definitions for any given Mac anti-virus product. Count how many Mac-specific threats that can be detected and compare that to the number of Windows-specific threats that can be detected. Then ask yourself, "Does it make sense for me to waste CPU cycles on a product that's going to run all the time and slow my system down in order to protect me from 75,000 Windows viruses and 100 Mac viruses? Or should I retain the performance of my system and change the way I do things?" I always opt for the latter.

The problem is that, to paraphrase John Donne, "No computer is an island."  Even Linux servers (e.g. mail servers) have to run antivirus software, if only just to prevent Windows systems they are connected to from getting infected by data passing through them.  It sucks big-time, but that is the reality these days.

Guru
Yeah you're right Guru, where i work we manage the infrastructures of more than 400 clients, the client infrastructures are replaced at each 3 years and i have to admit the last antivirus software that we were using for like 5-6 years is totally outdated, we have changed for another this year but the problem is that you can't change it on every clients just because you have a better one. Licenses of the old AV are good for three years, this means to have all of our clients updated to the new AV we have to wait at the renew of each contract (that means from now we have to wait 3 years to have all of our client updated to the new AV). We manage update and install and verify all of them weekly.. But we have to deal with the outdated AV and sometimes infection spreads just because of a dumb client that opened an e-mail.. You cannot control what clients do all the time, seriously my personal habits keep my home network completely safe from any threats and i do agree sandboxed environments are the way to go (i use Linux as a base OS with VM's when i have to use Windows or to test another OS) and in my case an antivirus is not necessary at all because i can revert to a snapshot in like 5 second if something bad happens. I do agree with all you have said Spedly, except for that part you said an antivirus is a false sense of security. Is it better to have an antivirus or nothing at all ? With today's computers installing an AV solution should not slow your computer too much and i see no good reason to not installing one. Trusting too much in an OS perfection IS a false sense of security and a very bad habit. I have never said Mac OS is not a good operating system, it is indeed a very good one and if you compare the number of threats on Mac with those on Windows you can point and laugh at Microsoft and say their product are less secure, but in fact to be fair you must compare Mac OS with Linux in the first place because Mac OS was primarily based on a Linux kernel. A Linux server is very secure if you install no applications on it, but install a full LAMP solution with a PHP portal and you add a lot more of security risks to the equation. This is the same thing with Mac OS when you install an application like Java you add some security risks. They are no 100% safe OS and i highly doubt they will exist one some day. Sorry if this taken time to answer to you guys, this is fun and constructive to have such a talk and i really appreciate your time for the cause  ;)
Title: Re: The truth about viruses & malwares on Mac computers / devices.
Post by: Spedly on July 08, 2012, 08:39 pm
Interesting discussion, guys. Thanks for being a part of it.

I must have missed the part where ilovelsd69 was talking about corporate clients being infected with nasty viruses and rootkits. That's an entirely different ball of wax. In a corporate environment I am 100% aligned with all systems, including Macs, being protected with anti-virus software. My employer has provisioned a MacBook Pro for me to use in a corporate environment and, despite the fact that I feel my own personal risk level is very low, I choose to run anti-virus on it in order to "eat my own dog food" as the corporation's security architect. Moreover, I feel it's good from an operations perspective to have minimum standards across all systems.

As ilovelsd69 pointed out, the risk with Macs seems to lie mainly in userland. I suppose that statement is true for virtually all environments, but systemland on virtually all UNIX-based platforms seems to be miles ahead of Windows in terms of security.

On the home front, however, I won't be installing anti-virus on my Mac Pro workstation anytime soon. It hasn't been necessary up to this point and unless I unknowingly have a stroke one day and end up drastically change my own computing habits I don't think they'll change. :)




Title: Re: The truth about viruses & malwares on Mac computers / devices.
Post by: ilovelsd69 on July 08, 2012, 09:29 pm
Interesting discussion, guys. Thanks for being a part of it.

I must have missed the part where ilovelsd69 was talking about corporate clients being infected with nasty viruses and rootkits. That's an entirely different ball of wax. In a corporate environment I am 100% aligned with all systems, including Macs, being protected with anti-virus software. My employer has provisioned a MacBook Pro for me to use in a corporate environment and, despite the fact that I feel my own personal risk level is very low, I choose to run anti-virus on it in order to "eat my own dog food" as the corporation's security architect. Moreover, I feel it's good from an operations perspective to have minimum standards across all systems.

As ilovelsd69 pointed out, the risk with Macs seems to lie mainly in userland. I suppose that statement is true for virtually all environments, but systemland on virtually all UNIX-based platforms seems to be miles ahead of Windows in terms of security.

On the home front, however, I won't be installing anti-virus on my Mac Pro workstation anytime soon. It hasn't been necessary up to this point and unless I unknowingly have a stroke one day and end up drastically change my own computing habits I don't think they'll change. :)

Shit i really need to do paragraphs, i have just realized that lol :o 4 months before i was unable to write more than 4-5 lines of continuous text in English as my primary language is French  :P The quality of my English has drastically augmented because of the SR forums  ;) So i wanted to say Spedly that i have made this thread because i have been asked sooner this week if i had an antivirus to recommend for Mac users (this all started as a discussion about people getting their SR account password hacked, which i'm sure must be rare for Mac users), i had to do some research first because i'm a PC guy but my goal was to share the info i have found and to made it available to the SR community.
Title: Re: The truth about viruses & malwares on Mac computers / devices.
Post by: oscarzululondon on July 08, 2012, 09:41 pm
There's nothing new about this, it's been known in Mac security circles for literally a decade now that the easiest way to compromise any Apple device with a version of OS X (including iOS) based on the BSD kernel is to cause a stack overflow and inject malicious code into the kernel, however one advantage Apple always had was that in order to run or install any new software (including malware such as trojans, viruses etc), unlike Windows, you're required to enter your Administrator password at a really obvious prompt screen, which means you have to actually be retarded or really IT illiterate to install any kind of malware.

Also there's the old less Mac users vs Windows users thing

On another note the Sophos suite of anti-viruses for Apple devices (OS X) is truly terrible and should be avoided at all costs, it uses too many system resources and has rather poor detection rates. I'm not going to preach to people about what they should be using, but a good comparison can be found here:

http://mac-antivirus-software-review.toptenreviews.com/

Personally I use Intego VirusBarrier, and it's mind blowing.

OZ  :)
Title: Re: The truth about viruses & malwares on Mac computers / devices.
Post by: ilovelsd69 on July 08, 2012, 09:52 pm
There's nothing new about this, it's been known in Mac security circles for literally a decade now that the easiest way to compromise any Apple device with a version of OS X (including iOS) based on the BSD kernel is to cause a stack overflow and inject malicious code into the kernel, however one advantage Apple always had was that in order to run or install any new software (including malware such as trojans, viruses etc), unlike Windows, you're required to enter your Administrator password at a really obvious prompt screen, which means you have to actually be retarded or really IT illiterate to install any kind of malware.

Also there's the old less Mac users vs Windows users thing

On another note the Sophos suite of anti-viruses for Apple devices (OS X) is truly terrible and should be avoided at all costs, it uses too many system resources and has rather poor detection rates. I'm not going to preach to people about what they should be using, but a good comparison can be found here:

http://mac-antivirus-software-review.toptenreviews.com/

Personally I use Intego VirusBarrier, and it's mind blowing.

OZ  :)

Thanks for the info, i have said this seemed to be the best too (the Integro one) but for 70$ i wanted to recommend a cheaper choice but if you have tested the Sophos one.. Truth is that Integro develop a software exclusively for Mac so they may have more better Mac programmers in their team than Sophos. Have you tested the Bitdefender one ?
Title: Re: The truth about viruses & malwares on Mac computers / devices.
Post by: Honza on July 09, 2012, 07:40 pm
I'm using the internet since 40 years now and I must say that I had only 1 virus in 40 years. It is because i'm very smart and cool.

Greeting go out to all my brothers here. Also kudos go out to my brothers.
Title: Re: The truth about viruses & malwares on Mac computers / devices.
Post by: kryptoz on July 09, 2012, 08:18 pm
It's called common sense people, it's not that difficult to avoid getting a virus and/or rootkit.

They exist for every operating system, just because no ones released any for Mac recently doesn't mean there aren't any or any that can be made, its quite easy to be honest. The hardest part for the creator is keeping it FUD.
Title: Re: The truth about viruses & malwares on Mac computers / devices.
Post by: ilovelsd69 on July 09, 2012, 09:47 pm
Your English is WAY better than my French. Actually, based on your writing, I had assumed you were a native English speaker.

Guru

Thanks Guru, i really appreciate  ;D