Bob Caswell - Latest Comments in Organized Crime Targeting Apple Computers for the First Time

Re: Organized Crime Targeting Apple Computers for the First Time

Paul Ellis — Sat, 02 Feb 2008 10:41:27 -0000

this link this guy says that Linux with Wine or DOSBox runs games better than Vista because it could run Soldat, Darwinia, Blackthorn, and Civilization 4. I haven't even heard of the first 3 games, and from looking online people run Civ4 on Vista. It might have taken some tweaks (when doesn't PC gaming? That's why I have a console instead), but I'm sure it was less that setting up Wine on Linux.

Re: Organized Crime Targeting Apple Computers for the First Time

DaveK — Fri, 01 Feb 2008 11:30:04 -0000

Paul wrote:
"DaveK: If the firewall is off, ports are open, no matter what OS. Also, even though my Windows firewall is off right now (my home network is set as a private network in Vista) ShieldsUp isn’t finding any open ports, but that is because I’m behind a NAT router and no ports are forwarded. Odds are that unless you are plugged straight into your cable/dsl modem that ShieldsUp will give the same report. "

But what I said was that I was NOT behind a NAT router. I plugged a MacBook Pro right into my incoming internet connection - no hardware firewall whatsoever, and reconfigured the ethernet settings to use the direct connection. And the Leopard firewall preference setting was to "Allow all incoming connections", and ShieldsUp stated all ports are closed. So you are wrong, at least about the Leopard "firewall". And you obviously haven't tried it, or you'd see that I'm correct.

I think the confusion is that the firewall in Apple's preferences seems to be what Apple is calling an "Application Firewall" - the open source firewall ipfw is still present at a lower level, and can be accessed via the terminal, from what I've read. I think Apple has major terminology problems here, but the fact remains that if the preferences are set to have the APPLICATION firewall in the preferences "Allow all incoming connections", all ports are still closed. That explains the basic security out of the box of a Leopard install. Perhaps the correct terminology would be to say that in Leopard, the packet inspection firewall ipfw is still always running (on) in the background, even though the Apple's UI seems to indicate the firewall is off. I'm not defending them - I think this was a major UI blunder. And it's caused all sorts of bad press.

BTW, when I am behind my hardware firewall, Shields UP shows all the ports as "stealth" unless I configure them otherwise on my router.

"The firewall is really only that significant in public network (usually wifi) scenarios for most people. I can see people’s Mac’s on my school subnet (but they can’t see me). "

True. Which is why a default install of Leopard has all ports closed, so you don't have to worry while on a public network.

"It is well documented at a number of sites that OS X defaulted to “allow all incoming connections” until very very recently."

They still do, but all the ports are closed, as I said.

"About Leopard, I would call it more of a feature pack than a service pack. "

Sure, you can call it what you want. The many additional features is why it was a paid upgrade. Apple's service packs are free. Apple is just a bit more responsive than Microsoft in this area. But there were many changes to the underpinnings of Leopard, from a developer's standpoint. Probably more than any other OS X release. Many made to support the new features Apple added, but also to allow more innovation from third party developers.

"Arguably the underpinnings of a lot of significant parts of Windows XP were dramatically changed between SP1 and SP2. That is why a fair number of programs had to be fixed to work with SP2. Not a lot of features changed though. Sure the dock changed some, they added built-in backup, etc, but the core of the OS is mostly the same. It isn’t at all like the difference between XP and Vista, good or bad."

I would agree with you - there were many more differences between XP and Vista than between XP SP1 and SP2.

"And the internal numbering differences (from the roughlydrafted.com link) between Microsoft and Apple don’t really mean much for me. Just because Windows 2000 was NT5 and Vista is NT6, but Apple has gone from Darwin 4 to 9 in the same period doesn’t mean anything. It is just their version policy."

And Apple's version numbering policy is that all of the Mac OS X releases have a version number starting with "10", with the first number after that signifying paid releases with major features AND many underlying changes, and the second number after the "10" being free "service pack" releases. But yet many don't understand that going from 10.4.x to 10.5 is a MAJOR release and don't understand why they have to pay for it. It's all marketing - Apple wants to milk the roman numeral "X" for as long as possible.

Re: Organized Crime Targeting Apple Computers for the First Time

Paul Ellis — Fri, 01 Feb 2008 09:01:17 -0000

NAT router and no ports are forwarded. Odds are that unless you are plugged straight into your cable/dsl modem that ShieldsUp will give the same report. The firewall is really only that significant in public network (usually wifi) scenarios for most people. I can see people's Mac's on my school subnet (but they can't see me). Actually I can see all of their bluetooth IDs too since that defaults to visible. It is well documented at a number of sites that OS X defaulted to "allow all incoming connections" until very very recently.

About Leopard, I would call it more of a feature pack than a service pack. Arguably the underpinnings of a lot of significant parts of Windows XP were dramatically changed between SP1 and SP2. That is why a fair number of programs had to be fixed to work with SP2. Not a lot of features changed though. Sure the dock changed some, they added built-in backup, etc, but the core of the OS is mostly the same. It isn't at all like the difference between XP and Vista, good or bad.

And the internal numbering differences (from the roughlydrafted.com link) between Microsoft and Apple don't really mean much for me. Just because Windows 2000 was NT5 and Vista is NT6, but Apple has gone from Darwin 4 to 9 in the same period doesn't mean anything. It is just their version policy. Just look at the difference in numbering between Debian and Fedora Core. In the last 12 years Debian has gone from version 1.1 to 4.0. Fedora went through 8 versions (cores) in 4 years. Yet fundamentally they are both using the same base components.

Re: Organized Crime Targeting Apple Computers for the First Time

DaveK — Fri, 01 Feb 2008 02:49:21 -0000

Sorry. the links didn't come through.

I wrote:

I don’t think even Microsoft, the best company in the world at marketing mediocrity, believes that. See:

http://www.microsoft.com/wi...
vs.
http://www.apple.com/macosx...

Granted, I wouldn’t consider all the 300 things Apple touts as “features”, but Leopard is substantially more different from Tiger than SP2 is different from SP1.

For further information, see:

http://www.roughlydrafted.c...

Gibson web site:

www.grc.com

Re: Organized Crime Targeting Apple Computers for the First Time

DaveK — Fri, 01 Feb 2008 02:47:00 -0000

“DaveK: while I will agree that all new software has issues, I wouldn’t call OS X 10.5 to be really new. It is much more akin to Windows XP SP2. Pretty much the same as the preceding version (10.4 and SP1 respectively). “

I don’t think even Microsoft, the best company in the world at marketing mediocrity, believes that. See:

vs.

Granted, I wouldn’t consider all the 300 things Apple touts as “features”, but Leopard is substantially more different from Tiger than SP2 is different from SP1.

For further information, see:

“I just think it is crazy that in 2007 Apple would try to sell an OS with the firewall off by default. “

But that doesn’t mean all the ports are open. They’re not. Actually, even all Mac OS versions prior to Leopard installed with the firewall preference setting off I believe, and always came with all ports closed out of the box. So all Mac OS X versions have had the firewall off by default since what, 2000? Where are all the security breaches cause by the firewall being open? Oh yeah, the security by obscurity thing that we can’t prove yet.

Traditionally you only needed to “turn on” the firewall in Mac OS X if you needed to open some ports. Most users would not need to do this. But they can if they want.

If I run Shields UP from the Gibson Research Corp. web site (), with the Leopard (10.5.1) firewall off, and outside my hardware router, I see that all ports are closed. Not all marked as “stealth”, but all closed. Of course you can configure the Leopard firewall to “Enable Stealth Mode, if you like.

“You can see why though (http://www.heise-security.c..., because it broke applications. Even now you have to allow Skype to accept inbound connections every single time you use it. It was easier for the user to not have a firewall on. Probably the same reason Microsoft didn’t enable it by default on pre-SP Windows XP.”

Microsoft didn’t enable it AND they left a bunch of ports open, which was why all you had to do was connect a Windows box to the internet and watch it get violated in 20 minutes or so.

I think the reason the firewall is left off by default in OS X is because all the ports are closed by default, and you only need to turn the firewall on if you need to open ports, not because it breaks software when turned on. Not that Skype has been the most reliable software on the Mac anyway, but I'm sure that problem will get sorted out eventually.

Re: Organized Crime Targeting Apple Computers for the First Time

Paul Ellis — Fri, 01 Feb 2008 00:00:25 -0000

kbogg: I stand corrected. The behavior must have changed since I last used a Mac laptop about a 18 months ago. But I have seen it first hand. My client's wife even touted that it did it, that's how I noticed. I'm not sure which version of OS X she was running.

Greg: The statement that the sky is failing was usually (at least when I read them) tied to Mac's becoming popular, and that hasn't happened either.

JZ: Just because Windows defaulted to super user, it doesn't mean the underlying base is insecure. In fact, I think that Windows 2000 was a very good base for a multi-user GUI OS. The defaults may have been set insecure, but it could be locked down quite well.

Re: Organized Crime Targeting Apple Computers for the First Time

JZ — Thu, 31 Jan 2008 21:47:17 -0000

http://topgearelectronics.c...

Re: Organized Crime Targeting Apple Computers for the First Time

JZ — Thu, 31 Jan 2008 21:41:15 -0000

Most Mac users have used Windows. This argument that Mac users are not aware of viruses is more nonsense made up by PC users who of course have never touched a Mac. They also know absolutely nothing about the Mac OS or Mac users. OSX is not perfect...but let's be honest it started from a more secure space than XP or any previous MS OS. People seem to forget that Windows used to ship out of the box running as Super User as the default configuration for it's users, executables could just be run by a users clicking on a link with no protection for the user.
This was supposed to be a feature or a convenience...it was a bad decision on MS's part. Why?

Re: Organized Crime Targeting Apple Computers for the First Time

MacGecko — Thu, 31 Jan 2008 20:23:41 -0000

Well I think I do the outlook when and if I see there is a problem I might worry. However I have been hearing about how the sky is falling because the hackers are going to get Macintosh users from the time of OS 9. Guess what never happened! Then I was told just you wait those hackers will get you when you run OS X. Guess what never happened! So to this day there are many bot nets that own many a PC u,ser but I have yet to hear of one running OS X...

Re: Organized Crime Targeting Apple Computers for the First Time

kboggs — Thu, 31 Jan 2008 20:13:44 -0000

Paul, I'm not sure where you got the info on OS X wifi but a Mac will not automatically join an open network. It will notify the user that an open network is available but it will not join until the user gives permission. Which brings up another distinction between OS X and Vista, I've noticed that VIsta will ask if I initiated a given procedure that might be a security risk but does not ask for my password. OS X on the other hand will ask for an administrative password. This seems to me to provide a higher level of security at the desktop.

My example of the Army's server was just to illustrate that here's one server that is definitely not obscure. If OS X is such a security push over as others claim, then why does the Army continue to use Macs? Why has this considerably conspicuous Mac not been hacked?

All that being said I know that no OS is perfect nor 100% secure. I think it is important for us maintain antivirus software if for no other reason than to prevent being a carrier for Windows viruses.

Re: Organized Crime Targeting Apple Computers for the First Time

fustian — Thu, 31 Jan 2008 18:19:19 -0000

I might buy the obscurity argument, except I am old enough to have had several Macs before MacOSX. Even though they had significantly less market share than PC's back then, I did get viruses and did need to use virus protection software.

Those problems all ended with MacOSX.

Re: Organized Crime Targeting Apple Computers for the First Time

Paul Ellis — Thu, 31 Jan 2008 16:52:32 -0000

http://www.infoworld.com/article/07/06/29/26OPsecadvise_1.html. It is also has the largest market share (depending on how you calculate it). Which reinforces the idea that if Mac becomes really popular, things can change. Keep in mind that I am not saying that today, Jan 13, 2008, the Mac is not safe.

DaveK: while I will agree that all new software has issues, I wouldn't call OS X 10.5 to be really new. It is much more akin to Windows XP SP2. Pretty much the same as the preceding version (10.4 and SP1 respectively). I just think it is crazy that in 2007 Apple would try to sell an OS with the firewall off by default. You can see why though (http://www.heise-security.co.uk/news/98492), because it broke applications. Even now you have to allow Skype to accept inbound connections every single time you use it. It was easier for the user to not have a firewall on. Probably the same reason Microsoft didn't enable it by default on pre-SP Windows XP.

Wiley: all the points you make are valid for Mac, Windows, or Linux. That's really the problem today for most operating systems, how can you protect people from their own stupidity/ignorance? How can you get everyone to actually obey that list. Really. Have you heard of anyone having Windows Vista get hacked while just sitting connected to a network? I haven't, and it already has a larger install base (i.e. exposure) than Mac. That's why if you can get a user to run a file through social engineering it really doesn't matter how "secure" the OS is. The malware might not crash OS X, but it could delete your home folder, and all the time machine backups of it.

If you find a great way to take care of that problem then talk to me about starting a business. We could be billionaires.

Re: Organized Crime Targeting Apple Computers for the First Time

George — Thu, 31 Jan 2008 16:31:41 -0000

Bob,

You so completely don't get it.
It's not that if I don't read about it it's not real.
It's that they write about a topic that at this point in time is not relevent.
Hackers can target all the Mac's they want, but the way it works right now, unless someone is moving a mouse and clicking on a dialog box with an admon password in front of that particular Mac, it's not happening.
As to Sopho's having 100 million users...my guess is that they're not Mac users.

Re: Organized Crime Targeting Apple Computers for the First Time

Paul Ellis — Thu, 31 Jan 2008 16:28:45 -0000

I think we need to draw a distinction between being secure and not being attacked, or being safe. Warning: I'm going to illustrate an imperfect example, and you may interpret the words security and safety differently than me.

Certainly you wouldn't say burying a million dollars in a suitcase in your backyard is more secure than depositing it in a bank right? It may be safer because nobody knows you have a million dollars buried in your backyard, but the bank would be more secure because it has certain protection measures that it implements to stop people even though they all know the money is there. Now image that everyone starts burying money in their backyard because it is safer than the bank. You can see that as soon as you loose the obscurity you lose the safety.

The point being, if the underlying platform is not more secure (which I believe, pound for pound, it isn't) and the platform becomes significantly popular (which Apple runs lots of ads to try and make that happen) then obscurity isn't enough. Microsoft learned a long time ago that not having your firewall on by default is a bad idea. If Mac becomes popular, Apple will learn that same lesson. Also remember, that if I wanted to be safe through obscurity I could just run BeOS (I still wish Apple would have bought them instead of NeXT).

Let's look at another insecure part of OS X, the wifi configuration. Did you know OS X will connect to any wireless network it can (maybe not peer-to-peer ones, I'm not positive) without asking the user? I've had a lot of Mac people tell me how they hate how they have to "setup" the wireless on Windows and Mac just does it automatically. That is actually a very bad idea. You could be using your Mac somewhere where there will be a rogue network that your OS will automatically connect to. Keep in mind that your firewall is off, so any shared folders (with potential sensitive information), or vulnerable services (which every OS has, that is why they all get security updates), or even website spoofing/phishing/sniffing all available to whoever runs that network. Again, maybe not a problem yet, but if (and it is a big if that this whole conversation hinges on) Mac really takes off you will have a major problem.

BTW, only George and maybe kboggs have made legitimate fact-based arguments. Anecdotal stuff like using a Mac since '86 and not having a problem doesn't really matter. I have been using PCs for that long and I don't run anti-virus either, and I don't have problems. Yet, I wouldn't recommend that for my parents.

I'm still on the record that pre-OS X was insecure. When you don't even have protected memory it is so insanely easy to do whatever you want if you can compromise almost anything on the computer. You could still write a really secure (or even the most secure) web server that would run on it, but the consequences of a security failure in the web server program would be much worse.

Last but not least, picking out one website (army.mil) to show security doesn't really mean anything. The Navy and Airforce run Linux with Apache, and the Marines use Windows 2003 and IIS. I'm sure they all get a lot of hack attempts. Interestingly enough, when I was briefly looking at a number of bank websites, they all ran Solaris.

Re: Organized Crime Targeting Apple Computers for the First Time

cwiley — Thu, 31 Jan 2008 15:51:15 -0000

Currently, most Mac security boils down to this:

1) Your Mac admin password wields power. If any installer asks for this password, know why, or don't type the password.
2) Even *without* an admin password, a malicious application can do damage to files in your Home Directory. (Your home space on the computer) The reason for this is common sense--
You have, in your own space on the computer, the power to create, edit, or delete files.
3) Because of #2, always know why you are running any application, and only download applications from trusted sources. Note that Mac OS X Leopard will actually warn you if an application and has been downloaded from the internet and you are about to run it for the first time.
4) Just like in the Windows world, keep up with the security updates.
5) If anyone accuses you of being a smug mac user, deny it. Why? Because you're not a smug Mac user, you're a sensible one.

Re: Organized Crime Targeting Apple Computers for the First Time

DaveK — Thu, 31 Jan 2008 15:47:58 -0000

Paul wrote:

"Brian, About the firewall check this review of Leopard’s firwall (http://www.heise-security.c.... ‘The Mac OS X Leopard firewall failed every test...’"

At the bottom of that article:

"Update:
Apple has issued security patches to address the issues raised in this article.

All new software releases have problems. Staying up to date (with any OS) helps a lot.

There's no way to win this argument right now, on any side. The "Security through Obscurity" thing is a theory, no matter how many claim it is fact, and will only be proved if Mac continues to gain market share AND at some magical market share point, suddenly has a boatload of successful attacks. So far, the market share is gaining, but there have been no significant increase in successful attacks, so one could conclude that it's either more secure, or it hasn't reached that magical market share point. Time will tell. All we know is for sure is that Windows has had a rough time of it in the past, with tens of thousands of pieces of malware. OS X so far does not have that history. As with stock market disclaimers, the performance of the past does not guarantee future performance, but I'll keep using my Mac, which I've been very happy with, for many reasons beyond security.

Re: Organized Crime Targeting Apple Computers for the First Time

Bob Caswell — Thu, 31 Jan 2008 15:24:42 -0000

Geez, George, take it easy. We get it: you're the IT professional who knows what's really going on. And you're apparently sick of reading about Mac security issues that you haven't seen or heard of.

The "unknown security expert" in question (Sophos), by the way, has over 100 million users. What they say may or may not be completely accurate, but that likely has little to do with their popularity. But I thought I'd throw out a popularity number to appease those for whom it matters.

And, George, did you look at the report? It's quite possible that it's not just made up to annoy you (though that's still a possibility, I suppose), despite your convincing argument that suggests otherwise (what was it again? oh yeah, something along the lines of you're tired of reading about it, so it's not true).

And all your the-MAC-is-more-secure scenarios that you mention are beside the point. If you read what this report is about, it's precisely about those instances where users (Mac or PC) are tricked (phishing, etc.). And this is type of activity is on the rise for Macs (i.e., users of Mac computers are targeted). So Macs could still be safer when left on and not touched for all I know, but again, that misses the point of the article.

Re: Organized Crime Targeting Apple Computers for the First Time

George Said it! — Thu, 31 Jan 2008 15:20:20 -0000

George said it best:

"I say, show me something.
For some reason unknown to me, no one can ever show me a situation where a user opens a e-mail and their Mac turns into a robot sending out hundreds of e-mails every night at 3 am.
Show me where a user has their password directory or database compromised by some outside hacker without their help.
Somebody show me something where a Mac gets hacked while the owner is sleeping and no one is using it to “click on something” or authenticate a process.
Until then, please stop all this “largely unknown security expert” wishful thinking income enhancing nonsense."

Yeah, yeah, someday the Mac will be hacked.
C'mon! Do it! Doesn't anyone want to be the first to be famous for this?
C'mon! It happens with regularity in the Windows world!
C'mon! Hack the Mac! Be famous!

Oh, and that marketshare crap:

More Internet servers run on open-source (eg. Apapche) instead of IIS (Microsoft).
Guess which one gets hacked more?
I knew you'd know the answer!

Re: Organized Crime Targeting Apple Computers for the First Time

Bob Caswell — Thu, 31 Jan 2008 15:07:53 -0000

"My guess is that the fanboy tag will finally pay off when the going gets tough."

Lol, one can only hope it will eventually be good for something...

Re: Organized Crime Targeting Apple Computers for the First Time

George — Thu, 31 Jan 2008 15:01:42 -0000

My point wasn't Mac centric, it was more proof centric.

To my knowledge, there have been exactly zero Mac's compromised without the help of the user to click on something or to authenticate a process.

I know there have been some attempts, highly publicized dog and pony shows to hack a Mac OS X based server, but I think we're still waiting or someone to actually take control of one.

If there was a MS or anyone else's OS that had that sort of security success, I would be for that, as well.

I just get annoyed that every know-nothing blogger falls for and subsequently publishes every "almost known security expert's" Chicken Little statements of an impending security doomsday scenerio that's about to fall on the heads of every Mac admin.

Just stop with the BS "proof of concept video's" from these so completely unknown security firms showing that if a certain user were to inadvertainly log onto some spoofed portal than perhaps they could get lured into downloading an app that might, just might, with the proper authentication and only after running the app, might actually do something bad someday in the future to someone, maybe...well it could happen, maybe

Re: Organized Crime Targeting Apple Computers for the First Time

mack520 — Thu, 31 Jan 2008 13:44:40 -0000

"Mack520 you might try actually making a point to illustrate my error." Why? Why would I try to make a point to you?How would I even go about doing so- since reason, logic, deduction, and every other thought process I am familiar with clearly are
inappropriate. How about try typing fsck -f

Re: Organized Crime Targeting Apple Computers for the First Time

cwiley — Thu, 31 Jan 2008 13:22:18 -0000

Actually, the Mac OS X previous to OS X was pretty secure. (A few worms existed) The US Army used the Webstar web server that ran on the classic Mac OS for some time. The reason for the security? Part of it was that the pre-OS X Mac OS was a from-scratch GUI and had no command line. True, it didn't have preemptive multi-tasking, (or robust memory protection) but the original Mac OS was designed as a single-user OS. That's unlike UNIX, invented when computers were so expensive that everyone had to share the computer and keep their stuff safe and secure from everyone else's stuff.

Re: Organized Crime Targeting Apple Computers for the First Time

daisyraven — Thu, 31 Jan 2008 13:15:53 -0000

Is the Mac more secure? Probably. Why? God only knows. Will it be more vulnerable to malware attacks because it is becoming more popular? Remains to be seen. The one thing that you can be sure of is that any attacks on the Mac platform will be immediately quashed. Why? Because Mac users pay attention. A Mac attack vulnerability will be disseminated throughout the community, and dealt with rapidly. My guess is that the fanboy tag will finally pay off when the going gets tough.

Re: Organized Crime Targeting Apple Computers for the First Time

kboggs — Thu, 31 Jan 2008 13:14:40 -0000

As a Mac user I suspect that there is probably some truth to the security by obscurity idea. However, there is one incredibly conspicuous Mac that, to my knowledge, has never been hacked. The U.S. Army's web site at http://www.army.mil is hosted on a Mac web server. It would seem to me that this particular site would be a frequent target for foreign and domestic hackers trying to earn some cybercred. See:http://www.apple.com/itpro/...

The army is apparently pretty happy with the performance of their Macs as they have been hosting on the Macintosh platform since 1999.

Beside that I've never really understood the down side of security by obscurity. I mean if you are more secure, you're more secure right? Who cares why? It's as if you built two houses, one in the country, one in the inner city, the one in the country would probably be more secure for the same reason. I fail to see how that is detrimental to the country house.

Re: Organized Crime Targeting Apple Computers for the First Time

Empty Tank — Thu, 31 Jan 2008 12:47:35 -0000

If pre Mac OS X security was crap, then the argument that OS X is secure by obscurity is totally moronic. The fact is I've used macs since 1986. I never used a antivirus program, a d I've never had a problem. Wish all you want mac haters, the Mac is the most secure computer money can buy.