A Mac OS X attack that leaves no trace

More vulnerabilities targeting Mac OS are discovered as it keeps getting more popular among users, and thereby of malware coders as well:

http://www.oneitsecurity.it/22/01/2009/mac-os-x-vulnerability-an-interview-with-vincenzo-iozzo/

Since this tendency are more or less established now and continues to grow, it only confirms that Linux, Solaris, BSD etc are spared from attacks as long as they are not in focus for been prime targets to malware coders. For the wise, security aware user this unfortunate development doesn't comes as a surprise, but for some *nix fanatics it's really high time to land.

I just want to add before I get flamed for been a "Windowz fanboy" or something similar, that I'm a user of *nix platforms as well.

/C.

 

All platforms are vulnerable, question being how it recovers from it and fix itself is the point to consider, Linux and Mac due to its inherent structure and protocols make them less prone than Windows.

 

Ho, humm... Is this supposed to be news to anyone? Can anyone say FUD?

 

A substanceless oneliner lewmur...

But anyway, since he's one of the speakers at the Black Hat conference DC 2009, proclaiming his findings as FUD from a negative point of view just confirms the übermensch mentality by some *nix users, especially belonging to the Linux and Mac camps. For many years I've witnessed, and many others as well, this hybris mentality among a not so small number of Linux/Mac users when participating in different dedicated *nix forums which, to be honest, almost gives me an unpleasant feeling of sectarianism. I don't know exactly when or why this invulnerability mentality arised, but I think the Apple masses with Steve Jobs as the holy father has to some extent to be blamed for this fanboyism behavior which apparantly was inherited by some die-hard users of the Linux camp.

Enough of this ~moral lesson~ , it will anyway be interesting to read the interviews and reviews among the speakers regarding the topics after the event.

/C.

 

Useless to have hubris, in my lifetime as a programmer working for IBM, I have come across many Unix systems compromised, hacked, broken into. As I said, nothing and I mean nothing is invincible.

 

We need to differentiate between home and work environments ...
Home systems is one things, work environment is something else.
Mrk

 

One thing to note is that this technique [or knowledge of] does not weaken the systems security.
It requires a seperate delivery mechanism to penetrate the system. All it does is allows for stealthier injection of code once on the system.

OS X 10.6 will provide a fix for this (http://www.appleinsider.com/print/09/01/16/road_to_mac_os_x_snow_leopard_64_bit_security.html):

 

Well, yes, the reference to the interview and the main point with this thread is focused on the use of different *nix platforms as desktop solutions and thereby those security issues that will follow, and not regarding its use as server platforms since that's another problem area that isn't quite of concern here.

But since Arup slightly mentioned the server area:

Which are the most common reasons to this? Is it because of sloppy configuration and securing of the server applications/databases? or bad coding/design of the applied solutions? Just curious...

/C.

 

Users + no patches.
Mrk

 

@Mrkvonic

"Users + no patches.

Also, failure to implement workarounds until a patch is available (not all patches are fixed immediately) ... failure to implement default-deny for executables (write where you cannot execute and execute where you cannot write). Even if an intruder does not acquire root access, (s)he can still wreak havoc with the users files in /home/<user>, /export/home/<user>, etc.

Just like Windows.

"We need to differentiate between home and work environments ... Home systems is one things, work environment is something else.

Why? Plenty of *nix workstations (desktops) in the corporate/government world.

 

It's different for several reasons:

Installing a patch + reboot at home is trivial. Not so when you have hundreds or thousands of servers, which you cannot afford to downtime.

Then, you have firewall issues, compliance issues, compatibility issues. Some companies may have to run obsolete versions of OS, even if they are no longer supported, because their products run and depends on them.

And then you have massive influx of data, thousands of people using these machines ... so unlike home.

And so forth...

Mrk

 

@Mrkvonic,

This addresses servers.

What about *nix workstations used as desktop systems in the business environment? This is closer to home *nix users than servers. The OP was really getting at desktops.

Also, there are home users running desktops with OSs that are no longer supported.

 

I have not heard of many *nix desktop in business environments ... Mainly because companies have to talk to other companies and then they all fall back to the lowest common denominator - MS stuff, plus most people are too unskilled in using any sort of OS, let alone *nix-based ones.

In general, if desktop vs desktop was the only issue, then things would be simpler. But then again, MS workstations are more vulnerable than MS home desktop, so similarly the *nix ones are.

All that said, most *nix machines in companies are servers or heavy duty client machines that cannot be easily patched / rebooted.

Mrk

 

A bit OT but i never heard of 64 bit OSX? Does it exists? If not, why?

Thanks

 

I didn't say his finding were FUD. I say your posting them here as an indication that Linux users are as prone to malware as Windows users is pure, unadulterated FUD. The OS's mentioned in the article are Mac OS X, BSD and WINDOWS. No mention was made of either Linux or Unix.

The "Ho Humm" is because this is about the zillionth time I've heard the argument made that Linux isn't immune to malware. Nobody claims it is. But its a damned site safer the any Windows OS.

 

Well, since these exploits and thereby similar future attack vectors are considered "impossible" by some die-hard *nix users, especially by some folks from the Linux and Mac camps, I find it quite odd that the mantra is still that they are "invulnerable" to malware.

The simple reasons, which is "common knowledge", why Windows as a desktop OS is the main target for malware, instead of the alternative *nix desktop solutions are the following:

1. Windows is without any serious competition the most common desktop platform on most users computers today (highest profit for least effort).

2. Windows granted the user admin/root privileges by default (XP and earlier).

Even if Vista has introduced the UAC solution as a first step to force the development of proper designs as well as only granting the user standard privileges by default, it's still easily circumvented by the user with a simple click (which a friend of mine experienced the other day...). It requires a password protected account by default which has been the case for *nix platforms for years, and which is the proper way of doing it.

But still, since the development and trends of malware designs are moving rapidly towards platform independent "solutions", I find it worrying that this ostrich behavior still remains amongst some *nix users which will only serve as a disservice for themselves.

By the way lewmur, by claiming that my post here is "pure, unadulterated FUD" from my part is indeed notably, since I'm clearly referring to an interview with the source himself and my comments are based on this new finding which will affect not only the platforms mentioned, but other platforms as well. Besides, do you mean, according to your way of reasoning, that one shouldn't publish any posts referring to news regarding new exploits/attack vectors against any platform (besides Windows of course...) since this is considered, according to your way of reasoning, as FUD? Then several longtime members here at these forums are really just a bunch of big FUD'ers...

/C.

 

OS X is currently partially 64-bit, it fully supports x64 apps, but the kernel itself isn't. Snow leopard will be fully.

 

Thanks.