[IP] more on mac viruses and quote and apple pie
Begin forwarded message:
From: Rodney Joffe <rjoffe@xxxxxxxxxxxxxx>
Date: May 21, 2005 12:30:27 PM EDT
To: David Farber <dave@xxxxxxxxxx>
Subject: Re: [IP] mac viruses and quote and apple pie
Hello Dave,
On 5/21/05 4:29 AM, "David Farber" <dave@xxxxxxxxxx> wrote:
Please do
You have had a number of readers who have responded providing some of
the
details of the vulnerabilities of Mac OS-X already.
The overall impression is one of "There are easier targets, like
Windows,
and the exploits are very quickly identified and patched, and Mac OS-
X is a
much better option". All very true. I run OS-X on all my personal
machines
for just that reason.
But to contend that there are no known exploits in the wild, and the
only
virii that were UNIX specific were ten years ago is disingenuous at
best.
As an opener, here is a Techworld article from earlier this month.:
http://www.techworld.com/security/news/index.cfm?NewsID=3598
Just a small excerpt:
" The flaws patched this week are more serious than those addressed
by the
April patch, with some of the new bugs allowing remote attackers to run
malicious code on a user's system. A buffer overflow in Apache's
htdigest
program could be triggered via a CGI application to allow remote system
compromise, Apple said.
An integer overflow in AppKit could allow for malicious code
execution via
malformed TIFF images; two flaws in the libXpm library could allow code
execution via another image format, XPM, although Apple noted that
libXpm
isn't installed by default.
A bug in the Foundation framework's handling of an environment variable
could result in a buffer overflow, allowing the execution of code, Apple
said. Help Viewer could be commandeered by remote attackers to run
Javascript without the usual security restrictions. A buffer overflow in
NetInfo's Setup Tool (NeST) could also allow remote code execution."
That is covered in just one patch.
But the claim that Mac OS-X is not vulnerable to virii, which is the
fallacy
some folks are perpetuating, is best put to bed by a little contest
"almost"
taking place through the folks at DVForge. It seems odd that there
would be
such an outcry if there was no risk. No?
http://www.dvforge.com/virus.shtml
Another interesting article describing some of the fundamental issues:
http://news.com.com/Darwin+flaws+survive+in+Apples+Mac+OS+X/
2100-1002_3-5540
955.html
To understand more of the vulnerabilities, and how to patch them,
above and
beyond waiting for problems to be found and patched by Apple and OS-X
app
vendors, a good start is at http://www.bastille-linux.org/
There is no doubt that Mac OS is a better choice. The OS is better, the
vendor is far more reactive, and the users are far better informed,
so they
share information quicker. But *don't* believe for a moment that
because you
use a Mac, you have nothing to worry about. As I said in my original
post, I
deal with compromised machines almost every day that are part of larger
botnets, and that are running Mac OS-X, with the owners believing
that they
were secure.
HTH
Regards,
Rodney Joffe
CenterGate Research Group, LLC
http://www.centergate.com
"Technology so advanced, even WE don't understand it"(R)
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/