Apple Sneaks Antivirus Signatures into OSX
Apple Sneaks Antivirus Signatures into OSX
Posted 06/19/2010 at 11:52am
| by Justin Kerr
36
Comments
Print
Apple is a company that loves to control the news cycle. The Cupertino based hardware maker has a reputation for calling press conferences to announce even the most trivial new products or feature enhancements, it's annoying, but it seems to work for them. We rarely see a departure from this approach, that is until yesterday. In its most recent 10.6.4 Snow Leopard upgrade Apple included new antivirus signatures to help fight off some of the more high profile OSX exploits found in the wild.
The most notable of these is a file disguised as the iPhoto application which, when launched, lets attackers send spam, take screenshots, access files, and do just about anything else you can think of. Our guess is that the Apple marketing department couldn't find a positive light to spin the new OS enhancement, so it was conveniently left out of the patch notes. Cnet pointed out, and we agree, that Apple's ongoing refusal to acknowledge security flaws in its products exposes users to greater danger since they are lulled into a false sense of security.
With low single digit market share numbers, OSX exploits will continue to be few and far between, but I don't think anyone would suggest that simply ignoring the problem will make it go away. I'm sure Microsoft would be happy to give Steve a few tips on how to deal with the emerging threat, but somehow I doubt they would take them up on the offer.
Is Apple misleading its customers by telling them they don't need antivirus?
More like this
almhuss1
August 10, 2010 at 7:47pm
Apple's own website lists security software for Macs, so they are admitting there is a potential issue (at least for today): http://www.apple.com/downloads/macosx/networking_security/protectmacantivirus.html But, of course, they softpedal it.
zepontiff
June 21, 2010 at 7:34am
Are there so many Mac fanbois on the Maximum PC site? Don't you have a Michael Moore docu-drama to watch or something?
focher
June 22, 2010 at 1:00am
You just managed to single-handedly drag the level of dialogue even further into the uselessness that has been displayed. You offer not a single substantive point, suggesting that you don't have anything of relevance to add. Yet there you are, typing away anyway.
OS X, of course, is based on BSD Unix and inherits exactly the same benefits and risks of most other Unix-based platforms. This article talks about code signing - which even MS only does so far on drivers on their newer platforms (except the Xbox, where it does it for DRM sake) - in order to reduce the likelihood of non-authorized executables on the platform. Despite all of this, the dialogue has descended into a rant against OS X (and mostly by people who appear to know nothing about it) and the allegation that Apple's marketing gives people a false sense of security. Perhaps. But there is a difference between risk and fact, and the fact is that there has never been a single instance of an OS X virus in the wild. Zero. None. Nada.
juanm
June 21, 2010 at 4:09am
Justin, justin, justin ...
thanks for continuing to spread Fear, Uncertainty and Doubt with badly titled articles and misleading and just plain wrong information. And then it is amazing here in PCMaximum land that everyone immediately starts shouting the Mac sky is falling, the Mac sky is falling, blah, blah, blah.
This is NOT a virus that the update has addressed but a Trojan. A Trojan is NOT a virus. Even the link (http://news.cnet.com/8301-1009_3-10110852-83.html) you provided in the first paragraph CLEARLY explains the differences between trojans and viruses and how Trojans can impact Macs and PCs. Why, because the USER activates them. This is different than a virus. Read this article again.
i am a Mac user and I realize that Macs are not immune to everything AND are especially not immune to users who open files from persons they don't know OR worst yet are duped (and we all can be) by an e-mail or file that appears to be from a company we deal with all the time only find out later we gave our user name and password away.
If you are going to report on mac problems and issues at least get your story correct. This is a Trojan issue NOT a virus issue.
The funny part is that you state that this exploit "is a file disguised as the iPhoto application" that is the exact definition of a Trojan that can affect a PC AND a Mac.
mesiah
June 21, 2010 at 4:31pm
Congrats, you obviously got an A+ in your apple propaganda class. Your argument is textbook apple crosstalk to a T. When confronted with an obvious apple or mac flaw, instead of disputing the flaw, you change the subject and dispute the verbage of the claim. To all the morons and other apple lovers it sounds like "No, that is a total lie! That is not an issue." But what you are really saying is "Lets change the subject. You can't call it a tomato when its clearly a tomoto."
Muerte
June 21, 2010 at 6:28am
technically you are right but people buy Macs so they don't have to know the difference and to them a trojan or virus no matter what you call them is bad.
I guarantee 90% of the people who own macs don't know the difference and won't care.
So you can pic nits all you want a security issue is a security issue is a security issue.
A rose by any other name....
focher
June 22, 2010 at 1:06am
Your "guarantee" is useless and nothing more than the typical overblown rhetoric too many people use when anonymously making claims on Internet forums. "People" buy Macs for a variety of reasons, and there are plenty of extremely technologically capable people who buy them - seeing as it's a platform built on BSD Unix. Regardless of all that, the introduction of code signatures on their own apps is hardly is "see, security is bad on OS X" issue. The article obviously wants to make it one, but that doesn't make it so. Code signatures are getting more and more common, and are simply one more mechanism to ensure that the application you are executing is really from who it says it is. No different than SSL certificates for web sites.
focher
June 21, 2010 at 12:17am
Ah, the age old "their market share is too small for virus writers". There are no - that's zero - cases of viruses in the wild on OS X. There have been some concept trojans written, which is an important distinction as a trojan requires a user to accept the execution of the program. And even then the program only executes at the user login permission level. On OS X, that defaults to a non root / administrator level access so the most the application can do is screw with the user's home folder structure.
None of that means there aren't security holes in OS X. And people have different opinions as to whether Apple's approach to even talking about security issues in OS X is appropriate. What gets me is how lame this article is, especially with the snide recommendation that Apple should mimic or listen to MS's approach. The fact is, Microsoft has the most dismal security history of ANY software provider...bar none. It has routinely released OSes and applications which allow viruses to self-install, propagate, and run at administrator level. Holding them up as some industry best practice is downright laughable. What's also evident is that most of the commenters on this forum don't even know the difference between a security hole, a virus, a trojan, or any other type of software security issue.
imagonex
June 20, 2010 at 8:53pm
Most hackers right now are thinking: WHO CARES?!
Hackers targeting a declining 3% PC desktop market share is akin to a terrorist group pissing on the snow in Antarctica as opposed to bombing the Pentagon. Makes for a good comedy skit on MadTV, though.
As far as Fruity PC Inc. misleading their customers? Well(cough, cough), yeah, just a little wee bit (sarcasm).
Then again, I think most corporations mislead the consumers. All companies do it. They all utilize romanticized jargon to describe exploits or bugs that can be outright critical or urgent. Fruity PC Inc, though, is probably the best spin doctor at that.
Fruity & Company better keep on praying hackers never do care about OSX. Keep that 3% or less going, Steve, and you're out in the clear.
noobstix
June 20, 2010 at 1:40pm
Damn, I wish I was still in public schools with all of those Macs in the computer lab. I have the perfect website (or two, or three, or four, etc.) that I'd like to test the security of Macs on (Dells are no fun to infect). Maybe McAfee will have a version called "Mac-Affee". The name could fit perfectly.
Mobo: MSI 770-C45
CPU: AMD Phenom II X4 955 BE
Memory: 6GB Corsair XMS3 DDR3
Video: 1GB Diamond ATI Radeon HD5770
Monitor: 19" Viewsonic VX1935wm
HDD: 320GB Western Digital SATA
CD/DVD: Pioneer DVR-111D
PawBear
June 20, 2010 at 9:05am
Obviously a high number of high profile people are using the ipad. ATT made that clear recently. I think I can assume they use Macs. If I wrote viruses I'd certainly target them and do my best to make sure noone ever figured it out, especially Apple. to maintain this delusion that all are safe.
"Either we conform the Truth to our desires or we conform our desires to the Truth."
Slugbait
June 19, 2010 at 10:48pm
There was a KB article that sat on their website for a long while which advised their customers to have two antivirus programs installed. I always thought that to be funny after watching all the commercials. They deleted the KB about 18 months ago: http://support.apple.com/kb/HT2550.
There was an original KB before it. http://gizmodo.com/5100996/false-alarm-apple-mac-os-x-anti+virus-recommendation-is-old
Apple had always recommended using antivirus. Odd that they are suddenly changing their itune.
I doubt MS would be happy to give Steve a few tips, but I agree Apple wouldn't take them up on the offer. Steve has always seen himself as the driver, not the passenger.
But I digress...I think the reason Apple tells their customers they don't need antivirus is because Apple doesn't want their customers to experience the bugs and massive performance hit that comes with Mac antivirus programs, especially McAfee.
Bender2000
June 19, 2010 at 9:46pm
Apple actua;;y releases an update that makes their OS more secure, and this is a BAD thing? If they added a built in AV app like MS Security Essentials you guys would be hosing them for that too. You know Apple, they ignore the problem until they have the fix THEY want in place. Regardless of your bias, Apple made Macs safer. They also snuck in a new Mac Mini when no one was looking, so much for their announcements for minor things. Its like the reverse of vaporware, they come out with a product no one expects instead of announcing a product that never appears. Like the Slate or the Courier. I wish HP were more like that. I'd love to wake up one day and actually see HPs with Voodoo DNA in 'em. Then Apple would worry.
aviaggio
June 20, 2010 at 7:22am
Actually, it's not that they added new signatures that's an issue. It's the fact that unlike every thing else they do they kept quiet about it and are trying not to draw attention to it.
Cause admitting your OS is being hit by virus attacks kinda flies in the face of one of your strongest (as in harped on in every single ad) selling points -- that Macs are "safer" than PCs and don't get viruses.
The whole situation just points out what we in the PC world have known for a long time -- Jobs is full of shit.
Mayhemm
June 19, 2010 at 6:31pm
Is it wrong of me to be silently hoping someone writes a totally debilitating Mac-only virus? One of the system-frying, hard disk-erasing ones?
This would accomplish two admirable (IMO) goals:
1) it would give Mac users a harsh lesson in internet security. One they seem reluctant to absorb otherwise
2) Crush Apple under the weight of lost-business, willful-negligence, property-damage, and false-advertising lawsuits.
Cache
June 20, 2010 at 6:41am
I'm shocked that no one in the Russian mafia has developed a good, debilitating virus yet from a monetary perspective. Figure you brick a few million Mac products, Apple's stock plummets--you buy massive amounts of low-cost Apple stock, and sit back as the Apple Addicts flock to the latests innovation--iVirus Protection. Apple's stocks go back through the roof... and the Russian mafia makes an easy billion or so dollars.
Hell, if I could program anything beyond my DVR, that's what I'd do.
stradric
June 21, 2010 at 5:14am
I don't think that would work in practice. You'd need a virus that would target all OSes in order to infect a large amount of Macs since they're so sparsely distributed through the whole computing landscape. Either that or take over Mac update, which is not easy task certainly.
Besides that, does Apple even make that much money on its PC business to send its stock plummeting? I think it's all iPhones and iPods. So if you manage to infect every iPhone, then maybe you have something...
TechJunkie
June 19, 2010 at 6:44pm
Yeah and at those conferences booked in advance, they announce insignificant version bumps and trivial new products. They announce at these conferences that they changed the color of sliced bread, or that they are putting out an update to the iphone so it can...wait for it.....WAIT FOR IT.....copy and paste!!!!! WOW, what a concept! No one will ever be able to top that! As far as trivial products, the ipad comes to mind. Why? Cause it's just a bigger ipod and they tout it as the biggest technological breakthrough since electricity. Give it up dude and your name shouldn't be "chet Sixsixsix". It should be "ChetMix" cause your a horrible poster and should stop reading.
I have to PooP!
WardTheSteak
June 19, 2010 at 9:31pm
I think this guy is for team Steve! You're just mad, because you can't mod out your mac to be a twilight homage! Noob!
Team Edward! <----- One guy said Jacob, and I don't hop on bandwagons!
TechJunkie
June 20, 2010 at 2:35am
Because SJ thinks his crap smells like candy gumballs and not to mention that he thinks that he is god. Period. But I'm not defending the guy who wrote the article, I'm defending the content. SJ is nothing short of a frail dictator that does no wrong, is perfect, his gadgets are perfect, and has all his little apple fritters right where he wants em'.
pssst. I'll tell you a secret. I don't have a coolermaster. I have an Antec 902 case with pretty blue lights.
BuLLg0d
June 19, 2010 at 5:00pm
...if your, Christopher, Walken
"I've got a fever, and it can only be remedied, with more cowbell"
TechJunkie
June 19, 2010 at 6:46pm
Now I have a headache and the only antidote is more cowbell!
I have to PooP!
nadako
June 19, 2010 at 2:45pm
why apple loves to pull out the blame stick. Blaming Adobe for their security risks and what not. Lol if your a programer then you would understand to limit the User from the kernel and other Software installed as much as possible. And in limiting i mean making your variables private not public. Oh but a friend funtion is like a friend with benifits.
stradric
June 21, 2010 at 5:23am
Private, public and friend functions are compiler mechanics. They mean nothing in runtime where everything is assembly.
Also, programmers writing software to run on an OS should not have to worry about "to limit the User from the kernel". It's the OS's job to limit kernel interaction.
TechW
June 19, 2010 at 1:43pm
I believe that the policy of Apple misleading its customers into thinking they are not subject to malware attachs will ultimately bite them in the butt. One day, all the beliving Mac owners are going to wake up to find out that they are the victims of identity theft and wonder how it could possibly have happened to them. I imagine they will blame Microsoft...
kjrviking
June 19, 2010 at 12:47pm
When my buddies who say that they don't need antivirus, i just tell them that OSX is so much more open to attack than Win 7, then when they ask why there aren't any viruses for them, i am forced to respond that the OSX is too easy to hack and not enough people... maybe now more people will make viruses for it just to prove to Macheads that viruses do effect them
BuLLg0d
June 19, 2010 at 5:11pm
With Apple's market share increasing, and more users transitioning over to Mac and Apple products every day, it's only a matter of time before the right (or wrong) internet e-thug is going to gut punch Apple with malicious code due to their pretentiousness. When it comes to PC's, no one claims 100% protection. If someone did claim that, they'd be hacked within a day. We have all learned that the hard way. PC marketing usually uses the term "more secure", and that's after a malicious attack.
Apple users live within a cloud of smug http://www.southparkstudios.com/clips/104282
COMMANDER_COOK
June 19, 2010 at 10:44pm
Yep, they sniff thier farts.
----------------------------------
Donate blood! http://www.redcrossblood.org/
nsvander
June 19, 2010 at 12:02pm
I have numorous friends that think becuase they are on a MAC they dont need antivirus. I tell them its just a bunch of BS and if you use the internet for anything you need it.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Here's what the @horse_ebooks bookmarklet (http://t.co/brE6898A) does to Maximum PC: http://t.co/Y6OhO6zk8 hours 28 min ago
- maximumpc: Microsoft on Patents: Can't We All Just Get Along? http://t.co/g0vginvG10 hours 49 min ago
- maximumpc: Google Drive Cloud Storage: Is Google Preparing To Muscle In On Dropbox? http://t.co/lCWzeYmS11 hours 13 min ago
