Apple Quietly Pulls Claims of Virus Immunity

Most of the updated av programs used on Windows will also prompt to scan any flash drive or usb HD as soon as you plug it in. It's not only IE that is vulnerable as far as browsers however. The 64bit WaterFox version of FF just got hit with an unwanted toolbar while looking at a freeware for some program when hitting a link!

When Bing was first out as well as being seen more so with Google searches no less the first site in the results had a little surprise! That was on the 7 beta at the time however. Later the new av program I was pointed to was found to be far more effective at blocking sites with any form of malicious code being concealed.

Regardless of the OS running without any protection is not any smart move. There are bugs like key loggers that get on unnoticed to work as spy bots collecting personal data! Various downloads you might look over will also tend to conceal other things once past the security you have on.

One thing I have to agree with however is that the term "virus" has been overused. Malware and virus can be two totally different things entirely. A worm will self replicate itself and exploit contacts lists while a malware may be designed to lock a user out of his/her machine entirely but still not a virus infection.

Others are rogue fake security programs intent on getting you to buy a program that doesn't even exist! But they take your credit information! The latest indicates this type of malware on the rise.

jimbo45 said:

I've just googled fopr "Sunglasses" and haven't had any virus infecting my machine to date

so what are you doing.

Gosh, Jimbo, this was like 6-8 months ago. He did a google search, picked one of the upmteen zillion responses and got a website that was injected with something or spreading malware themselves. I honestly don't remember what the URL was.

The problem for most is obvious. They need to run Windows for most of the programs(desktop apps, games, etc.) they run while some are able to run on a virtual player of some type on another OS(wine for Linux).

One plus side to the next version of Windows however will be the new form of Windows Defender seen there(restructured MS Security Essentials elements) over how useless the WD has otherwise been so far at malware detection. When going to browse a specific folder kept on one of the storage drives here known to have hidden bugs and opening it up for a look while in the 8 CP slam! W8's newer protections prompts an alert!

What that shows is MS has actually made some serious improvements in security and malware detection while trashing the desktop gui for their next release! MS has decided to make built-in improvements there where this protection will become active when someone neglects to install other forms of av and other protections.

When one company's support asked why I hadn't used a special removal tool I simply replied back I had already removed a fake program as well as locating and removing the hidden trojan manually. The single file is what downloaded the other bugs the fake ware claimed to have discovered? ha ha!

The fakeware however got on by newbie clicking! someone who knows nothing about not clicking on anything suspicious but clicks on everything! That was simply a case of user makes mistake bringing on bug!

Stratos said:

Although OSX isn't immune to malware, you don't have to employ the same protection scheme as you would a Windows PC, it's still light years ahead of Microsoft in being very good against malware thanks to much of its Unix core.

Wrong. Plan wrong. Mac OS is no where near the level of security that has been implemented into Windows over the years. Not even close. Unix has nothing to do with anything. Malware is just rogue applications their is nothing inherit about Unix that stops malware. In fact the first malware was written for Unix!

A traditional PC needs realtime protection because there's several exploit vectors which can bypass the Windows DEP (data execution protection), exploit the UAC (user account control) and gain privilege escalation.

Again, wrong. DEP, ASLR (Address space layout randomization), layer after layer of security make exploiting harder, that is the point. Its not going to stop it. It makes it harder versus a system like Mac OS which has not had any of these layers until recently. No your precious Mac is not more secure then Windows. Since that one hacking competition started (I forgot its name), the very first system that has fallen is Mac OS, every single time with every competition. Its like tradition now.

Mac users who believe they need to have some kind of antivirus running in realtime are misguided as there's no passive way for current malware to exploit privilege escalation like you can in Windows.

Wrong once again! Mac OS has had quite a bit of privilege escalation vulnerabilities. One of the most interesting ones involved Remote Desktop, the bug only showed itself when it was disabled. Fancy that. Also, the trojan everyone is talking about, Flashback correct? Installed itself on machines without user interaction, completely passive!

Also, Microsoft is quick to patch all privilege escalation vulnerabilities. Just like every one else whose got an OS.

Windows is far more vulnerable by design...

You are just full of wrong today its not even funny, my god. There is nothing in Mac OS that makes it more resistant to malware. Absolutely nothing. The only way to protect a system from malware is not to let it run any code (applications, like Firefox or your choice of media player), you will have to live in a walled garden and only be able to use what the man tells you, you can run. No. there is nothing an OS can do that prevents malware. Malware is just an application like everything else.

What a summery! Malwares come in all forms some tucked away in things you download to try out.

The idea behind increased system security on any OS is to detect malicious coding in any that get on. And they can get in in too many ways where the user is totally unaware of them unless they have an effective 3rd party layer or two which seems to catch what will get past any default security in the OS itself.

So far no one has come up with any OS that is totally immune to bugs! Even your smart phones can run into a malicious phone app! It simply goes to show malwares know no boundries since someone will write them up for any platform!

logicearth said:

Stratos said:

Although OSX isn't immune to malware, you don't have to employ the same protection scheme as you would a Windows PC, it's still light years ahead of Microsoft in being very good against malware thanks to much of its Unix core.

Wrong. Plan wrong. Mac OS is no where near the level of security that has been implemented into Windows over the years. Not even close. Unix has nothing to do with anything. Malware is just rogue applications their is nothing inherit about Unix that stops malware. In fact the first malware was written for Unix!

Oh boy, here we go.

First you haven't provided any data proving your point, even if you did it'd likely be questionable since the industry already confirms that Unix/Linux implementations for OS security has proven superior to Windows.

The first rogue code wasn't written for Unix it was written for assembly, the first trojan was written for Unix but that's because Unix existed prior to Windows or OSX. How that's even relevant to what I posted and why you decided to even bring that up is completely beyond me.

logicearth said:

Stratos said:

A traditional PC needs realtime protection because there's several exploit vectors which can bypass the Windows DEP (data execution protection), exploit the UAC (user account control) and gain privilege escalation.

Again, wrong. DEP, ASLR (Address space layout randomization), layer after layer of security make exploiting harder, that is the point. Its not going to stop it. It makes it harder versus a system like Mac OS which has not had any of these layers until recently. No your precious Mac is not more secure then Windows. Since that one hacking competition started (I forgot its name), the very first system that has fallen is Mac OS, every single time with every competition. Its like tradition now.

Before I go into explaining this, maybe you want to read the following links disproving your point. Just because there's DEP and/or ASLR doesn't mean it's effective. OSX 10.6 (Snow Leopard) doesn't have full ASLR in fact it's quite absent in comparison to Vista, Windows 7 or OSX 10.7 (Lion) yet it's track record for malware resistance is exemplary.

The hacking contest you're referring to is Pwn2Own and the hacker which exploited OSX was Charlie Miller, he engineered a magnificent script used to exploit Safari 4.x in a matter of seconds (under 10 if I recall). Safari is not exactly the best browser I've used in regards to security but they got better with Safari 5.1 specifically within OSX Lion 10.7 due to it's new sandboxing features.

Articles regarding issues with DEP and ASLR in Windows: http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf

How to bypass ASLR in Windows: http://vreugdenhilresearch.nl/Pwn2Ow...tExplorer8.pdf

Mac OSX 10.7.x (Lion) has full ASLR implemented on par with Linux. This includes ASLR with position independent executables (PIE). DLLs in Windows have to be pre-mapped at fixed addresses to avoid conflicts so full PIE is not possible with ASLR in Windows.

logicearth said:

Stratos said:

Mac users who believe they need to have some kind of antivirus running in realtime are misguided as there's no passive way for current malware to exploit privilege escalation like you can in Windows.

Wrong once again! Mac OS has had quite a bit of privilege escalation vulnerabilities. One of the most interesting ones involved Remote Desktop, the bug only showed itself when it was disabled. Fancy that. Also, the trojan everyone is talking about, Flashback correct? Installed itself on machines without user interaction, completely passive!

Interesting, name one privilege escalation vulnerability in OSX that didn't require user input. If your argument is regarding a trojan, a trojan is contrary since it requires user input.

Flashback does not install itself without user interaction. In fact the mechanism for it to be installed is that it masquerades itself as an Adobe Flash installer. The part that makes it a trojan is that it presents itself to the user on a booby-trapped website as a rogue Java applet which used a vulnerability within Java (which has since been patched), so it does require user input to install itself onto the computer.

Windows on the other hand has several.

How to develop exploits to bypass UAC by manipulating registry entries for kernel mode driver vulnerabilities. Bypassing UAC with User Privilege under Windows Vista/7 – Mirror

Kernel Mode driver vulnerabilities. https://media.blackhat.com/bh-dc-11/...nelpool-wp.pdf

List of incidents of Kernel mode driver vulnerabilities. CVE - Search Results

Lets talk about application sandboxing and mandatory access controls (MAC) in OSX, which are the same thing. More specifically, applications are sandboxed in OSX via MAC. Mac OSX uses the TrustedBSD MAC framework, which is a derivative of MAC from SE-Linux. This system is mandatory because it does not rely on inherited permissions.

Windows does not have MAC. The system that provides sandboxing in Windows, called mandatory integrity controls (MIC), does not function like MAC because it is not actually mandatory. MIC functions based on inherited permissions so it is essentially an extension of DAC (discretionary access control). If UAC is set with less restrictions or disabled in Windows, then MIC has less restrictions or is disabled. Re-read this paragraph carefully then look at underlined portion.

Researchers have found that MIC is not a security boundary. https://media.blackhat.com/bh-eu-11/...xes-Slides.pdf

logicearth said:

Stratos said:

Windows is far more vulnerable by design...

You are just full of wrong today its not even funny, my god. There is nothing in Mac OS that makes it more resistant to malware. Absolutely nothing. The only way to protect a system from malware is not to let it run any code (applications, like Firefox or your choice of media player), you will have to live in a walled garden and only be able to use what the man tells you, you can run. No. there is nothing an OS can do that prevents malware. Malware is just an application like everything else.

You don't seem to understand how Windows works, nor do you appear to have a single clue about Unix, Linux or OSX, no offense intended. If you're going to post those comments with a "Seven Guru" badge, I suggest posting supporting links to your arguments/objections. If you're merely hurt due to my comments then may I suggest sending me a PM instead of instigating a response openly on the forum. I'm a security researcher specializing in vulnerability exploitation research by career.

logicearth said:

Also, Microsoft is quick to patch all privilege escalation vulnerabilities. Just like every one else whose got an OS.

For the most part MS has been pretty decent with the distribution of security patches, I have to say that it's more frequent than with Mac OSX. However there are several unpatched MS zero-days...

Microsoft DirectX Media SDK "SourceUrl" Remote Buffer Overflow Vulnerability

A vulnerability has been identified in Microsoft DirectX Media SDK, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.

Rated as : Critical
Disclosure Date : 2007-08-13 -> 1781 Days of Exposure

Microsoft Windows CFileFind Class "FindFile()" Buffer Overflow Vulnerability

A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to take complete control of an affected system.

Rated as : Moderate Risk
Disclosure Date : 2007-09-18 -> 1745 Days of Exposure

Microsoft Windows Gzip Libraries Code Execution Vulnerability

A vulnerability has been identified in Microsoft Windows and Windows Services for UNIX, which could be exploited by attackers to compromise a vulnerable system.

Rated as : High Risk
Disclosure Date : 2009-03-26 -> 1189 Days of Exposure

CA Secure Content Manager "ECSQdmn.exe" Heap Overflow Vulnerability

A vulnerability has been identified in CA Secure Content Manager, which could be exploited by remote attackers to take complete control of a vulnerable system.

Rated as : Critical
Disclosure Date : 2011-02-08 -> 505 Days of Exposure

Microsoft .NET Runtime Optimization Service Local Privilege Escalation

A vulnerability has been identified in Microsoft Windows, which could be exploited by local attackers to gain elevated privileges.

Rated as : Moderate Risk
Disclosure Date : 2011-03-08 -> 477 Days of Exposure

Microsoft XML Core Services Uninitialized Object Remote Code Execution

A vulnerability has been identified in Microsoft Windows XML Core Services, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page or office document.

Rated as : Critical
Disclosure Date : 2012-06-12 -> 16 Days of Exposure

Source: VUPEN Security VUPEN Security - Public Zero-Days Monitor - Latest Public Zero Day Threats


Again since you appeared to have missed it, Windows is much more exploitable than OSX however there seem to be more of an abundance of online tools for those able to search for them to help mitigate those problems. OSX on the other hand is just the opposite with only few online tools to help them if they get into a similar situation, which has the potential to create a serious situation until it gets resolved.

So Mr. Logicearth, don't take this the wrong way, my intent is not to point out why OSX is better than Windows, in fact I'm very passionate about my Windows 7 machines but I view computers like how a mechanic looks at his tools. I could easily post a counter post (much larger than this one) about why Windows 7's benefits still trump it's drawbacks (versus OSX) and why it's still worth the time and effort to have layers of security measures in place to mitigate risks to as low as possible.

OSX or Windows, I use whatever that's more convenient and efficient for the task. Like I said, I'm fully aware of Window's exploitability therefore as I stated earlier, different security protection measures and some good old fashioned proactive computing practices can keep a user much safer than those completely aloof to security risks.

Stratos said:

On OSX it's quite different, a keylogger can't make its way on the OS unless the user willingly and knowingly installs it and supplies his/her user credentials. This is why OSX vulnerabilities come in the form of trojans which requires user interaction. OSX thus does not require realtime protection and can get away with on-demand protection.

Summary: A new Flashback Trojan has been discovered that infects Macs without prompting the user for a password. If you haven’t updated Java on your Mac, or disabled it entirely, you could be a victim.
...
Now, security firm Intego says it has discovered a new Flashback variant that installs without prompting the user for a password.

ZDNet
New Flashback variant silently infects Macs | ZDNet

All in all you could debate all that back and forth all day long and criticize one OS or another but Apple realized where they were in error and changed their information rather fast wouldn't you say?

In fact the best part of the report I'll requote here in regards to no OS being 100% bug free or fool proof.

According to Sophos U.S. senior technology consultant Graham Cluley, this is a sign that Apple is starting to take security seriously.


"I view the changes in the messages pushed out by their marketing department as some important baby-steps," he wrote in a blog entry.


"Let's hope more Apple Mac owners are also learning to take important security steps -- such as installing antivirus protection."

If Apple as well as MS is taking security more seriously obviously they realize they also have a list of worries to contend with!