Apple Quietly Pulls Claims of Virus Immunity

Most of the updated av programs used on Windows will also prompt to scan any flash drive or usb HD as soon as you plug it in. It's not only IE that is vulnerable as far as browsers however. The 64bit WaterFox version of FF just got hit with an unwanted toolbar while looking at a freeware for some program when hitting a link!

When Bing was first out as well as being seen more so with Google searches no less the first site in the results had a little surprise! That was on the 7 beta at the time however. Later the new av program I was pointed to was found to be far more effective at blocking sites with any form of malicious code being concealed.

Regardless of the OS running without any protection is not any smart move. There are bugs like key loggers that get on unnoticed to work as spy bots collecting personal data! Various downloads you might look over will also tend to conceal other things once past the security you have on.

One thing I have to agree with however is that the term "virus" has been overused. Malware and virus can be two totally different things entirely. A worm will self replicate itself and exploit contacts lists while a malware may be designed to lock a user out of his/her machine entirely but still not a virus infection.

Others are rogue fake security programs intent on getting you to buy a program that doesn't even exist! But they take your credit information! The latest indicates this type of malware on the rise.
 

My Computers My Computers

  • At a glance

    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Bo...AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd r...Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper ...MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 o...
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    Custom builds = 2
    OS
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
    CPU
    AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd remote pc
    Motherboard
    Gigabyte GA-790XTA-UD4-Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper X Fury 8gb 2nd
    Graphics Card(s)
    MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower
    Sound Card
    Creative Labs X-Fi Xtreme Audio P - Realtek onooard 2nd case
    Monitor(s) Displays
    ASUS VW199T-P 19" HP 2082a Main-HP 2082a 20" remote pc
    Screen Resolution
    Asus 1440x900 - HP 1600x900
    Hard Drives
    WD Black 1TB HD per OS W7, W10, and pending W11 presently on 500gb OS Drive - Pending Triple 1TB HDs for Spanned Storage/backup volume
    Single 2TB external USB enclosure, single 1TB System 7 Host/Boot drive, Pending 8TB external HD for system image b
    PSU
    Corsair 750TX - primary / Corsair CX600 - second
    Case
    Antec 900-2 - SSD compatible / NZXT Vulcan mini tower
    Cooling
    Zalman CNPS9900A
    Keyboard
    AZIO L70 Backlit Letters Gaming - ONN Cordless/USB
    Mouse
    MSI DS200 Programmable, Logitech Cordless
    Internet Speed
    30mbps upgrade - primary hard wired - mini tower usb WiFi
    Antivirus
    GFI VIPRE Internet Security 2014 on W7 2016 beta on W10,
    Browser
    Cyberfox, WaterFox 64bit FF variants, FireFox x64, Pale Moon
    Other Info
    Accomdata fan cooled usb 2.0 PIDE/Sata II, III external enclosure.
    Sambient usb/eSata PATA/Sata II, III external enclosure.
  • At a glance

    W7 Pro x64/W11 ProAMD Deneb 3.6ghz - 965Kingston Hyper X Fury 8gbMSI HD Radeon 6450 DVI Output
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    CUSTOM ASSEMBLY
    OS
    W7 Pro x64/W11 Pro
    CPU
    AMD Deneb 3.6ghz - 965
    Motherboard
    Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X Fury 8gb
    Graphics Card(s)
    MSI HD Radeon 6450 DVI Output
    Sound Card
    Realtek onooard Creative or Other separate PENDING
    Monitor(s) Displays
    VIZIO 32" LCD TV Separate LCD Pending
    Screen Resolution
    1600x1080
    Hard Drives
    WD 500GB OS Host/Boot WD Green 1TB Storage/Backup
    PSU
    Corsair 600W - THERMALTAKE 600W spare case
    Case
    NZXT Vulcan mini tower
    Cooling
    Twin 120mm Top Fans - 240mm Side Cover
    Keyboard
    ONN Cordless/USB Logitech Cordless
    Mouse
    ONN USB/Cordless - Logitech Cordless
    Internet Speed
    DSL 5G
    Browser
    MS Edge, FireFox, WaterFox x64, FireFox Nightly
    Other Info
    OS Testing-Remote Access to Main TeamViewer
I've just googled fopr "Sunglasses" and haven't had any virus infecting my machine to date

so what are you doing.

Gosh, Jimbo, this was like 6-8 months ago. He did a google search, picked one of the upmteen zillion responses and got a website that was injected with something or spreading malware themselves. I honestly don't remember what the URL was.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Q9550 2.83Ghz OC'd to 3.40Ghz8GB G.Skill PI DDR2-800, 4-4-4-12 timingsEVGA 1280MB Nvidia GeForce GTX570
Computer Manufacturer/Model Number
Self-Built in July 2009
OS
Windows 7 Ultimate x64
CPU
Intel Q9550 2.83Ghz OC'd to 3.40Ghz
Motherboard
Gigabyte GA-EP45-UD3R rev. 1.1, F12 BIOS
Memory
8GB G.Skill PI DDR2-800, 4-4-4-12 timings
Graphics Card(s)
EVGA 1280MB Nvidia GeForce GTX570
Sound Card
Realtek ALC899A 8 channel onboard audio
Monitor(s) Displays
23" Acer x233H
Screen Resolution
1920x1080
Hard Drives
Intel X25-M 80GB Gen 2 SSD
Western Digital 1TB Caviar Black, 32MB cache. WD1001FALS
PSU
Corsair 620HX modular
Case
Antec P182
Cooling
stock
Keyboard
ABS M1 Mechanical
Mouse
Logitech G9 Laser Mouse
Internet Speed
15/2 cable modem
Other Info
Windows and Linux enthusiast. Logitech G35 Headset.
I agree that protection/detection software should be on everyone's machine regardless of the platform but the degree of implementation does not need to be the same.

For Windows there's a need for realtime protection due to the way how exploits can get by most of Windows protection schemes even without user interaction. On OSX it's quite different, a keylogger can't make its way on the OS unless the user willingly and knowingly installs it and supplies his/her user credentials. This is why OSX vulnerabilities come in the form of trojans which requires user interaction. OSX thus does not require realtime protection and can get away with on-demand protection.

Even then OSX currently uses XProtect, an anti-malware engine provided by Apple silently running and updating itself in the background. How good is it? No idea, it wasn't good enough to counter the latest Flashback or FakeFlash trojan so I suspect it doesn't provide heuristic protection.

Windows is far more vulnerable by design than OSX and Linux. However this is countered by the fact that many tools exist to deal with malware for Windows once infection has been confirmed or suspected. OSX is far more resistant to malware than Windows however since there are much less online tools to deal with malware, an infected Mac would indicate a much more serious problem than if it were on Windows.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 / OS X Snow Leopard 10...i7 QM720 - AMD MV40 - i5 2.3Ghz SB8GB - 4GB - 8GBNvidia 310M - ATI 3200M - Intel HD3000
Computer Manufacturer/Model Number
Sony / IBM / Apple MB Pro 2011
OS
Windows 7 Ultimate x64 / OS X Snow Leopard 10.6.8
CPU
i7 QM720 - AMD MV40 - i5 2.3Ghz SB
Memory
8GB - 4GB - 8GB
Graphics Card(s)
Nvidia 310M - ATI 3200M - Intel HD3000
Sound Card
Various
Monitor(s) Displays
Sony 17 inch LCD - 12 inch - 13 inch
Hard Drives
OCZ Vertex 2 240Gb
Crucial RealSSD C330 256GB
OWC Mercury Extreme Pro 6G 240GB
The problem for most is obvious. They need to run Windows for most of the programs(desktop apps, games, etc.) they run while some are able to run on a virtual player of some type on another OS(wine for Linux).

One plus side to the next version of Windows however will be the new form of Windows Defender seen there(restructured MS Security Essentials elements) over how useless the WD has otherwise been so far at malware detection. When going to browse a specific folder kept on one of the storage drives here known to have hidden bugs and opening it up for a look while in the 8 CP slam! W8's newer protections prompts an alert!

What that shows is MS has actually made some serious improvements in security and malware detection while trashing the desktop gui for their next release! :rolleyes: MS has decided to make built-in improvements there where this protection will become active when someone neglects to install other forms of av and other protections.

When one company's support asked why I hadn't used a special removal tool I simply replied back I had already removed a fake program as well as locating and removing the hidden trojan manually. The single file is what downloaded the other bugs the fake ware claimed to have discovered? ha ha!

The fakeware however got on by newbie clicking! someone who knows nothing about not clicking on anything suspicious but clicks on everything! :rolleyes: That was simply a case of user makes mistake bringing on bug!
 

My Computers My Computers

  • At a glance

    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Bo...AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd r...Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper ...MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 o...
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    Custom builds = 2
    OS
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
    CPU
    AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd remote pc
    Motherboard
    Gigabyte GA-790XTA-UD4-Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper X Fury 8gb 2nd
    Graphics Card(s)
    MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower
    Sound Card
    Creative Labs X-Fi Xtreme Audio P - Realtek onooard 2nd case
    Monitor(s) Displays
    ASUS VW199T-P 19" HP 2082a Main-HP 2082a 20" remote pc
    Screen Resolution
    Asus 1440x900 - HP 1600x900
    Hard Drives
    WD Black 1TB HD per OS W7, W10, and pending W11 presently on 500gb OS Drive - Pending Triple 1TB HDs for Spanned Storage/backup volume
    Single 2TB external USB enclosure, single 1TB System 7 Host/Boot drive, Pending 8TB external HD for system image b
    PSU
    Corsair 750TX - primary / Corsair CX600 - second
    Case
    Antec 900-2 - SSD compatible / NZXT Vulcan mini tower
    Cooling
    Zalman CNPS9900A
    Keyboard
    AZIO L70 Backlit Letters Gaming - ONN Cordless/USB
    Mouse
    MSI DS200 Programmable, Logitech Cordless
    Internet Speed
    30mbps upgrade - primary hard wired - mini tower usb WiFi
    Antivirus
    GFI VIPRE Internet Security 2014 on W7 2016 beta on W10,
    Browser
    Cyberfox, WaterFox 64bit FF variants, FireFox x64, Pale Moon
    Other Info
    Accomdata fan cooled usb 2.0 PIDE/Sata II, III external enclosure.
    Sambient usb/eSata PATA/Sata II, III external enclosure.
  • At a glance

    W7 Pro x64/W11 ProAMD Deneb 3.6ghz - 965Kingston Hyper X Fury 8gbMSI HD Radeon 6450 DVI Output
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    CUSTOM ASSEMBLY
    OS
    W7 Pro x64/W11 Pro
    CPU
    AMD Deneb 3.6ghz - 965
    Motherboard
    Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X Fury 8gb
    Graphics Card(s)
    MSI HD Radeon 6450 DVI Output
    Sound Card
    Realtek onooard Creative or Other separate PENDING
    Monitor(s) Displays
    VIZIO 32" LCD TV Separate LCD Pending
    Screen Resolution
    1600x1080
    Hard Drives
    WD 500GB OS Host/Boot WD Green 1TB Storage/Backup
    PSU
    Corsair 600W - THERMALTAKE 600W spare case
    Case
    NZXT Vulcan mini tower
    Cooling
    Twin 120mm Top Fans - 240mm Side Cover
    Keyboard
    ONN Cordless/USB Logitech Cordless
    Mouse
    ONN USB/Cordless - Logitech Cordless
    Internet Speed
    DSL 5G
    Browser
    MS Edge, FireFox, WaterFox x64, FireFox Nightly
    Other Info
    OS Testing-Remote Access to Main TeamViewer
Although OSX isn't immune to malware, you don't have to employ the same protection scheme as you would a Windows PC, it's still light years ahead of Microsoft in being very good against malware thanks to much of its Unix core.

Wrong. Plan wrong. Mac OS is no where near the level of security that has been implemented into Windows over the years. Not even close. Unix has nothing to do with anything. Malware is just rogue applications their is nothing inherit about Unix that stops malware. In fact the first malware was written for Unix!

A traditional PC needs realtime protection because there's several exploit vectors which can bypass the Windows DEP (data execution protection), exploit the UAC (user account control) and gain privilege escalation.
Again, wrong. DEP, ASLR (Address space layout randomization), layer after layer of security make exploiting harder, that is the point. Its not going to stop it. It makes it harder versus a system like Mac OS which has not had any of these layers until recently. No your precious Mac is not more secure then Windows. Since that one hacking competition started (I forgot its name), the very first system that has fallen is Mac OS, every single time with every competition. Its like tradition now.

Mac users who believe they need to have some kind of antivirus running in realtime are misguided as there's no passive way for current malware to exploit privilege escalation like you can in Windows.
Wrong once again! Mac OS has had quite a bit of privilege escalation vulnerabilities. One of the most interesting ones involved Remote Desktop, the bug only showed itself when it was disabled. Fancy that. Also, the trojan everyone is talking about, Flashback correct? Installed itself on machines without user interaction, completely passive!

Also, Microsoft is quick to patch all privilege escalation vulnerabilities. Just like every one else whose got an OS.

Windows is far more vulnerable by design...
You are just full of wrong today its not even funny, my god. There is nothing in Mac OS that makes it more resistant to malware. Absolutely nothing. The only way to protect a system from malware is not to let it run any code (applications, like Firefox or your choice of media player), you will have to live in a walled garden and only be able to use what the man tells you, you can run. No. there is nothing an OS can do that prevents malware. Malware is just an application like everything else.
 

My Computer My Computer

At a glance

Windows 10 Pro (x64)Intel Core i7-3930K (3.2GHz - 4.5GHz)4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)Nvidia Geforce GTX 690
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Alienware Aurora ALX R4
OS
Windows 10 Pro (x64)
CPU
Intel Core i7-3930K (3.2GHz - 4.5GHz)
Motherboard
Alienware Aurora-R4 x79
Memory
4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)
Graphics Card(s)
Nvidia Geforce GTX 690
Sound Card
SteelSeries Siberia Elite
Monitor(s) Displays
Dell UltraSharp U3011
Screen Resolution
2560x1600
Hard Drives
Samsung 850 Pro 256 GB, Seagate 1TB Desktop Hybrid HDD, 2x Western Digital 4TB Green HDD
PSU
875W Some Dell PSU <.<
Case
Alienware Aurora ALX
Cooling
Custom Liquid Cooling (EK CPU & GPU blocks) dual EK 480RAD
Keyboard
Logitech G710+ Mechanical
Mouse
Logitech G700s
Internet Speed
Verizon Fios (50 mbps average)
Other Info
Server: Intel NUC D54250WYK: i5-4250U, 16GB, 256 GB mSATA, Windows Server 2012 R2
What a summery! :D Malwares come in all forms some tucked away in things you download to try out.

The idea behind increased system security on any OS is to detect malicious coding in any that get on. And they can get in in too many ways where the user is totally unaware of them unless they have an effective 3rd party layer or two which seems to catch what will get past any default security in the OS itself.

So far no one has come up with any OS that is totally immune to bugs! Even your smart phones can run into a malicious phone app! It simply goes to show malwares know no boundries since someone will write them up for any platform!
 

My Computers My Computers

  • At a glance

    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Bo...AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd r...Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper ...MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 o...
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    Custom builds = 2
    OS
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
    CPU
    AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd remote pc
    Motherboard
    Gigabyte GA-790XTA-UD4-Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper X Fury 8gb 2nd
    Graphics Card(s)
    MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower
    Sound Card
    Creative Labs X-Fi Xtreme Audio P - Realtek onooard 2nd case
    Monitor(s) Displays
    ASUS VW199T-P 19" HP 2082a Main-HP 2082a 20" remote pc
    Screen Resolution
    Asus 1440x900 - HP 1600x900
    Hard Drives
    WD Black 1TB HD per OS W7, W10, and pending W11 presently on 500gb OS Drive - Pending Triple 1TB HDs for Spanned Storage/backup volume
    Single 2TB external USB enclosure, single 1TB System 7 Host/Boot drive, Pending 8TB external HD for system image b
    PSU
    Corsair 750TX - primary / Corsair CX600 - second
    Case
    Antec 900-2 - SSD compatible / NZXT Vulcan mini tower
    Cooling
    Zalman CNPS9900A
    Keyboard
    AZIO L70 Backlit Letters Gaming - ONN Cordless/USB
    Mouse
    MSI DS200 Programmable, Logitech Cordless
    Internet Speed
    30mbps upgrade - primary hard wired - mini tower usb WiFi
    Antivirus
    GFI VIPRE Internet Security 2014 on W7 2016 beta on W10,
    Browser
    Cyberfox, WaterFox 64bit FF variants, FireFox x64, Pale Moon
    Other Info
    Accomdata fan cooled usb 2.0 PIDE/Sata II, III external enclosure.
    Sambient usb/eSata PATA/Sata II, III external enclosure.
  • At a glance

    W7 Pro x64/W11 ProAMD Deneb 3.6ghz - 965Kingston Hyper X Fury 8gbMSI HD Radeon 6450 DVI Output
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    CUSTOM ASSEMBLY
    OS
    W7 Pro x64/W11 Pro
    CPU
    AMD Deneb 3.6ghz - 965
    Motherboard
    Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X Fury 8gb
    Graphics Card(s)
    MSI HD Radeon 6450 DVI Output
    Sound Card
    Realtek onooard Creative or Other separate PENDING
    Monitor(s) Displays
    VIZIO 32" LCD TV Separate LCD Pending
    Screen Resolution
    1600x1080
    Hard Drives
    WD 500GB OS Host/Boot WD Green 1TB Storage/Backup
    PSU
    Corsair 600W - THERMALTAKE 600W spare case
    Case
    NZXT Vulcan mini tower
    Cooling
    Twin 120mm Top Fans - 240mm Side Cover
    Keyboard
    ONN Cordless/USB Logitech Cordless
    Mouse
    ONN USB/Cordless - Logitech Cordless
    Internet Speed
    DSL 5G
    Browser
    MS Edge, FireFox, WaterFox x64, FireFox Nightly
    Other Info
    OS Testing-Remote Access to Main TeamViewer
Although OSX isn't immune to malware, you don't have to employ the same protection scheme as you would a Windows PC, it's still light years ahead of Microsoft in being very good against malware thanks to much of its Unix core.

Wrong. Plan wrong. Mac OS is no where near the level of security that has been implemented into Windows over the years. Not even close. Unix has nothing to do with anything. Malware is just rogue applications their is nothing inherit about Unix that stops malware. In fact the first malware was written for Unix!
Oh boy, here we go.

First you haven't provided any data proving your point, even if you did it'd likely be questionable since the industry already confirms that Unix/Linux implementations for OS security has proven superior to Windows.

The first rogue code wasn't written for Unix it was written for assembly, the first trojan was written for Unix but that's because Unix existed prior to Windows or OSX. How that's even relevant to what I posted and why you decided to even bring that up is completely beyond me.

A traditional PC needs realtime protection because there's several exploit vectors which can bypass the Windows DEP (data execution protection), exploit the UAC (user account control) and gain privilege escalation.
Again, wrong. DEP, ASLR (Address space layout randomization), layer after layer of security make exploiting harder, that is the point. Its not going to stop it. It makes it harder versus a system like Mac OS which has not had any of these layers until recently. No your precious Mac is not more secure then Windows. Since that one hacking competition started (I forgot its name), the very first system that has fallen is Mac OS, every single time with every competition. Its like tradition now.

Before I go into explaining this, maybe you want to read the following links disproving your point. Just because there's DEP and/or ASLR doesn't mean it's effective. OSX 10.6 (Snow Leopard) doesn't have full ASLR in fact it's quite absent in comparison to Vista, Windows 7 or OSX 10.7 (Lion) yet it's track record for malware resistance is exemplary.

The hacking contest you're referring to is Pwn2Own and the hacker which exploited OSX was Charlie Miller, he engineered a magnificent script used to exploit Safari 4.x in a matter of seconds (under 10 if I recall). Safari is not exactly the best browser I've used in regards to security but they got better with Safari 5.1 specifically within OSX Lion 10.7 due to it's new sandboxing features.

Articles regarding issues with DEP and ASLR in Windows: http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf

How to bypass ASLR in Windows: http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf

Mac OSX 10.7.x (Lion) has full ASLR implemented on par with Linux. This includes ASLR with position independent executables (PIE). DLLs in Windows have to be pre-mapped at fixed addresses to avoid conflicts so full PIE is not possible with ASLR in Windows.

Mac users who believe they need to have some kind of antivirus running in realtime are misguided as there's no passive way for current malware to exploit privilege escalation like you can in Windows.
Wrong once again! Mac OS has had quite a bit of privilege escalation vulnerabilities. One of the most interesting ones involved Remote Desktop, the bug only showed itself when it was disabled. Fancy that. Also, the trojan everyone is talking about, Flashback correct? Installed itself on machines without user interaction, completely passive!

Interesting, name one privilege escalation vulnerability in OSX that didn't require user input. If your argument is regarding a trojan, a trojan is contrary since it requires user input.

Flashback does not install itself without user interaction. In fact the mechanism for it to be installed is that it masquerades itself as an Adobe Flash installer. The part that makes it a trojan is that it presents itself to the user on a booby-trapped website as a rogue Java applet which used a vulnerability within Java (which has since been patched), so it does require user input to install itself onto the computer.

Windows on the other hand has several.

How to develop exploits to bypass UAC by manipulating registry entries for kernel mode driver vulnerabilities. Bypassing UAC with User Privilege under Windows Vista/7 – Mirror

Kernel Mode driver vulnerabilities. https://media.blackhat.com/bh-dc-11/Mandt/BlackHat_DC_2011_Mandt_kernelpool-wp.pdf

List of incidents of Kernel mode driver vulnerabilities. CVE - Search Results

Lets talk about application sandboxing and mandatory access controls (MAC) in OSX, which are the same thing. More specifically, applications are sandboxed in OSX via MAC. Mac OSX uses the TrustedBSD MAC framework, which is a derivative of MAC from SE-Linux. This system is mandatory because it does not rely on inherited permissions.

Windows does not have MAC. The system that provides sandboxing in Windows, called mandatory integrity controls (MIC), does not function like MAC because it is not actually mandatory. MIC functions based on inherited permissions so it is essentially an extension of DAC (discretionary access control). If UAC is set with less restrictions or disabled in Windows, then MIC has less restrictions or is disabled. Re-read this paragraph carefully then look at underlined portion.

Researchers have found that MIC is not a security boundary. https://media.blackhat.com/bh-eu-11/Tom_Keetch/BlackHat_EU_2011_Keetch_Sandboxes-Slides.pdf

Windows is far more vulnerable by design...
You are just full of wrong today its not even funny, my god. There is nothing in Mac OS that makes it more resistant to malware. Absolutely nothing. The only way to protect a system from malware is not to let it run any code (applications, like Firefox or your choice of media player), you will have to live in a walled garden and only be able to use what the man tells you, you can run. No. there is nothing an OS can do that prevents malware. Malware is just an application like everything else.

You don't seem to understand how Windows works, nor do you appear to have a single clue about Unix, Linux or OSX, no offense intended. If you're going to post those comments with a "Seven Guru" badge, I suggest posting supporting links to your arguments/objections. If you're merely hurt due to my comments then may I suggest sending me a PM instead of instigating a response openly on the forum. I'm a security researcher specializing in vulnerability exploitation research by career.

Also, Microsoft is quick to patch all privilege escalation vulnerabilities. Just like every one else whose got an OS.

For the most part MS has been pretty decent with the distribution of security patches, I have to say that it's more frequent than with Mac OSX. However there are several unpatched MS zero-days...

Microsoft DirectX Media SDK "SourceUrl" Remote Buffer Overflow Vulnerability

A vulnerability has been identified in Microsoft DirectX Media SDK, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.

Rated as : Critical
Disclosure Date : 2007-08-13 -> 1781 Days of Exposure
Microsoft Windows CFileFind Class "FindFile()" Buffer Overflow Vulnerability

A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to take complete control of an affected system.

Rated as : Moderate Risk
Disclosure Date : 2007-09-18 -> 1745 Days of Exposure
Microsoft Windows Gzip Libraries Code Execution Vulnerability

A vulnerability has been identified in Microsoft Windows and Windows Services for UNIX, which could be exploited by attackers to compromise a vulnerable system.

Rated as : High Risk
Disclosure Date : 2009-03-26 -> 1189 Days of Exposure
CA Secure Content Manager "ECSQdmn.exe" Heap Overflow Vulnerability

A vulnerability has been identified in CA Secure Content Manager, which could be exploited by remote attackers to take complete control of a vulnerable system.

Rated as : Critical
Disclosure Date : 2011-02-08 -> 505 Days of Exposure
Microsoft .NET Runtime Optimization Service Local Privilege Escalation

A vulnerability has been identified in Microsoft Windows, which could be exploited by local attackers to gain elevated privileges.

Rated as : Moderate Risk
Disclosure Date : 2011-03-08 -> 477 Days of Exposure
Microsoft XML Core Services Uninitialized Object Remote Code Execution

A vulnerability has been identified in Microsoft Windows XML Core Services, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page or office document.

Rated as : Critical
Disclosure Date : 2012-06-12 -> 16 Days of Exposure

Source: VUPEN Security VUPEN Security - Public Zero-Days Monitor - Latest Public Zero Day Threats


Again since you appeared to have missed it, Windows is much more exploitable than OSX however there seem to be more of an abundance of online tools for those able to search for them to help mitigate those problems. OSX on the other hand is just the opposite with only few online tools to help them if they get into a similar situation, which has the potential to create a serious situation until it gets resolved.

So Mr. Logicearth, don't take this the wrong way, my intent is not to point out why OSX is better than Windows, in fact I'm very passionate about my Windows 7 machines but I view computers like how a mechanic looks at his tools. I could easily post a counter post (much larger than this one) about why Windows 7's benefits still trump it's drawbacks (versus OSX) and why it's still worth the time and effort to have layers of security measures in place to mitigate risks to as low as possible.

OSX or Windows, I use whatever that's more convenient and efficient for the task. Like I said, I'm fully aware of Window's exploitability therefore as I stated earlier, different security protection measures and some good old fashioned proactive computing practices can keep a user much safer than those completely aloof to security risks.
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Ultimate x64 / OS X Snow Leopard 10...i7 QM720 - AMD MV40 - i5 2.3Ghz SB8GB - 4GB - 8GBNvidia 310M - ATI 3200M - Intel HD3000
Computer Manufacturer/Model Number
Sony / IBM / Apple MB Pro 2011
OS
Windows 7 Ultimate x64 / OS X Snow Leopard 10.6.8
CPU
i7 QM720 - AMD MV40 - i5 2.3Ghz SB
Memory
8GB - 4GB - 8GB
Graphics Card(s)
Nvidia 310M - ATI 3200M - Intel HD3000
Sound Card
Various
Monitor(s) Displays
Sony 17 inch LCD - 12 inch - 13 inch
Hard Drives
OCZ Vertex 2 240Gb
Crucial RealSSD C330 256GB
OWC Mercury Extreme Pro 6G 240GB
For those dizzy from the previous post, this is the short version. OSX and Windows are different, very different. Each has their unique strengths and weaknesses therefore the user needs to be aware of how to use their system most effectively in order to manage and keep risks low.

You can visualize this as driving 2 sports cars around a track, Car A would be a Corvette and Car B would be a Miata. Naturally the bottom line is your intent is to achieve the best lap times however how you achieve it in both cars are different. You can't rely on brute power on the straight away in Car B as you would in Car A, however in the tighter sections Car B would likely not need to hit the brakes as much and will be able to carry more speed through than with Car A, providing better section times in those areas.

Mac OSX is much more carefree when it comes to being exploited and nearly all of the exploits were due to trojans and in some very rare cases (as in the pwn2own contests), very elaborate scripts. However no amount of local protection can eliminate mistakes from the user either negligently or accidentally installing something they shouldn't. So for Mac users, the key points are to check all outgoing and incoming files then make sure that you're installing apps from a legit source. Make sure you keep your software updated and don't install something you don't need. (for example I don't have any use as of yet for Java so it's not installed on my Macbook Pro however you might, etc.)

For Windows you need to be much more aware. You need to know what kind of software works best for your machine, you also need to know what kind of risks you expose yourself to based on your individual habits. You need to know what tools to use and where to get them "if" or "when" you encounter problems. Sometimes a user needs to use a handful (or more) of programs to clean out their Windows systems and you need to know which ones to use first and in what order in order to achieve the best results. If all else fails or is over your head, know where to seek help.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 / OS X Snow Leopard 10...i7 QM720 - AMD MV40 - i5 2.3Ghz SB8GB - 4GB - 8GBNvidia 310M - ATI 3200M - Intel HD3000
Computer Manufacturer/Model Number
Sony / IBM / Apple MB Pro 2011
OS
Windows 7 Ultimate x64 / OS X Snow Leopard 10.6.8
CPU
i7 QM720 - AMD MV40 - i5 2.3Ghz SB
Memory
8GB - 4GB - 8GB
Graphics Card(s)
Nvidia 310M - ATI 3200M - Intel HD3000
Sound Card
Various
Monitor(s) Displays
Sony 17 inch LCD - 12 inch - 13 inch
Hard Drives
OCZ Vertex 2 240Gb
Crucial RealSSD C330 256GB
OWC Mercury Extreme Pro 6G 240GB
Are you sure?

On OSX it's quite different, a keylogger can't make its way on the OS unless the user willingly and knowingly installs it and supplies his/her user credentials. This is why OSX vulnerabilities come in the form of trojans which requires user interaction. OSX thus does not require realtime protection and can get away with on-demand protection.

Summary: A new Flashback Trojan has been discovered that infects Macs without prompting the user for a password. If you haven’t updated Java on your Mac, or disabled it entirely, you could be a victim.
...
Now, security firm Intego says it has discovered a new Flashback variant that installs without prompting the user for a password.

ZDNet
New Flashback variant silently infects Macs | ZDNet
 

My Computer My Computer

At a glance

W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, ...AMD Phenom II x6 1100T, 3.3 GHz12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2G...NVIDIA GeForce GTX 660
Computer type
PC/Desktop
Computer Manufacturer/Model Number
n/a
OS
W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
CPU
AMD Phenom II x6 1100T, 3.3 GHz
Motherboard
ASUS M4A88T-M/USB3 (AM3)
Memory
12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2GB x 2)
Graphics Card(s)
NVIDIA GeForce GTX 660
Sound Card
Realtek?
Monitor(s) Displays
Samsung S23B350
Screen Resolution
1920x1080
Hard Drives
WD Green 2TB (SATA), WD Green 3TB (SATA), WD Blue 4TB (SATA), WD Blue 6TB (SATA)
PSU
Cooler Master
Case
Antec GX300 Tower
Cooling
3x Antec TRICOOL 120mm Fans
Mouse
Wired Optical
Internet Speed
DSL
Antivirus
Avast
Browser
Pale Moon (64 bit)
Other Info
2018-12-27 Upgraded HDDs
2015-12-10 Upgraded case, graphics card, storage
2015-08-15 Upgraded motherboard & RAM
2015-07-15 Upgraded LM17.1 to LM17.2
All in all you could debate all that back and forth all day long and criticize one OS or another but Apple realized where they were in error and changed their information rather fast wouldn't you say?

In fact the best part of the report I'll requote here in regards to no OS being 100% bug free or fool proof.

According to Sophos U.S. senior technology consultant Graham Cluley, this is a sign that Apple is starting to take security seriously.


"I view the changes in the messages pushed out by their marketing department as some important baby-steps," he wrote in a blog entry.


"Let's hope more Apple Mac owners are also learning to take important security steps -- such as installing antivirus protection."
If Apple as well as MS is taking security more seriously obviously they realize they also have a list of worries to contend with!
 

My Computers My Computers

  • At a glance

    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Bo...AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd r...Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper ...MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 o...
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    Custom builds = 2
    OS
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
    CPU
    AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd remote pc
    Motherboard
    Gigabyte GA-790XTA-UD4-Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper X Fury 8gb 2nd
    Graphics Card(s)
    MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower
    Sound Card
    Creative Labs X-Fi Xtreme Audio P - Realtek onooard 2nd case
    Monitor(s) Displays
    ASUS VW199T-P 19" HP 2082a Main-HP 2082a 20" remote pc
    Screen Resolution
    Asus 1440x900 - HP 1600x900
    Hard Drives
    WD Black 1TB HD per OS W7, W10, and pending W11 presently on 500gb OS Drive - Pending Triple 1TB HDs for Spanned Storage/backup volume
    Single 2TB external USB enclosure, single 1TB System 7 Host/Boot drive, Pending 8TB external HD for system image b
    PSU
    Corsair 750TX - primary / Corsair CX600 - second
    Case
    Antec 900-2 - SSD compatible / NZXT Vulcan mini tower
    Cooling
    Zalman CNPS9900A
    Keyboard
    AZIO L70 Backlit Letters Gaming - ONN Cordless/USB
    Mouse
    MSI DS200 Programmable, Logitech Cordless
    Internet Speed
    30mbps upgrade - primary hard wired - mini tower usb WiFi
    Antivirus
    GFI VIPRE Internet Security 2014 on W7 2016 beta on W10,
    Browser
    Cyberfox, WaterFox 64bit FF variants, FireFox x64, Pale Moon
    Other Info
    Accomdata fan cooled usb 2.0 PIDE/Sata II, III external enclosure.
    Sambient usb/eSata PATA/Sata II, III external enclosure.
  • At a glance

    W7 Pro x64/W11 ProAMD Deneb 3.6ghz - 965Kingston Hyper X Fury 8gbMSI HD Radeon 6450 DVI Output
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    CUSTOM ASSEMBLY
    OS
    W7 Pro x64/W11 Pro
    CPU
    AMD Deneb 3.6ghz - 965
    Motherboard
    Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X Fury 8gb
    Graphics Card(s)
    MSI HD Radeon 6450 DVI Output
    Sound Card
    Realtek onooard Creative or Other separate PENDING
    Monitor(s) Displays
    VIZIO 32" LCD TV Separate LCD Pending
    Screen Resolution
    1600x1080
    Hard Drives
    WD 500GB OS Host/Boot WD Green 1TB Storage/Backup
    PSU
    Corsair 600W - THERMALTAKE 600W spare case
    Case
    NZXT Vulcan mini tower
    Cooling
    Twin 120mm Top Fans - 240mm Side Cover
    Keyboard
    ONN Cordless/USB Logitech Cordless
    Mouse
    ONN USB/Cordless - Logitech Cordless
    Internet Speed
    DSL 5G
    Browser
    MS Edge, FireFox, WaterFox x64, FireFox Nightly
    Other Info
    OS Testing-Remote Access to Main TeamViewer
On OSX it's quite different, a keylogger can't make its way on the OS unless the user willingly and knowingly installs it and supplies his/her user credentials. This is why OSX vulnerabilities come in the form of trojans which requires user interaction. OSX thus does not require realtime protection and can get away with on-demand protection.

Summary: A new Flashback Trojan has been discovered that infects Macs without prompting the user for a password. If you haven’t updated Java on your Mac, or disabled it entirely, you could be a victim.
...
Now, security firm Intego says it has discovered a new Flashback variant that installs without prompting the user for a password.

ZDNet
New Flashback variant silently infects Macs | ZDNet

It requires several user inputs thus not passive.

- it requires the user to visit a booby-trapped website
- it requires the user to click or drag something on that site running the infected Javascript applet
- it presents itself as a legit Adobe Flash installer or Mac Software Update
- it exploits Java, thus Java must be installed and enabled
- it requires your browser to support the Java plug-in and have it active
- users of NoScript addon/plugin/extension are immune
- deactivating Java is a temp workaround prior to the patch (which is now available)

The malware does what it needs within the user access level therefore no privilege escalation is needed. It's a trojan which means it presents itself as something desirable while concealing malicious code.

Originally, Flashback masqueraded as an installer for Adobe’s Flash Player—hence the name—but the malware has changed tacks at last once since then, instead pretending to be a Mac software update or a Java updater.

There's no need for malware to masquerade itself as something legit if it could install itself without user input.

Source: New Trojan variant can install without password | Macworld


OSX don't come with Java support by default. Apple has long warned of Adobe Flash and Java vulnerabilities that they discourage its use.

All in all you could debate all that back and forth all day long and criticize one OS or another but Apple realized where they were in error and changed their information rather fast wouldn't you say?


In fact the best part of the report I'll requote here in regards to no OS being 100% bug free or fool proof.

Apple was not technically in error, PC viruses don't affect OSX, that part is clear. A Mac trojan wouldn't necessarily affect a Windows OS by contrast. What Apple gave into is the public perception of what a "virus" is. In this case I'd have to agree that public perception is more important than the actual, literal definition of the word "virus". Most non-tech savvy folks refer to any form of malicious software as a "virus" and instead of having to educate everyone, Apple chose another route to communicate its intent.

If you repaired computers it would be strange that you didn't run into a customer that told you "my computer's acting weird, sometimes locks up or reboots, I think I have a virus" comment, that's also another way for non-savvy folks to use the word "virus" describing any computer problem that could be anything but malware related, like hardware (i.e. bad RAM, etc.)

You're right that no OS is bug/fool proof and each software manufacturer needs to be responsible enough to keep up with the changes to security/flaws/exploits/bugs in order to maintain proper and secure, low-risk OS operation.

Mac users like to pretend that the OS alone is enough protection but that's a mistake. IMHO the Flashback and MacDefender trojans were a welcomed sight, it taught many stubborn Mac users who felt OSX was bomb proof that there's quite a bit of responsibility needed by the user to educate themselves and how to mitigate risky computing practices.
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Ultimate x64 / OS X Snow Leopard 10...i7 QM720 - AMD MV40 - i5 2.3Ghz SB8GB - 4GB - 8GBNvidia 310M - ATI 3200M - Intel HD3000
Computer Manufacturer/Model Number
Sony / IBM / Apple MB Pro 2011
OS
Windows 7 Ultimate x64 / OS X Snow Leopard 10.6.8
CPU
i7 QM720 - AMD MV40 - i5 2.3Ghz SB
Memory
8GB - 4GB - 8GB
Graphics Card(s)
Nvidia 310M - ATI 3200M - Intel HD3000
Sound Card
Various
Monitor(s) Displays
Sony 17 inch LCD - 12 inch - 13 inch
Hard Drives
OCZ Vertex 2 240Gb
Crucial RealSSD C330 256GB
OWC Mercury Extreme Pro 6G 240GB
One of the most severe forms of user privilege escalation and OS exploitation is through the TDL4 rootkit which has the ability to put itself deep within the HDD's MBR (master boot record) therefore ensuring it is operational before the OS is loaded.

The latest modification to TDL4 enables the rootkit to use the unpatched Windows Task Scheduler vulnerability on Windows 7 machines to escalate its privileges once it is resident on an infected PC...
"Using an exploit for this vulnerability allows the rootkit TDL4 to install itself on the system without any notification from the UAC security tools. UAC is enabled by default in all the latest versions of Windows"

Source: TDL4 Rootkit Now Using Stuxnet Bug | threatpost

Analysis of TDLR4: http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 / OS X Snow Leopard 10...i7 QM720 - AMD MV40 - i5 2.3Ghz SB8GB - 4GB - 8GBNvidia 310M - ATI 3200M - Intel HD3000
Computer Manufacturer/Model Number
Sony / IBM / Apple MB Pro 2011
OS
Windows 7 Ultimate x64 / OS X Snow Leopard 10.6.8
CPU
i7 QM720 - AMD MV40 - i5 2.3Ghz SB
Memory
8GB - 4GB - 8GB
Graphics Card(s)
Nvidia 310M - ATI 3200M - Intel HD3000
Sound Card
Various
Monitor(s) Displays
Sony 17 inch LCD - 12 inch - 13 inch
Hard Drives
OCZ Vertex 2 240Gb
Crucial RealSSD C330 256GB
OWC Mercury Extreme Pro 6G 240GB
Drive-by

- it requires the user to visit a booby-trapped website
So you don't visit any websites using your Mac?


- it requires the user to click or drag something on that site running the infected Javascript applet
The Drive-by version doesn't (most browsers execute javascript by default).


The malware does what it needs within the user access level therefore no privilege escalation is needed.
I didn't say anything about privilege escalation.
Why would a key-logger (for example) need root/administrator privileges?


There's no need for malware to masquerade itself as something legit if it could install itself without user input.
In the past few months, Flashback has evolved to exploiting Java vulnerabilities. This means it doesn’t require any user intervention if Java has not been patched on your Mac: all you have to do is visit a malicious website, and the malware will be automatically downloaded and installed.
ZDNet
New Flashback variant silently infects Macs | ZDNet
It was "upgraded" to a Drive-by attack.


- it exploits Java, thus Java must be installed and enabled

...

OSX don't come with Java support by default. Apple has long warned of Adobe Flash and Java vulnerabilities that they discourage its use.
Older versions of OSX came with Java installed.
A few points need to be made regarding Java and Mac OS X. Since Mac OS X 10.7 Lion, Java is no longer included with the operating system.
intego
New Flashback Trojan Horse Variant Uses Novel Delivery Method to Infect Macs - The Mac Security Blog

Intego is advising users running OS X 10.6, to update Java immediately.
ZDNet
New Mac OS X trojan spotted in the wild | ZDNet
 
Last edited:

My Computer My Computer

At a glance

W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, ...AMD Phenom II x6 1100T, 3.3 GHz12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2G...NVIDIA GeForce GTX 660
Computer type
PC/Desktop
Computer Manufacturer/Model Number
n/a
OS
W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
CPU
AMD Phenom II x6 1100T, 3.3 GHz
Motherboard
ASUS M4A88T-M/USB3 (AM3)
Memory
12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2GB x 2)
Graphics Card(s)
NVIDIA GeForce GTX 660
Sound Card
Realtek?
Monitor(s) Displays
Samsung S23B350
Screen Resolution
1920x1080
Hard Drives
WD Green 2TB (SATA), WD Green 3TB (SATA), WD Blue 4TB (SATA), WD Blue 6TB (SATA)
PSU
Cooler Master
Case
Antec GX300 Tower
Cooling
3x Antec TRICOOL 120mm Fans
Mouse
Wired Optical
Internet Speed
DSL
Antivirus
Avast
Browser
Pale Moon (64 bit)
Other Info
2018-12-27 Upgraded HDDs
2015-12-10 Upgraded case, graphics card, storage
2015-08-15 Upgraded motherboard & RAM
2015-07-15 Upgraded LM17.1 to LM17.2
- it requires the user to visit a booby-trapped website
So you don't visit any websites using your Mac?
- it requires the user to click or drag something on that site running the infected Javascript applet
The Drive-by version doesn't (most browsers execute javascript by default).
I most definitely do. My browser doesn't execute scripts due to an installed extension (NoScript) and don't have Java installed on the machine. Even if I accidentally or willingly ran into Flashback in either variety, it'd pose no danger to my system. The secondary version does require user interaction with the booby-trapped website. Just because it doesn't prompt the user for their password doesn't mean it doesn't require other user input for it to install itself.

Quoting myself earlier.
Originally, Flashback masqueraded as an installer for Adobe’s Flash Player—hence the name—but the malware has changed tacks at last once since then, instead pretending to be a Mac software update or a Java updater. Source: New Trojan variant can install without password | Macworld
If it could arbitrarily install itself passively without any user input, it would not need to present itself as a rogue Mac software update or Java Updater. Think about that.


Doesn't really matter if they did or not because not all Macs were affected by Flashback. I have clients who have full Javascript support in their browsers and with Java active/enabled that weren't affected even after visiting a website with Flashback (before Google pulled it down from its caches) and weren't affected just from viewing the web page. This solidifies that the Flashback trojan does present itself as something legit to the user in order to get it onto the machine.

I didn't say anything about privilege escalation.
Sure you did. You have yet to present even one instance of your claim regarding OSX. You stated there's "quite a bit" so you should have an abundance of examples to present.
Mac OS has had quite a bit of privilege escalation vulnerabilities.
Why would a key-logger (for example) need root/administrator privileges?
No idea, I never said that and not sure why you brought it up. I never mentioned anything about root and/or administrative privileges at all in regards to keyloggers. What I did state is that a keylogger can't make its way onto OSX without the user supplying their user credentials which completely differs from the need to provide admin and/or root privileges. On OSX, Root User is disabled by default so it's a moot point.

It was "upgraded" to a Drive-by attack.
It's considered a drive by because it doesn't prompt the user to provide their user credentials because the latter Flashback variant exploits Java as an attack vector, however it's still a trojan by design which must present itself to the user as something legitimate enough to interact with it in order to install itself onto the machine.​
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 / OS X Snow Leopard 10...i7 QM720 - AMD MV40 - i5 2.3Ghz SB8GB - 4GB - 8GBNvidia 310M - ATI 3200M - Intel HD3000
Computer Manufacturer/Model Number
Sony / IBM / Apple MB Pro 2011
OS
Windows 7 Ultimate x64 / OS X Snow Leopard 10.6.8
CPU
i7 QM720 - AMD MV40 - i5 2.3Ghz SB
Memory
8GB - 4GB - 8GB
Graphics Card(s)
Nvidia 310M - ATI 3200M - Intel HD3000
Sound Card
Various
Monitor(s) Displays
Sony 17 inch LCD - 12 inch - 13 inch
Hard Drives
OCZ Vertex 2 240Gb
Crucial RealSSD C330 256GB
OWC Mercury Extreme Pro 6G 240GB
Don't attribute other people's quotes to me

Mac OS has had quite a bit of privilege escalation vulnerabilities.

I didn't make that claim!


You're confusing me with logicearth:
http://www.sevenforums.com/security...ulls-claims-virus-immunity-3.html#post1981086

(Section Deleted)

Sure you did. You have yet to present even one instance of your claim regarding OSX. You stated there's "quite a bit" so you should have an abundance of examples to present.

I didn't make any such claim in my OP.


You're confusing me with logicearth.

I provided links to articles which made various claims.
You implied that it was all the users fault because they plugged their machines in, turned them on and started "surfing" the Internet.

Here's what I said:
http://www.sevenforums.com/security...ulls-claims-virus-immunity-3.html#post1981222
http://www.sevenforums.com/security...ulls-claims-virus-immunity-4.html#post1981740

No idea, I never said that and not sure why you brought it up. I never mentioned anything about root and/or administrative privileges at all in regards to keyloggers.

Here's what you said:
On OSX it's quite different, a keylogger can't make its way on the OS unless the user willingly and knowingly installs it and supplies his/her user credentials. This is why OSX vulnerabilities come in the form of trojans which requires user interaction. OSX thus does not require realtime protection and can get away with on-demand protection.

ZDNet
New Flashback variant silently infects Macs | ZDNet

It requires several user inputs thus not passive.
...
The malware does what it needs within the user access level therefore no privilege escalation is needed. It's a trojan which means it presents itself as something desirable while concealing malicious code.
I never claimed that Flashback was a Worm.
The Drive-by attack could install a key-logger (or Worm code) without any user interaction (excluding visiting a "poisoned" website).

By your definition the original floppy disc viruses were Trojans.

(Section Deleted)
 
Last edited:

My Computer My Computer

At a glance

W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, ...AMD Phenom II x6 1100T, 3.3 GHz12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2G...NVIDIA GeForce GTX 660
Computer type
PC/Desktop
Computer Manufacturer/Model Number
n/a
OS
W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
CPU
AMD Phenom II x6 1100T, 3.3 GHz
Motherboard
ASUS M4A88T-M/USB3 (AM3)
Memory
12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2GB x 2)
Graphics Card(s)
NVIDIA GeForce GTX 660
Sound Card
Realtek?
Monitor(s) Displays
Samsung S23B350
Screen Resolution
1920x1080
Hard Drives
WD Green 2TB (SATA), WD Green 3TB (SATA), WD Blue 4TB (SATA), WD Blue 6TB (SATA)
PSU
Cooler Master
Case
Antec GX300 Tower
Cooling
3x Antec TRICOOL 120mm Fans
Mouse
Wired Optical
Internet Speed
DSL
Antivirus
Avast
Browser
Pale Moon (64 bit)
Other Info
2018-12-27 Upgraded HDDs
2015-12-10 Upgraded case, graphics card, storage
2015-08-15 Upgraded motherboard & RAM
2015-07-15 Upgraded LM17.1 to LM17.2
You're confusing me with logicearth
Fair enough, statement withdrawn.

Just because it doesn't prompt the user for their password doesn't mean it doesn't require other user input for it to install itself.
So it's the users fault because they plugged their machines in, turned them on and started "surfing" the Internet.
There's always risks involved with using computers. The ideal goal is to eliminate all risks/hazards but that may not be realistic. The user can definitely take steps towards educating themselves so that they can minimize those risks.

The original version required that.
The Drive-by only required you to visit a "poisoned" site.
I'm aware of the differences. The first required user credentials, the latter does not. Still the trojan cannot install itself without further user interaction other than simply loading the webpage. Why do you think it needs to present itself as a Mac Software Update.

I provided links to articles which made various claims.
Your implied that it was all the users fault because they plugged their machines in, turned them on and started "surfing" the Internet.
I did not imply such in that context, that's just your unique interpretation. Users are responsible whether they do something unwillingly or not since the computer alone cannot accomplish the compromise. What often separates those who tend to be victims and those who aren't can definitely be associated with the user's habits and their level of awareness/education towards risky situations.

There are a lot of irresponsible users out there all the way to the ultra-paranoid types that take excessive precautions. My wife does not use NoScript, uses a Mac with Java support on OSX 10.6.8 with only basic computer knowledge and did not encounter the Flashback trojan.

I never claimed that Flashback was a Worm.
Never mentioned the word "worm" anywhere in my posts.

The Drive-by attack could install a key-logger (or Worm code) without any user interaction (excluding visiting a "poisoned" website).
Doubtful, a keylogger requires the use of an active process, OSX processes (unlike Windows) need to be registered and cannot be circumvented. Even if the actual app did make its way onto (for example the desktop or download folder), it can't run without going through the MAC.

By your definition the original floppy disc viruses were Trojans.
A virus can also be classified as a trojan, the difference is in their behavior and/or transport mechanism.

Semantic gymnastics.
It's not.

So it's the users fault because they stupid enough to plug their machines in, turn them on and start "surfing" the Internet.
You think in a binary way. You believe that there always has to be "fault" for a problem to occur. If you walked outside your home and a rogue lightning bolt hit you, you think there has to be some fault involved? I refer you to the bumper sticker scene in the film "Forrest Gump".

Most people have a need to use computers, so there's always going to be risks involved. Nobody deliberately (unless you're a vulnerability/exploit researcher) goes out with the intent on having their machines compromised. To a kid a van down the street with a sign "come in we have free candy" might be the deal of the century, to an adult that raises all sorts of red flags. Each of us has a responsibility to keep ourselves adequately educated so that we can implement controls to minimize the probability of those risks.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 / OS X Snow Leopard 10...i7 QM720 - AMD MV40 - i5 2.3Ghz SB8GB - 4GB - 8GBNvidia 310M - ATI 3200M - Intel HD3000
Computer Manufacturer/Model Number
Sony / IBM / Apple MB Pro 2011
OS
Windows 7 Ultimate x64 / OS X Snow Leopard 10.6.8
CPU
i7 QM720 - AMD MV40 - i5 2.3Ghz SB
Memory
8GB - 4GB - 8GB
Graphics Card(s)
Nvidia 310M - ATI 3200M - Intel HD3000
Sound Card
Various
Monitor(s) Displays
Sony 17 inch LCD - 12 inch - 13 inch
Hard Drives
OCZ Vertex 2 240Gb
Crucial RealSSD C330 256GB
OWC Mercury Extreme Pro 6G 240GB
"It requires several user inputs ... "

(Section Deleted)

What often separates those who tend to be victims and those who aren't can definitely be associated with the user's habits and their level of awareness/education towards risky situations.

Agreed.

Never mentioned the word "worm" anywhere in my posts.

You keep saying, "the user did something, therefore it's not a passive attack".

Your definition of a "passive attack" must therefore mean "Worm".
If not, what is a "passive attack"?

You think in a binary way. You believe that there always has to be "fault" for a problem to occur.

(Section Deleted)

Problems don't occur without a cause (Cause and Effect).

The cause in the case of malware might be:

  • Bad design
  • Sloppy coding
  • User foolishness/ignorance
A perfect OS (or other software package) would have no exploits and therefore no security updates.
As such, the only way to hijack such a system would be to trick users into installing malware.

The only thing users can really do (assuming they actually want to use their computers) is make sure they have:

  • All the latest security patches for their OS and other software.
  • Their firewall turned on.
If they run Firefox, they should install NoScript.

(Section Deleted)
 
Last edited:

My Computer My Computer

At a glance

W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, ...AMD Phenom II x6 1100T, 3.3 GHz12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2G...NVIDIA GeForce GTX 660
Computer type
PC/Desktop
Computer Manufacturer/Model Number
n/a
OS
W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
CPU
AMD Phenom II x6 1100T, 3.3 GHz
Motherboard
ASUS M4A88T-M/USB3 (AM3)
Memory
12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2GB x 2)
Graphics Card(s)
NVIDIA GeForce GTX 660
Sound Card
Realtek?
Monitor(s) Displays
Samsung S23B350
Screen Resolution
1920x1080
Hard Drives
WD Green 2TB (SATA), WD Green 3TB (SATA), WD Blue 4TB (SATA), WD Blue 6TB (SATA)
PSU
Cooler Master
Case
Antec GX300 Tower
Cooling
3x Antec TRICOOL 120mm Fans
Mouse
Wired Optical
Internet Speed
DSL
Antivirus
Avast
Browser
Pale Moon (64 bit)
Other Info
2018-12-27 Upgraded HDDs
2015-12-10 Upgraded case, graphics card, storage
2015-08-15 Upgraded motherboard & RAM
2015-07-15 Upgraded LM17.1 to LM17.2
Hi Guys

What are you people actually running

I still say with minimal AV (currently MSE on W7, WD on W8 and NONE on SUSE linux 11) I've NEVER had a virus.

(And I have used some torrent sites in the past too)

So please --what are you actually doing that gets your machine(s) infected.

I have only ever had one rule in all the years I've been using the internet

NEVER OPEN an e-mail attachment that you don't know where it's coming from or open links within legit emails unless you are sure the url is genuine.

Might be simple but this has NEVER given me a problem over years and years of using the Internet.

Cheers
jimbo
 

My Computer My Computer

At a glance

Linux CENTOS 7 / various Windows OS'es and se...Intel i7 Intel i58GB, 16GBOn Motherboard
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom built, several laptops HP/ASUS
OS
Linux CENTOS 7 / various Windows OS'es and servers
CPU
Intel i7 Intel i5
Memory
8GB, 16GB
Graphics Card(s)
On Motherboard
Sound Card
Realtek HD audio
Monitor(s) Displays
Apple Cinema display, Samsung LCD
Screen Resolution
1920 X 1080
Hard Drives
4 X 1TB SATA
Mouse
Toshiba wireless laser
Internet Speed
> 20MB up
Seems you are forgetting the scenario with poisoned ads on innocent sites. meh

The whole reasoning behind having or not having Java is ludicrous.

As Oracle claims: 3 billion devices runs Java. Java is almost a must on any pc or mac. Lots of software apps are based on Java, the software you use to be able to communicate between many cell phones and the computer is Java. I could also bring up the example of a multi billion dollar global corporation within car manufacturing that bases just about all its applications on Java. Maybe others do as well, I really dont know. You go service your car, the application used to update your cars ECU firmware and read stuff from it is most likely based on Java.

Not forgetting the explosion of iPads on several corporate networks (driven by Business, not by IT) and there you have loads of Macs needing Java to be able to logon the company network (just take Citrix as example). IBM runs Java. Lots of corporate intra- and extranets are built upon IBM WebSphere which is...ah! Java.

Whenever you visit a website whose url involve "servlet" or ".do" it is most likely Java and you may need Java installed to view clientside code. Java applets are a common alternative to ActiveX controls, if you visit the Intel site in a non IE browser and let it run "hardware detection" it is Java.

You narrow down the discussion to a single machine perspective. The issue, if any, is ****ing GLOBAL involving MILLIONS of Macs every day in all categories, iPhones, iPads, iMacs, PowerBooks, etc.

And did you parents not teach you to not Omnislash in a forum?
Omnislashing is a posting technique that involves taking small parts of a debate opponent's posts out of context and rebutting them. This leads to an intimidating-looking and difficult-to-respond-to post.
Oh, and here both OS are doing a brilliant impact on trustseeking users...
New espionage malware campaign targets users of Windows and Macs
New MacOS X backdoor variant used in APT attacks

Awesome. (Not)
So better to have an updated AV installed then not to, right?
 
Last edited:

My Computer My Computer

At a glance

W10 ProAMD Ryzen 5 2600X32 GB DDR4AMD Radeon RX 5600 XT
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Main WKS/Gaming Sloth
OS
W10 Pro
CPU
AMD Ryzen 5 2600X
Motherboard
Asus TUF B450M-PRO-GAMING
Memory
32 GB DDR4
Graphics Card(s)
AMD Radeon RX 5600 XT
Sound Card
Generic Motherboard
Monitor(s) Displays
2 x Dell 24" LED P2415Q
Screen Resolution
2 x 3840 x 2160
Hard Drives
Samsung NVME
PSU
750 W
Case
Fractal Design
Cooling
Fractal Design
Keyboard
Roccat Horde AIMO
Mouse
Logitech G703
Internet Speed
ADSL 30 MBit
Antivirus
Bitdefender
Browser
Firefox
Hi Guys

What are you people actually running

I still say with minimal AV (currently MSE on W7, WD on W8 and NONE on SUSE linux 11) I've NEVER had a virus.

(And I have used some torrent sites in the past too)

So please --what are you actually doing that gets your machine(s) infected.

I have only ever had one rule in all the years I've been using the internet

NEVER OPEN an e-mail attachment that you don't know where it's coming from or open links within legit emails unless you are sure the url is genuine.

Might be simple but this has NEVER given me a problem over years and years of using the Internet.

Cheers
jimbo

It happens just like in this video;

Fake AntiVirus Website Demo - YouTube
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Q9550 2.83Ghz OC'd to 3.40Ghz8GB G.Skill PI DDR2-800, 4-4-4-12 timingsEVGA 1280MB Nvidia GeForce GTX570
Computer Manufacturer/Model Number
Self-Built in July 2009
OS
Windows 7 Ultimate x64
CPU
Intel Q9550 2.83Ghz OC'd to 3.40Ghz
Motherboard
Gigabyte GA-EP45-UD3R rev. 1.1, F12 BIOS
Memory
8GB G.Skill PI DDR2-800, 4-4-4-12 timings
Graphics Card(s)
EVGA 1280MB Nvidia GeForce GTX570
Sound Card
Realtek ALC899A 8 channel onboard audio
Monitor(s) Displays
23" Acer x233H
Screen Resolution
1920x1080
Hard Drives
Intel X25-M 80GB Gen 2 SSD
Western Digital 1TB Caviar Black, 32MB cache. WD1001FALS
PSU
Corsair 620HX modular
Case
Antec P182
Cooling
stock
Keyboard
ABS M1 Mechanical
Mouse
Logitech G9 Laser Mouse
Internet Speed
15/2 cable modem
Other Info
Windows and Linux enthusiast. Logitech G35 Headset.
Back
Top