Why Do People Think MAC OSX Has Built-in AV?

Mac's certainly aren't immune to viruses and malware. As they start gaining more and more market share, they'll be in the cross hairs of malware deviants.

BenMar

 

That just tells me they have too much money that they need to overspend on a mac laptop when they could get the same for less with Windows.

Command line makes your OS secure?
You've seen the Windows code to know it's more secure than an old version of Unix?

What is "OSX Mail Chime" and how does it relate to security vendors and podcasts?

Like who, and what? Last I was reading Mac's were even worse for security than Windows.

Wow, thats totally unique to Mac hardware, no wait...

 

Mac vs PC debate is useless. PC users are just as bad as Mac users about it, it's ridiculous.

And no, PC's can't boot Mac. Hackintosh is a) illegal b) buggy

And no, macs are not worse for security than windows. Whoever told you that is probably lacking any formal education in the matter OR you've misinterpreted security for bugginess.

 

Always wanted to have a Mac to see how it works

Unfortunately, in Brazil, the price of a core2 Mac with a bad graphic card, is higher than a Dell with i5 plus a decent Geforce ehe

 

It was an article on this very forum. I cannot find it now.

 

I don't know if this is who elapsed was thinking about, but I wouldn't say Charlie Miller lacks any education in these matters.

This is from last year -http://www.h-online.com/security/news/item/Mac-OS-X-safer-but-less-secure-Update-957981.html

 

No the command line does not make a OS secure. I guess command line junkie gray hat pentesters/security experts just plain and simple like it better for command line code hacking then Windows command line. It is not your choice, it is theirs.


As for overspend. Are you a 16 year old kid? Some of these guys make $100,000 to $150,000 a year and they can't afford a $1,199 to $1,400 laptop. Pennies for these guys.

If they owned a Sony or top of the line laptop of almost any top Windows PC makers they would hit the $1,200 to 1,300 mark. I make $40,000 year and I have 3 Macs 2 PC and 2 Linux machines. The price pissing match is total mute point.


Yes, Mac s are a hair less secure then Windows 7 64 bit. Macs just started getting hit with trojans to the masses May 2 2011

Many of the comments I have heard is they like the OS better then Windows. It is their choice, NOT YOURS.

The comment about the OS X Mail chime relates to security because I was stating that these top experts are using Macs as their main computer of choice now. The proof to me is I can hear it is a Mac by the chime. I did not think I needed to explain that one.

 

Figures. 0Days are not legitimately scary. Malware rarely takes advantage of them because they're too easy to patch and not reliable across the system.

 

Yes, Mac are less secure then Windows, it lacks a robust memory randomization pattern spread and Unix has 1/3 more code then Windows to hack. It may change some in a month or two when OS X Lion comes out.

That means nothing though. The security experts still choose Macs as their main computer. That is just fact.

They are the big boys who know 100 more then any of you and they chose to choose a Mac to hack and use as their main computer. Plain and simple.

 

Are you honestly trying to say malware doesn't take advantage of 0 day exploits?

 

Yes. I'd love to be proven wrong with a study showing that malware takes advantage of bugs/ crashes in the OS and not by drive-by downloading, XSS, or social engineering.

 

Really, Adobe Reader or Adobe anything. Giving birth to 0days weekly. PDF 0days with java code installed amounted to 50% of the malware running on the internet 1 year ago.

 

Source? I wouldn't be all that surprised about that.

 

Both OSes are sound if no external services are being used. I.E. sitting on a network with no external programs opened up. Open up a browser and load the internet and you get pwnd.

 

Lol, I can't be bothered arguing over how wrong you are. Obviously stuxnet was too long ago for you to remember.

 

Oh, sorry, 80% and 2 years ago.

http://www.zdnet.com/blog/security/...ised-80-percent-of-all-exploits-for-2009/5473

.

 

Even if Mac OS X is used by "most security experts" you know, it is far from the most secure OS. Some distos of Linux and BSD will make it look like a swiss cheese in security, especially in Live CD mode. Heck Windows PE is more secure than Mac OS X for sure.

 

Open BSD

 

Do you know what happens with a drive-by download (remote code execution)? What are the ingredients for a drive-by download to be succesful?

 

Drive by download does not necessarily mean 0day exploit, sorry. Scripting will do it just fine.

Windows doesn't store and follow the mode permissions *nix does. You know when you have to chown * and chmod 744 * and stuff
It has almost no unprivileged execution prevention other than UAC

Also remember that SELinux has to be up to NSA security standards so it is much more rigid on security than other OS kernels. Not really OSx related but still similar, since os x can get a lot of the benefits of their development.

edit: -- from my programmer friend who I was discussing this with

 

But, pretty much all web browser-based exploits will result in drive-by downloads. And, that was my point.

So, when you said...

... You were being a tad contradictory, IMHO.

But, you're right, social engineering takes less effort... and guess what... it works. But, and I'm also sorry to say it... it "attacks" regardless of the O.S. The same for phishing. I'd like to see Mac OS X, Linux, etc. stop that. Guess what? Nothing saves someone from their own stupidity.

99% of Windows infections result from a single sympthom - PBCAK. Sorry, but that's the reality. The problem is never the user... is always Windows.

 

My point is simply that it is MUCH harder to get admin permissions, even with 0days, on OSX/ nix.

 

I am a Mac guy, and I have to say, we don't know that. OS X has NEVER been hacker vetted. According to Charlie Miller and Rodger Grimes it is very easy.

We need another 3 years to see if that is a true statement.

 

I believe user ignorance and sloppy programming are the biggest reasons why malware is so prevalent these days. Everyone wants the latest new thing out there fast and they want an application to make money as well. These programmers see money signs dancing in their heads and not about ordinary users whipping out their credit cards or getting upset when they see a strange pop-up telling them they need Mac Defense or Windows Recovery to fix the problem.

Both Windows and Apple officials have been using doublespeak for years about their products. It seems even worse when they talk about how secure Macs and Windows operating systems are out of the box. The majority users from both camps don't think about security or want to spend mega bucks on real programs that protect.

The only way out of this is to make sure new/old computers users know the basics and the risks of operating a computer and surfing the web. They should be given information about security programs, how to update software and applications and know how to look out for scareware and other junk on the internet.

 

However, you only need admin permission to install malware. The User and Applications folder don't require admin access to make changes - malware writers have already adapted the recent MacDefender trojan so that no admin pass is required.

Also - this doesn't help against Trojan/Social Engineering tricks. Once the mark has taken the bait (either a bogus malware warning, or some pirated software), they are probably going to complete the installation. After all, the person who believes they are responding to a genuine alert wont suddenly stop once prompted for their password.