The dangers of a growing market share

[Kevin]

This doesn't surprise me. While I admit the *nix kernel that Mac OSX is built on is more secure than the kernel that windblows is built on, it isn't impervious. The growing share of Macs in the marketplace mean that they are now targeted. So apple is now urging Mac users to get virus protection applications as well.

A little BBC blurb on it http://news.bbc.co.uk/2/hi/technology/7760344.stm

I've run into a few of the wild MacOS virus before, and once one gets out there the "script kiddies" will start to modify it for more uses.

One of those computing issues that come with actually having a large enough user base for the crooks to care about.

As a note, Linux users aren't completely immune either. There are proof of concept virii out there that aren't just viable if you are running WINE (or some other windows environment). But I've still not heard of a wild virii that affects Linux installs.


Again I'm not surprised by this, I figured it was just a matter of time.

[librarian]

Heiho,

it was always wrong to think Macs would be immune to viruses (... virii? whatever). Thing is, only a few users really bother(ed) with the multiuser system when OS X came out.
However, like with Windows (and hell, yes, also Linux of course) it is always wise to use a restricted account on the machine for common work. From what I see Apple has still the same homework to do like MS has - building applications which work with a restricted user, too. That said, a popular Application like iPhoto should work with a restricted user account, without hassles why the camera on USB is not recognized by a restricted user, but works fine with an administrative account, eg. The same is valid when said about all 3rd party software, there's no reason why a ProTools PlugIn only recognizes its key/dongle in administrative mode. This stuffs prevents users from actually working with restricted accounts, so lots of harm could be done from outside.

But, like also mentioned in the BBC article, main problem nowadays are hijacking your browser, ph1shing and whatnot, and of course social engineering via 'Web2.0', and this is mainly platform-independent stuff.

So, main rule is 'be on guard', eg surf with care, don't open any stuff from anywhere, keep an eye open for irregularities and so on. Far better than installing a bunch of conflicting software which can't do the thinking for you, and is prominent for being very similar to a virus, except that you've paid before installing ...

[NiteFox]

This doesn't surprise me one iota.

I've always said that security through obscurity was a foolish thing to assume. I had a lecturer who was pretty clear about two things:

1) Linux is, like, the greatest operating system ever, due to (among other things) being "immune" to viruses and hacking.
2) Linux will soon have the greater market share.

We, and by "we" I mean everyone that didn't have their heads in the clouds kept telling him that should 2) become true, then 1) would instantly become void. He seriously was of the mindset that his chosen OS was invincible, and the rising Mac usage would pretty much prove his point.

The fact that the other lecturer in that module had suggested The Cuckoo's Egg as recommended reading for the module didn't exactly enforce the idea that *nix (Or at least old UNIX) systems are completely secure.

But yeah, it is interesting to note that most modern attacks are platform independent thanks to poor browser security. Common sense seems to be the best protection regardless of OS. Pity that common sense isn't so common.

[[vL]Kp]

That said, a popular Application like iPhoto should work with a restricted user account, without hassles why the camera on USB is not recognized by a restricted user, but works fine with an administrative account, eg. The same is valid when said about all 3rd party software, there's no reason why a ProTools PlugIn only recognizes its key/dongle in administrative mode.

Assuming that the OS X kernel behaves roughly Linux-like in this way, then there's a good reason why this doesn't work by default. There's no good reason they can't fix it, though. The problem is that peripherals like this will tend to be backed by device nodes that default to ACLs that only let administrative users touch them. For some things, like USB hard drives, this is a good thing, since direct access would allow raw modification of the data on the disk, bypassing any safety or security checks normally imposed by the filesystem on that disk. For the examples you cite, there's no obvious danger in letting a non-administrative user open the device. The vendor can, and should, fix this by granting the appropriate users permission to open the device. In the meantime, assuming I am right, you can do a spot fix on your system by changing the permissions on the device node.

So, main rule is 'be on guard', eg surf with care, don't open any stuff from anywhere, keep an eye open for irregularities and so on.

Also, pressure site operators to design sites to degrade gracefully. A well written site can be used effectively with no Flash, no JavaScript, and sometimes even no images. Disabling extra features like Flash and JavaScript can go a long way toward mitigating attacks on browsers. Sadly, most companies are determined to design sites that completely and totally break when faced with such a browser.