Symantec has sparked outrage by claiming on Monday that the operating system OS X was set to come under increased hacking and malware attacks.
In its Internet Security Threat Report, Symantec said that Apple's userbase was more likely to come under attack, citing Apple's growing market share and the 37 vulnerabilities that were found in OS X last year — a trend it hinted would continue.
But ZDNet UK readers have rebutted Symantec's claims in a series of angry responses, saying the security company was using marketing tactics of fear, uncertainty and doubt (FUD) to fuel its sales.
"What a load of FUD," said one anonymous IT manager. "Anyone with the smallest sense of knowledge about any of these operating systems knows that the biggest issue with Windows security is the basic design flaws that it keeps dragging on from its past eras, to ensure compatibility."
Another furious reader, an anonymous editor, argued that OS X was already a secure operating system.
"Total nonsense," he said. "Yes, of course, as OS X grows market share it will come under more attack. It hardly takes a rocket scientist to see that. But any idiot can see that an OS which requires [a] root password before installing any software is inherently going to stop more viruses than an OS like Windows which doesn't. Grow up and quit whining."
Analyst group Frost & Sullivan and security company Trend Micro both agreed with Symantec's argument that OSX will become a more tempting target to hackers as its market share increases. But Laird Popkin, a chief technical officer, accuses ZDNet of supporting scare tactics by reporting these views.
"[I]t's somewhat pathetic that ZDNet bothered to 'print' this 'story' since it's clearly self-serving fearmongering [sic] from Symantec," wrote Popkin. "If they were journalists rather than a marketing channel, they'd put this FUD in context."
But Symantec insists its claims are valid. In an emailed response, a Symantec spokesperson wrote: "We've found that one of the recent emerging security concerns is around Mac OS X. No Internet user, regardless of which operating system they use, is 100 percent immune from attack. People should not be scared, but they should make sure they are secure."
Apple, though, did not respond to requests for comment.
Symantec's made its controversial comments in its Internet Security Threat Report, which was released yesterday.
Talkback
This is inline with ISS reporting a vulnerability in McAfee's old scan engine. You can't seriously tell me that has nothing to do with Gartner naming McAfee in the leader quadrant of the Magic Quadrant for Enterprise Antivirus, January 2005. I find it odd that a competitor would release outdated information (McAfee addressed this issue back in November of 2004) right about the time when a Gartner positiong like that would greatly reinforce the better product's stand in the industry. Shame on ISS for stooping to such a new low. What's next? Will they start announcing the vulnerabilities in Symantec's 6.x and 7.x products?
We have had a very involved and expensive security analysis of OSX done by Techdata one of the largest tech consulting firms. They stated that "OS X and it's underlying BSD subsystem are the most secure OS in the world, in wide use." and furthermore "NO known security risk was exploitable save for rootkit access." And that means you must be at the actual machine to do that. So basically they stated in as many words that there was no virus or worm or malware that could be employed in a maliscious way in OS X.
So sysmantec sees an expanding market share coming for os x especially as it moves to intel so they are just doing their marketing.
Shame on them. Boycott them. Let them know we are not as dumb as they think we are! Vote with your wallet.
When liars try to cover their asses they write articles to spin the lies anew, just like this article
Well yesterday you said Symantec had found 37 vulnerabilities something like worms in Apples OS-X. Pure Bull Sh1T!
Today you want to re-spin your lies. Well FUC* YOU we aren't swallowing!
There has never been a worm or any other breach of OS-X. Stuff that and choke on it. You will be writing about it for months when it eventually happens. In the mean time every few minutes a new vulnerability is exploited in Windows and thousands of computers per second are compromised and owned.
I can just see it if a single OS-X computer is some day compromised in say another four years of being invulnerable. The sky will have fallen for sure. In your idea of perspective and relativity the distance between your crossed eyes and the distance earth to moon are identical. Well for the thinking class we don't fall for this nor your flat earth world.
FUD especially crude FUD for morons like your articles, doesn't pass the sniff test in the Mac world.
THE SKY IS FALLING!!!!!
By my Super Hard Hats at a reduced price now at www.fud.com
And the Mac whiners come out of the wood work...
Let's discuss some terminology. A "Vulnerability" is a bug in code. It could be used by an outsider to crash an important system. It could be used by an outsider to execute code. It could be used by an outsider to gain access to files on the system. It depends on the vulnerability and this is why vulnerabilities are usually ranked based upon what could be done.
Yes, Mac OS X has vulnerabilities. That's why Apple sends out those "Security Updates" every month or so. Some of the stuff in these security updates are fixes for open source code that Apple includes with Mac OS X, such as the Apache web server. Some of it is for Apple's own code, such as QuickTime, ColorSync, and AFP (to name three from last year).
To draw an analogy, a vulnerability is like an unlocked door to your house. Just because you leave the door unlocked to your house does not mean you will be burgled. At least in my neighborhood, it's not like there's some villain who comes around to my house everyday and checks to see if I've left a door unlocked. But if one did, he could clean out my house.
An "exploit" is code that takes advantage of a vulnerability. Some of these are "proof of concept" things which are developed by security firms, such as Symantec, to demonstrate the problem. Yes, I've seen a an exploit for Mac OS X running around the web. They don't do anything nasty, they're more to show that it can be done. IT Professionals will sometimes use these exploits to determine whether whatever safeguards they put in place solve the problem.
To draw on the above analogy, it's sort of the equivalent of a person walking through your front door and leaving you a note to remind you to lock your door.
So, yes, there were easily 37 vulnerabilities found in Mac OS X last year. Think of it this way: there were probably at least 12 updates last year (one per month) and each one easily patched 3 things. That's 36 right there.
The only exploit I saw was the one for AFP. That said, I don't devote lots of time, effort, or energy to looking for them. There may have been some others. But I would bet that I could count the number of exploits on both hands.
How an exploit becomes a virus/trojan/whatever usually comes about from some malicious person finding the exploit code and taking advantage of it. I have never seen that and that's what Mac users crow about. There are a bunch of good reasons for this, including better security in Mac OS X as well as the marketshare myth.
"People should not be scared, but they should make sure they are secure."
...by buying our great product, now on sale! remember, it may not do anything to protect you, but if it makes you feel safer, isn't that worth the price we're asking?
What I really would like to know from Symatec is, just what Mac OS X-specific vulnerabilities and viruses its security products protects from. I would really like to know since its website is devoid of such information. And I don't want to see a list of flaws already addressed by Apple's automatic monthly security update.
Since the Mac installed base is significantly non-zero, how come the number of active Mac OS X viruses and worms is zero? This would indicate that the problem is not directly tied to market share as Symantec claims, and may have more to do with the relatively secure nature of OS X itself.
I think that Symantec is correct. The user base for Mac OS X is increasing and this will bring about more attacks by hackers.
HOWEVER, Mac OS X and BSD Unix are the least vunerable of major computer operating systems according to several internet security organizations.
I wonder if Symantec is planning new security products or upgrades for Mac OS X and if this announcement is part of its marketing plan.
I think that companies who invoke panic and then sell us the solution to the "problem" are despicable.
There has been linkage (in the security industry) for some time, between those who are writing various types of exploits and the companies (which I won't name) who supply the solutions. It's amazing that patches are released within hours of the virus or worm "being supplied" in the wild. I know for certain that several "solutions" could NOT have been produced in less than a week to ten days. They were obviously produced in advance and got the jump on their competitors. Another 'coincidence' is that these seem to coincide with the release of newer versions of the software, requiring upgrades. If an investigation was done we would definitely find the solution code was written in advance of of the vulnerability discovery. This in the industry is seen as good business sense... Outside the industry it is obvious that it's criminal. At times their is simply 'direction' given in certain chat rooms and of course followed closely by exploits that are immediately patched.
Apples OSX will not be a likely candidate for this since it can't propagate easily. It is the most secure OS you can network today. Windows is the most easily exploited and Linux is close behind. BSD derivatives like OSX are and always have been the most secure. Linux is smaller market share than OSX yet has nearly as many exploits as Windows so the smaller market share defense is a ruse.
Perception is everything to those ignorant of the software world leaving them unable to discern fact from fiction. Microsoft has kept the greater public locked in by using this foible of human nature combined with fear. I would never allow my documents to reside on a Windows device because it's essentially like having a library of everything personal open to anyone at all times. No business today should have any sensitive documents on a network that has any Windows computer attached nor should they be allowed access. Security is simply nonexistent if Windows machines have access.
Symatec have also stated that due to the increase in HDTV sales, they will also be the next target for viruses, as such they are releasing a new product called C.R.A.P to go along with their other fine products.
All these sayings about the fact that MacOSX has not been yet targetted by virus and computer attacks, because of its little number of users, is completely stupid.
Since when millions of targets (almost 20 millions Macs can use MacOSX) it's not worth it ? Try count that number with fingers and you will soon find out that this is a huge audience...
MacOSX is just more secure ! End of the line.
The next time somebody who is in the business of selling security services walks this path ask them the following:
1 How many definitions in your AV software can actually exploit the current release of the Mac OS? Of these, how many are from third-party applications running on Mac OS X?
2 Same for Windows XP.
3 Same for LINUX.
I use various versions of Windows, UNIX and Mac OS in a networked and internet exposed environment daily in my job and have so for years. Every Windows XP Pro PC at work has quarantined stuff that the corporate edition of Symantec software let through and cannot remove. The Mac and LINUX computers are clean despite being exposed to the same network connections, servers and files.
Note that I said their Corporate Software for Windows is less than stellar on well maintained and patched equipment. I suggest Symantec stop spreading FUD and concentrate on fixing their Windows software. Everybody knows that XP needs all the help it can get.
As the Mac becomes more popular it will become a target, that's obvious, the more Mac's are known about, the greater number of hackers will work on ways to compromise the system.
The point is, hackers will TRY to attack a Mac OS X system, but how many of those will be successful attacks?
Due to the inherent security features of OS X, it will be VERY insignificant next to the Windows OS, if not zero, certainly not enough for Symantec to make any money out of - and that's the point.
Symantec seem to be confused between the number of hackers trying to attack a system and the number of actual successful attacks. Hackers can TRY all they want, but when they see that very little trouble is caused by their efforts, they'll move onto something else, such as mobile phone viruses.
I just tested my Mac with Symantec's own online test and it found that I was safe and secure and that thnks to the built-in firewall in Mac OSX, obviously. Other than that, I have Virex anti-virus through my dot mac-account. We have a Norwegian saying which goes like 'it is better to be careful before than quick afterwards'... No system is 100% safe and secure, of course, but it seems to me that crackers need to break through more doors on a Mac than on Windows, at least.
I am no expert in these matters, but since one need to have access to the Admin accounts' password to do anything which affects the system or even for installing programmes, one would need to circumvent that obstacle in some way or other, right?
Further than that, to make serious damage to the computer, any malware would need to get to the root level, isn't that so? I am the Admin of both of my computers and I wouldn't know how to do that and won't have any use for it, either, so how would some malware access it?
I am fully aware that some virus may be spread through more vulnerable PCs through e-mails, but as far as I know, Mail doesn't allow scripts in attachments to be run without my consent, so I guess that is another obstacle.
I am convinced that it would be possible to overcome these obstacles but so far, no one seems to have succeeded. If crackers are motivated by the possibility to acquire some herostratic fame, wouldn't it be more easily achieved by cracking the Mac, than Windows, something which any script kiddie seems to be able to?
Excuse me if I am whining:)
well it´s quite obvious that the threats to the OS X will be bigger in a not so far away future, but at this time it is by far the most secure OS in the market. Features like keychain or filevault protects your confidential data to the hackers eyes, at this time i don´t know nobody who can decrypt a 128 AE bit encryption in real time... yes, in OS X we have military encryption methods. Also we have Kerberos protocol for the mail app. did i mention about the root access to run any installer? yes, OS X have some vulnerabilities, but if a hacker can access your data, he is not going to see it or destroy that data...
I can´t wait to see the security implementations to the fourth release of OS X, code named, tiger.... soon!
No OS is 100% secure!
Obviously with a Windows O/S running on 90% + of the worlds computers - it's bound to be more attacked (whether it's more secure or not).
Saying Macs are invulnerable is a bit like saying you've less chance to crash in a car made by company B because they only have 2-4% of the market share.
There's a lot more hacking "tools" and knowledge out there to hack the Win O/S - because it's so much more popular.
Linux may seem to be more open to attack by some Mac users, that's also because it has a larger market share than OSX.
*nix O/S's seem to be inherently more secure, but still not invulnerable.
As has been posted earlier - there have been OSX security updates - this is because there have been/are still bugs in the software - despite needing root access to install software, or make system wide changes (this is exactly the same as administrator priveliges on winNT/2K/XP) you don't need root access to exploit an internal software vulnerability - this is what Symantec are talking about.
Fair enough Symantic are probably wanting to hype up the fear factor a bit to sell their products, - it still doesn't mean OSX is invulnerable.
I use both Windows and Mac OS X, Mac OS X being my usability favorite by far.
On neither system do I use Symnatec antivirus products and here is why:
1. They catch the viruses after they are identified. Whoopi! How about heuristic detection, Symantec. Sure, you claim it, but it never works.
2. They hog system resources. I don't have cycles to waste on worthless after the fact protection.
Instead, I disable active x and java, but keep javascript active on Windows. I browse only with Firefox and use IE only for software updates.
On the Mac, I do nothing, other than the firewall. You gotta love industrial strength unix plus Apple usability.
On both machines, I never use email or browse the web from an administrator account. I reserve the admin account for adding, changing and deleting software.
With few exceptions, I use only software that can comes with checksum, md5 or whatever verification and only install after verifying.
I never open email attachments except those from my boss or co-workers. Sorry Mom. Sorry Sis. Sorry Bro. If they are executable, I don't open then ever, no matter who sent them, unless they are protect with a private key/public key system, which Mom, Sis and Bro won't use.
Symantec antivirus exists because Symantec wants problems to exist so they can have job security, not provide security. I refuse to fund their self-perpetuating system.
These people must serously be retarded. It would take a absolute retard to say something like that. It's just disgusting.