Darknet - The Darkside » measuring-security http://www.darknet.org.uk Ethical Hacking, Penetration Testing & Computer Security Tue, 07 Feb 2012 18:34:17 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Measuring up the Security Risks for Mac – Are Apple Prepared? http://www.darknet.org.uk/2006/03/measuring-up-the-security-risks-for-mac-are-apple-prepared/ http://www.darknet.org.uk/2006/03/measuring-up-the-security-risks-for-mac-are-apple-prepared/#comments Fri, 17 Mar 2006 04:23:54 +0000 Darknet http://www.darknet.org.uk/2006/03/measuring-up-the-security-risks-for-mac-are-apple-prepared/

The fact is Windows is getting ripped apart with viruses, spamware, spyware, zombie clients, trojans worms and whatever else you can think of.

Mac and Linux aren’t (at the moment), there are already Bluetooth viruses, so why not Linux and Mac..

Some may say it’s because they are inherently more secure, the architecture and user privelege seperationg means it’s hard for any kind of malware to infect the system…plus they don’t come with crap like Internet Exploder that’s tied into the operating system.

There have been a couple of worms for Linux, mostly praying on Apache, and then the OpenSSL bug that allowed you to get access (combined with the kernel flaw in 2.4 you could easily get root access).

eWeek asks, What will Apple do when the malware comes? Which inevitably it will..

The release in the last few days of malware for the Mac and Linux underscore some old issues about how it is possible to have malware on those platforms. I have some new thoughts though. I’ve begun to wonder what Apple would do if a real problem developed.

To be very clear, a real problem has not yet developed, and Inqtana.A and Leap.A are not a real problem, except to the extent that they may be bellwethers. They are more interesting for what they suggest than what they actually do.

As with Windows, a lot of it is a consumer issue, and down to education.

With Mac, the user does run as a non-priveleged user by default, but when installing any software they can just pop in the Admin password and it’ll install.

It’s all about social engineering, making the user believe they want it, it’s something ‘cool’ or useful.

When good social engineering attacks are developed for the Mac, the same thing will happen. It’s not hard to imagine Web sites and e-mails offering programs for the Mac that do more than they claim to do.

Just in terms of adware, there may be some benefit to being able to deliver known Mac users to advertisers, but for the most part the “value” of infecting the user is the same: to spread itself, and perhaps to create a Mac botnet.

Few have tried to write Malware for OSX yet, but I guess it will happen, the question is are Apple prepared?

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

]]> http://www.darknet.org.uk/2006/03/measuring-up-the-security-risks-for-mac-are-apple-prepared/feed/ 5