Why Do People Think MAC OSX Has Built-in AV?

Discussion in 'other anti-virus software' started by Brandonn2010, Jun 5, 2011.

Thread Status:
Not open for further replies.
  1. BenMar522

    BenMar522 Registered Member

    Joined:
    Mar 12, 2010
    Posts:
    67
    Mac's certainly aren't immune to viruses and malware. As they start gaining more and more market share, they'll be in the cross hairs of malware deviants.

    BenMar
     
  2. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    That just tells me they have too much money that they need to overspend on a mac laptop when they could get the same for less with Windows.

    Command line makes your OS secure?
    You've seen the Windows code to know it's more secure than an old version of Unix?

    What is "OSX Mail Chime" and how does it relate to security vendors and podcasts?

    Like who, and what? Last I was reading Mac's were even worse for security than Windows.

    Wow, thats totally unique to Mac hardware, no wait...
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Mac vs PC debate is useless. PC users are just as bad as Mac users about it, it's ridiculous.

    And no, PC's can't boot Mac. Hackintosh is a) illegal b) buggy

    And no, macs are not worse for security than windows. Whoever told you that is probably lacking any formal education in the matter OR you've misinterpreted security for bugginess.
     
  4. d0t

    d0t Registered Member

    Joined:
    Apr 23, 2011
    Posts:
    181
    Always wanted to have a Mac to see how it works :p

    Unfortunately, in Brazil, the price of a core2 Mac with a bad graphic card, is higher than a Dell with i5 plus a decent Geforce ehe :(
     
  5. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    It was an article on this very forum. I cannot find it now.
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I don't know if this is who elapsed was thinking about, but I wouldn't say Charlie Miller lacks any education in these matters.

    This is from last year -http://www.h-online.com/security/news/item/Mac-OS-X-safer-but-less-secure-Update-957981.html
     
  7. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    226

    No the command line does not make a OS secure. I guess command line junkie gray hat pentesters/security experts just plain and simple like it better for command line code hacking then Windows command line. It is not your choice, it is theirs.


    As for overspend. Are you a 16 year old kid? Some of these guys make $100,000 to $150,000 a year and they can't afford a $1,199 to $1,400 laptop. Pennies for these guys.

    If they owned a Sony or top of the line laptop of almost any top Windows PC makers they would hit the $1,200 to 1,300 mark. I make $40,000 year and I have 3 Macs 2 PC and 2 Linux machines. The price pissing match is total mute point.


    Yes, Mac s are a hair less secure then Windows 7 64 bit. Macs just started getting hit with trojans to the masses May 2 2011

    Many of the comments I have heard is they like the OS better then Windows. It is their choice, NOT YOURS.

    The comment about the OS X Mail chime relates to security because I was stating that these top experts are using Macs as their main computer of choice now. The proof to me is I can hear it is a Mac by the chime. I did not think I needed to explain that one.
     
    Last edited: Jun 5, 2011
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Figures. 0Days are not legitimately scary. Malware rarely takes advantage of them because they're too easy to patch and not reliable across the system.
     
  9. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    226

    Yes, Mac are less secure then Windows, it lacks a robust memory randomization pattern spread and Unix has 1/3 more code then Windows to hack. It may change some in a month or two when OS X Lion comes out.

    That means nothing though. The security experts still choose Macs as their main computer. That is just fact.

    They are the big boys who know 100 more then any of you and they chose to choose a Mac to hack and use as their main computer. Plain and simple.
     
  10. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Are you honestly trying to say malware doesn't take advantage of 0 day exploits?
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes. I'd love to be proven wrong with a study showing that malware takes advantage of bugs/ crashes in the OS and not by drive-by downloading, XSS, or social engineering.
     
  12. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    226
    Really, Adobe Reader or Adobe anything. Giving birth to 0days weekly. PDF 0days with java code installed amounted to 50% of the malware running on the internet 1 year ago.
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Source? I wouldn't be all that surprised about that.
     
  14. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    226

    Both OSes are sound if no external services are being used. I.E. sitting on a network with no external programs opened up. Open up a browser and load the internet and you get pwnd.
     
  15. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Lol, I can't be bothered arguing over how wrong you are. Obviously stuxnet was too long ago for you to remember.
     
  16. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    226
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Even if Mac OS X is used by "most security experts" you know, it is far from the most secure OS. Some distos of Linux and BSD will make it look like a swiss cheese in security, especially in Live CD mode. Heck Windows PE is more secure than Mac OS X for sure.
     
  18. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    226

    Open BSD
     
  19. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Do you know what happens with a drive-by download (remote code execution)? What are the ingredients for a drive-by download to be succesful?
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Drive by download does not necessarily mean 0day exploit, sorry. Scripting will do it just fine.

    Windows doesn't store and follow the mode permissions *nix does. You know when you have to chown * and chmod 744 * and stuff
    It has almost no unprivileged execution prevention other than UAC

    Also remember that SELinux has to be up to NSA security standards so it is much more rigid on security than other OS kernels. Not really OSx related but still similar, since os x can get a lot of the benefits of their development.

    edit: -- from my programmer friend who I was discussing this with
     
  21. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    But, pretty much all web browser-based exploits will result in drive-by downloads. And, that was my point.

    So, when you said...

    ... You were being a tad contradictory, IMHO.

    But, you're right, social engineering takes less effort... and guess what... it works. But, and I'm also sorry to say it... it "attacks" regardless of the O.S. The same for phishing. I'd like to see Mac OS X, Linux, etc. stop that. Guess what? Nothing saves someone from their own stupidity.

    99% of Windows infections result from a single sympthom - PBCAK. Sorry, but that's the reality. The problem is never the user... is always Windows. :rolleyes:
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    My point is simply that it is MUCH harder to get admin permissions, even with 0days, on OSX/ nix.
     
  23. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    226
    I am a Mac guy, and I have to say, we don't know that. OS X has NEVER been hacker vetted. According to Charlie Miller and Rodger Grimes it is very easy.

    We need another 3 years to see if that is a true statement.
     
  24. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    341
    I believe user ignorance and sloppy programming are the biggest reasons why malware is so prevalent these days. Everyone wants the latest new thing out there fast and they want an application to make money as well. These programmers see money signs dancing in their heads and not about ordinary users whipping out their credit cards or getting upset when they see a strange pop-up telling them they need Mac Defense or Windows Recovery to fix the problem.

    Both Windows and Apple officials have been using doublespeak for years about their products. It seems even worse when they talk about how secure Macs and Windows operating systems are out of the box. The majority users from both camps don't think about security or want to spend mega bucks on real programs that protect.

    The only way out of this is to make sure new/old computers users know the basics and the risks of operating a computer and surfing the web. They should be given information about security programs, how to update software and applications and know how to look out for scareware and other junk on the internet.
     
  25. zongamin

    zongamin Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    12
    However, you only need admin permission to install malware. The User and Applications folder don't require admin access to make changes - malware writers have already adapted the recent MacDefender trojan so that no admin pass is required.

    Also - this doesn't help against Trojan/Social Engineering tricks. Once the mark has taken the bait (either a bogus malware warning, or some pirated software), they are probably going to complete the installation. After all, the person who believes they are responding to a genuine alert wont suddenly stop once prompted for their password.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.