A friend who recently switched to a Mac asked me what kind of virus software to get, since Macs are being attacked and hacked so easily these days. Talk about misinformation. Yes, a Mac was attacked and compromised in a matter of minutes. It’s not the end of the world.

Despite the media headlines, most Mac users don’t have any more security issues to worry about today than they did before the MacBook Air was attacked and compromised.

The PWN2OWN contest recently held in Canada gave hackers a chance to win $10,000 if they could hack a notebook. In this case, a MacBook Air, a Sony Vaio running Windows Vista notebook, and a Linux flavored notebook by Fujitsu.

The MacBook Air was the first to bite the dust and was hacked on the second day of the contest. You’re a Mac owner, right? Should you be worried? Not so fast. Hacker Charlie Miller compromised the MacBook Air by directing the user to visit a web site which contained code he used to exploit a vulnerability, probably in Safari, and take control of the Mac.

The rules were simple. Hackers could only use software already installed on the notebooks. The objective was to break into the notebook and read a specific file. The first day of the contest was more difficult. Hackers were allowed to attack the notebooks only over a network. None succeeded.

The second day was easier as the hackers were allowed to have the notebooks visit a web site or open an email message. Charlie Miller was first in line. He directed the MacBook Air to visit a site with his exploit code. It worked. He took control of the Mac in two minutes and won the prize (money and the MBA).

Does this mean that the average Mac user has a major security problem to worry about? No. Miller knew of a specific vulnerability and had an exploit waiting to take advantage of it when he directed the Mac to visit his site.

All mainstream operating systems, Mac OS X, Windows, Linux, have vulnerabilities which may, under certain circumstances, be exploited in various ways, even across a remote network. Some vulnerabilities are nearly impossible to exploit, others are easier, but usually only under the right circumstances.

Finding a vulnerability in an operating system is difficult enough. Creating an exploit to take advantage of the vulnerability is yet another challenge. Getting the exploit in “the wild” to affect the Mac masses is yet a third challenge.

So far, there are few, if any, exploits in the wild attacking Macs.

It’s important to note that the MacBook Air that was successfully compromised was stock, out of the box. No applications or utilities were added. The OS X firewall was not turned on. While Miller was able to control the Mac remotely, he did not gain root access, though he could have changed, damaged, or deleted valuable user files.

The problem with this hacking contest is the resulting headlines, which are often misleading, since many users, Mac or Windows, won’t read or fully appreciate the details. What users remember is that the Mac was hacked and not much more.

If you visit Charlie Miller’s exploit laden web site with a stock Mac running OS X Leopard and the latest version of Safari, and your Mac’s firewall is off, and Charlie is waiting for you to visit his site, he could compromise your Mac.

Otherwise, Mac user worries are few. There are some vulnerabilities in a Mac running OS X, just as there are vulnerabilities in Windows and Linux. Few of the known vulnerabilities result in exploits, and far fewer result in a public danger to Macs, Windows PCs, or Linux PCs. For now.

That said, my Mac runs OpenDoor’s popular DoorStop firewall, and Little Snitch (kind of a reverse firewall which traps and tracks outgoing connections from your Mac).

I’m not terribly worried about the Mac’s vulnerabilities or potential exploits. But, better safe than sorry. What about you? What do you do to protect your Mac from outside intrusion?

I really don’t worry to much Ron, what is that saying?? I have think, I just woke up...... can’t quite remember it but I think it goes something like this, nothing is fool proof and if you think there will never be a Mac virus or you will never get hacked because you run on a Mac then you might as well advertise your I.P. address online and maybe even buy some commercial air time and run a t.v. ad!

As Far as I am concerned there is always going to be someone out there who is better and smarter than even the Mac OS X designers them selves. Hey it’s most likely a good thing he cracked that Mac, now Apple can go look at the holes he got through. Ron I never hear you say anything about Intego! I have virus barrier x5 and net-barrier x5 and I swear by them. I have read up on door stop and If I where to switch then Doorstop would be my next firewall program. What do you think about Intego?

There is also that old saying that if your computer is on and plugged into the internet, no matter how much crap in software you have to protect it, then there is always gonna be that chance that it’s gonna get attacked.

Is this a April fools days joke Ron? Oh god I can only imagine what those and I am going to say it ass wipes over there at Microsoft are going to be saying. So what we got hacked. It almost sounds like a setup to me Ron. Like you said this guy already had malicious code awaiting the Mac Book air. Now I am not a fan of the Mac Book air just because it’s not my kind of portable and I was kind of hard on it in forums when it first came out. Now I want to stick up for it.

Going to end this soon, like I said Apple can learn from this but it is an embarrassment to even me. I go around bragging left and right to my friends that my Mac will run circles around those pieces of junk your running and I get no viruses ( they get so mad!!). I would have to say 90% of my friends that use p.c’s all have sick infected computers and I know what it’s from, their peer sharing programs. Is all that free music worth it after all? (off subject sorry)

I am not worried, Someone quote me what they think of Intego. I Have been using it for about 15 months and no problems here. It’s kind of like time machine just turn it on set a level and if you know how to set some even more advanced stuff to make the firewall more secure then you can do that and I do.

Ron McElfresh - 01 April 2008 02:42 AM

That said, my Mac runs OpenDoor’s popular DoorStop firewall, and Little Snitch (kind of a reverse firewall which traps and tracks outgoing connections from your Mac).

I’m not terribly worried about the Mac’s vulnerabilities or potential exploits. But, better safe than sorry. What about you? What do you do to protect your Mac from outside intrusion?

I’ve never had a virus or worm or Trojan or any kind of ‘intrusion’ on my Macs. But I agree. Better safe than sorry. I have a firewall running on my Macs and I started using Little Snitch. What is impressive is the amount of communication going on with a Mac these days. If it isn’t someone trying to hack into a Mac, it’s some application or utility trying to talk from your Mac to someone else.

The amount of misinformation regarding security and viruses is alarming.

Every system is vulnerable.  One of the reasons the Mac was hacked first is that Charlie Miller was also the first to hack the iPhone.  He is obviously very familiar with Safari and had already found the vulnerability and was just waiting for day 2.  The other thing to note is that the mac was probably hacked first because nobody wanted the Vista or Ubuntu machines.

Haven’t even considered software protection.  It’s been my experience that as soon as you install some form of virus or firewall, there’s a new virus or countermeasure to get through your firewall or defeat your virus program.  You end up spending your time in a paranoid quest for the newest and latest definitions.  In fact, the probability of getting hacked is about the same as getting in a major car wreck on your way to work.  Been doing it for 10+ years now, no worries.  Even back on my PC, I’ve only been infected once, and that was after I did something I knew I was going to regret.  (Peer to peer music sharing - There you go PRO!)

If someone is sincerely motivated to hack your stuff, they will succeed.  All you can do is make it as difficult as you can for them and prolong the inevitable.  I have a hard time seeing how anyone could muster that much motivation.

This “contest” was a sham. it seemed like a new security company looking for clients.
The guy who “cracked” Safari clearly had his “solution” worked out in advance.

I saw a Mac virus.
ONCE.
In 1991.
A friend’s kid brought it home from school on a floppy disk. I killed it in about a 1/2 hour with, I believe, Symantec’ s Mac anti-virus software of the time: SAM?
That’s it. I’ve NEVER seen another.

At this point I don’t really worry too much about it. My Airport Extreme has a firewall. I use WPA2 password protection on it, too.
If a time comes when I actually need that kind of security software, I’m sure I’ll buy it and use it.

I WILL NOT buy anti-virus software to protect Windows users from other Windows users. If they’re THAT DUMB, they’re on their own!

I tried Little Snitch briefly and must say it was THE most intrusive and irritating piece of software I’ve EVER seen or used!
Needless to say, AppZapper did a fine job dealing with it.

jeffharris - 01 April 2008 10:23 PM

This “contest” was a sham. it seemed like a new security company looking for clients.
The guy who “cracked” Safari clearly had his “solution” worked out in advance.

I saw a Mac virus.
ONCE.
In 1991.
A friend’s kid brought it home from school on a floppy disk. I killed it in about a 1/2 hour with, I believe, Symantec’ s Mac anti-virus software of the time: SAM?
That’s it. I’ve NEVER seen another.

At this point I don’t really worry too much about it. My Airport Extreme has a firewall. I use WPA2 password protection on it, too.
If a time comes when I actually need that kind of security software, I’m sure I’ll buy it and use it.

I WILL NOT buy anti-virus software to protect Windows users from other Windows users. If they’re THAT DUMB, they’re on their own!

I tried Little Snitch briefly and must say it was THE most intrusive and irritating piece of software I’ve EVER seen or used!
Needless to say, AppZapper did a fine job dealing with it.

With Intego’s virus barrier x5 (most recent version) it now gives me the option to scan for windows viruses or not. I leave that box unchecked and I am more than willing to let my Mac be viruses and worm hole host to pass it on to Microsoft users. No I don’t worry about a virus for the Mac but you never know Macs are getting more popular than ever and I figure you might as well be ready. I do know there are hackers out there so I use Integos net barrier x5 and have been using intego for about 15 months now. I was just checking out little snitch and I am glad to see what you wrote about it. I was thinking the same thing, this program is going to bug the hell out me. I might still try little snitch just to see though, hummm I wonder if it tells you when it reports back to it’s home.

I have been an I.T. Manager for just under 10 years, my first experience of actually using a Mac came 3 years ago when a new designer in our company insisted on an Apple Computer, I had to play with what I considered an overpriced over rated system to install it on our network.

Needless too say within 1 month I was an avid Apple supporter!

Our network is now roughly 50% Mac, I can honestly say that whilst I make sure all of the computers on our network are as secure as possible, I spend my life fixing the Windows boxes, not once have I had an Apple with a virus or found any kind of Malware on it.

In real life out of a competition setting OS X is the better choice.

The problem is not Mac OS X. Rather, the problem lies with such things as Java, where Apple has no control.

Unfortunately though Apple gets blamed for 3rd party vulnerabilities as well.  I think part of that is the way Apple touts its security so any chink in the armor (Apple or 3rd party) gets tremendous press.  Fact is even this vulnerability could have been avoided if the user used common sense and didn’t fall for the lure.

Let me run a scenario by the collective genius that read these forums:
My brother works as the network manager for a large school district somewhere in the Intermountain West.  I’ve heard many stories of how both students and teachers try to hack their way around the district network in the never ending quest for games, music and porn.  This district has a zero tolerance policy when it comes to proper computer usage.  Never-the-less students and faculty continue their attempts to bypass the substantial amount content filtering, monitoring and tracking systems installed by the district.  Instead of getting hacked from the outside by people trying to get in, the network is being hacked from the inside by people trying to get out.  I know that the district uses every type of computer and OS imaginable.  Predominantly it’s Windows, but Apple has a strong 2nd place user cloud.

In your opinion, is OS X more or less equipped to handle this scenario than Windows or Linux?  I would suspect that it is, but I don’t have any hard experience to confirm that.  If it is superior, is it because the development tools are not known / not widely available / not as diversified as those for Windows?  A kid / teacher can, with concerted effort, write a application to sniff out / break or spoof an open port to get around the content filters.  But I would think it would be much easier to do on a Windows system than on a Mac or Linux.

An operating system should be secure against enemies both foreign and domestic.  Is OS X qualified for this?

An operating system should be secure against enemies both foreign and domestic.  Is OS X qualified for this?

A generally held axiom of computer security is that no system can be secure against someone with physical access to the machine. Given time, anything you try to do can (and will) be bypassed. For example, trying any tinkering with the OS can be bypassed with a bootable USB key. The only thing you can hope to do is have good filtering machines - in a physically secure location. And then, you’ve got to make certain that the filters can’t be bypassed - for example by using a proxy server. Or by tunneling ssh over http. Or by using the Internet Archive to look up prior versions of the banned sites. The main axiom of all this is: define good and reject everything else. Don’t try to make a list of ‘bad sites’ and ban them; make a list of allowable sites, and deny all the others. The same with applications and ports. Define what can run, and refuse connections from everything else (or if you’re feeling mean tarpit them).

I am not worried! So what the OS X Leopard got hacked. I still think it was unfair, the hacker from what I read already had his plan set out and I agree with “HARD CORE” that the user should have known better. I don’t think that hacker guy should get that check for ten grand but that is just my opinion! Us Mac users will always be more secure by FAR than Microsoft Windows users. I am sure if system firewall where to have been allowed then this would have never happened.

When is every computer user (including Macs, PCs & Linux) should be using OpenDNS. Use their service (your browsing WILL speed up) and create a free account with them. With this free account you can block phishing sites as well as many other web sites. You can even block specific web sites without installing anything on your computer. Plus you can monitor what your kids are surfing through the DNS logs you can turn on with your account.

I can’t say enough about OpenDNS