+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
Mac Thread, few dumb questions before i order in Technical; There are Antivirus applcations for Mac, but only to get rid of PC viruses from PC files, as there aren't ...
  1. #16

    Join Date
    Jul 2005
    Location
    Derby
    Posts
    118
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    26

    Re: few dumb questions before i order

    There are Antivirus applcations for Mac, but only to get rid of PC viruses from PC files, as there aren't any viruses for Mac OS X. Its part of the secure system design. You can't get 'em. period. Oh and spyware, none of that either.

    Windows Vista will have a similar system design, but Apple got there first (about 5 years ago!).

    You still get Spam though.

    -Kev

  2. #17
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,483
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114

    Re: few dumb questions before i order

    Quote Originally Posted by kevinmcaleer
    There are Antivirus applcations for Mac, but only to get rid of PC viruses from PC files, as there aren't any viruses for Mac OS X. Its part of the secure system design. You can't get 'em. period. Oh and spyware, none of that either.

    Windows Vista will have a similar system design, but Apple got there first (about 5 years ago!).

    You still get Spam though.

    -Kev
    None - yet. I don't think that its all secure system design, more a by product of the system os x has been built on (bsd). There are more than enough regular security updates to indicate that it is possible, but apple has low market share making it less of a target too. Apple didn't get there first imo, they just borrowed it from someone else :P

  3. #18

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,992
    Thank Post
    1,359
    Thanked 1,827 Times in 1,134 Posts
    Blog Entries
    19
    Rep Power
    602

    Re: few dumb questions before i order

    Actually, the theory of viruses for OSX is an extremely valid one. I could script one now based around automator for a machine running an unpatched version of Tiger ... it is even possible, with a certain amount of targetting, to do it with a patched machine.

    Norton still checks for viruses that will affect Classic, but these are few and far between too.

    I think the best description of targetting on Apple hardware is the targetting of the Boot PROM of a machine. This has only had limited success and there are many countermeasures to make this difficult ... but not impossible.

  4. #19

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: few dumb questions before i order

    Without most processes running under authority- i.e. as administrator (in Windows speak) it would be *very* difficult to run something that malicious inside OS X that would damage the entire system. It can be done (of course), but I doubt an automator script not running with heightened priveleges could do it...

    Paul

  5. #20

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,992
    Thank Post
    1,359
    Thanked 1,827 Times in 1,134 Posts
    Blog Entries
    19
    Rep Power
    602

    Re: few dumb questions before i order

    Considering that most general users will use the initial account that is created when they get a Mac out of the box then this has full access rights.

    It is easy to create an automator script that will open as soon as it is downloaded (in fact this was the default until Apple patched it for a number of things).

    The best variation of this I saw was actually one of the mac Genius guys at the birmingham store. He created an automator script that added automator to start hidden at login and the request user authentication again as soon as any app was run. It then ran a terminal session with sudo rights and changed ownership of all user areas apart from the logged in user before deleting them.

    It took him 3 minutes. He then ran it again on a patched machine and it failed to do the initial load and this was regarded as now being perfectly secure. The fact that with all it would take would be a bit more tailoring to the stupidity factor of the human race and it would still be usable.

    He then went on to demonstrate that the automator script could be turned into a widget and left running in the background and set to auto email everyone in your address book when your hard drive went to sleep. You know have a worm.

  6. #21

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: few dumb questions before i order

    Oh yes. I know about the "exploit" that wasn't- one guy had it online and testable before a lot of people got their heads around what it was and more followed:

    http://www1.cs.columbia.edu/~aaron/files/widgets/

    Apple's response was to release security updates within the 10.4.1 stream that stopped the issue by prompting the user for permission/acknowledgment that they wanted to download and install said widget. Quote:

    " *

    CVE-ID: CAN-2005-1474

    Available for: Mac OS X v10.4, Mac OS X Server v10.4

    Impact: Malicious websites can download and install widgets via Safari without the Safe Download Validation warning

    Description: This update blocks the automatic installation of Dashboard widgets. Mac OS X's Safe Download Validation warning is enabled, requiring user approval before a Dashboard widget is installed by Safari. This issue does not affect Mac OS X versions prior to 10.4. Further information on removing Dashboard widgets that you have installed is available here."

    What the guy did at the Genius bar in Birmingham (they're good over there aren't they?) is log in with the priveleges needed to do what he did and because he had all of that access he did what he did and scared people. He had to know what he was doing, and he had to know his system and its security. You are right though- out of the box you have "admin" rights, but you *don't* have root access to the OS. That's off out of the box by default.Admin rights on OS X aren't the same as the Windows alternative (as you'l know).

    In any case Apple responded very quickly to the *possibility* of this kind of thing happening, and patched it in the sense of blocking *automatic* installation of widgets.

    Not a big deal, because it didn't affect any systems that I know of.

    Not knocking what you are saying by the way, just have a different perspective on it. Och- I'm a zealot already!

    Paul

  7. #22

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,992
    Thank Post
    1,359
    Thanked 1,827 Times in 1,134 Posts
    Blog Entries
    19
    Rep Power
    602

    Re: few dumb questions before i order

    The quick response from Apple to close the issue is a good thing ... but we shouldn't forget that a number of windows vunerabilities rely on the user being stupid enough to do something that gives extra access to the script. In the case of the demonstration it was a script that asked for your login details again ... which was then used to gain root access.

    This is going slightly off the track though ... and Norton et al do not cover things like this anyway ... it was just to give an example that mac users should not be complacent ... the viruses will come in one form or another.

  8. #23

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: few dumb questions before i order

    All valid points Tony.

    Thanks.

    Paul

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 4
    Last Post: 10th December 2007, 12:37 PM
  2. Thinstation boot order
    By DarrelT in forum Thin Client and Virtual Machines
    Replies: 2
    Last Post: 7th December 2007, 06:10 PM
  3. this might look dumb but what is bett
    By callumtuckey in forum BETT 2014
    Replies: 26
    Last Post: 12th June 2007, 08:57 PM
  4. Replies: 3
    Last Post: 27th July 2006, 01:36 PM
  5. Replies: 4
    Last Post: 13th July 2006, 09:19 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •