Mac users be on your guard.

jaydeeuk1

Marty_J wrote: »

....If I wanted to steal credit card details, I would choose a Mac user's over a Windows user's any day. Mac users, on average, have more money....

I'd agree with that. Not because they apparently have more money, but because they're all smug c*nts who need taking down a peg or two.

Marty_J

Lum wrote: »

4% of 9.81% is a very tiny number though. Again my point as to why Macs aren't worth targetting yet.

But most Mac users don't use any anti-virus. If hardly anyone in the Windows world used anti-virus, then we'd be seeing much higher infection rates than 4%. Even infecting a tenth of all Mac users would be more than worthwhile.

I'm not disputing that Windows has more malware written for it, but that simple fact doesn't tell the whole story, and nor does it explain the huge disparity between the two. Depending on who you believe, Macs have almost 10% of the world wide computer market. That percentage is even higher if we're talking about just home users. Yet Macs don't have 10% the amount of malware that Windows has, or 1%, or even 0.1%.

The argument that there is hardly any malware for the Mac because Windows has a larger market share doesn't stack up. It explains why there is more for Windows, but it doesn't explain why there is vastly more to a staggering degree.

Strider590 wrote: »

Window's is attacked for more simply because of it's global dominance in the OS market, when these script kiddies want to show off their "1337" hacking skills they pick on Windows because it will affect far more people..... Else it'd be like flying a plane into a disused WW2 bunker in the middle of a sheep field.

Whilst I'm not so sure I agree with your analogy - Macs are used by millions of people, and Apple are currently among the UK's top 5 computer manufacturers in terms of sales, so that's a pretty busy disused bunker - I'm not disputing that there are more malware attacks on Windows, nor am I disputing that there are more because Windows is more prevalent.

jaydeeuk1 wrote: »

I'd agree with that. Not because they apparently have more money, but because they're all smug c*nts who need taking down a peg or two.

Thanks for your positive contribution. It's not at all unreasonable, so "yay" for you.

Cloudane

The Mac OS is not written in such a way that it can be affected by a "virus" in the strict definition: something that self-propagates. Same goes for Linux. They're written from the ground up to require user consent before modifications to the system can be made. That's why it asks for your password whenever you install new software that affects the system.

But the article is correct in that Mac users should still engage their brains before clicking on things because they can still be infected with trojans. That is, a program which says "Install me to view !!!!!!" but does other nasty things instead. This would go for any Operating System. Also, anything malicious (E.g. a spam bot) that runs from your userspace would be possible. The difference is that it can't take the system itself down.

Macs have never really been targeted even with trojans, but if it starts, then yes we ought to start using virus scanners. For now, I'd say save the resources and use common sense especially around the more shady areas of the internet.

Lum

That is a very good point. The number of actual Viruses around is pretty low these days since we don't see anything like the old days where people would pass floppy discs around.

Worms are where it is at for judging the security of modern OSes, this is where an actual vulnerability is exploited that allows the thing in on it's own, at which point it can wreak havoc on it's own and spread to other connected systems. There have been a few of these for Windows and they're always in the news when they happen.

To actually write a decent worm takes a lot of effort and skill, unless you download one of those script kiddie toolkits that tend to turn up long after the vulnerability has been fixed. Even using one of these kits can still be a worthwhile endevour though as there are many many Windows machines out there on the internet that have never seen an update, and older versions of Windows tend to be exploitable via the exact same method. There are far far too many people still running Windows 98 on the internet because their local 14yr old computer geek told then back in 2002 that XP was LOL slow and bloated.

Antiviruses are less relevent in the area of worms because if it's a new worm it isn't going to know about it and if it's been written by anyone half-way competent one of the first things it'll do is disable your antivirus.

Again, the level of skill needed to write these is high and familiarity with the inner workings of the OS is needed in order to find a "0 day" exploit. Switching to a completely new OS with a much smaller market share doesn't seem worthwhile at all.

As for trojans, the proliferation of these on Windows tells you nothing other than a lot of Windows users are idiots. If they switch to a Mac they'll still be idiots. If enough of them switch people will start writing trojans for Macs

Jaffa.

jaydeeuk1 wrote: »

I'd agree with that. Not because they apparently have more money, but because they're all c*nts who need taking down a peg or two.

Well done, you've just made yourself look like an idiot

patman99

In my post I wasn't claiming Linux was so secure that no AV was needed. I use ClamAV, and Linux (of which the GNU BSD is a fully compatible fork) has a top class firewall built-in.
Mac OSX uses CUPS for its printer sub-system, and is capable of running certain Linux programs.

Every O/S has it's strengths and weaknesses
For instance, Windows runs in 'Admin' mode all the time, and script kiddies know that 96% of Vista & '7' users turn-off the 'User Alert' system as it becomes annoying (a weakness).
Mac and Linux users have a password box pop-up, which they can't turn-of (strength).

Windows (XP-on) has a built-in (basic) firewall, as does Linux (S).
Mac users have 'Apple Security Suite' installed (this includes F/w & AV) (S).
Linux also has a free AV program installed by default (s).

Windows has a large user base with lots of programs and utilities, but most of the end-users are like sheep, they blindly click on 'ok' without even looking at the contents of the dialogue box (something I am occassionally guilty of), it is this vunerability that virus & malware creators exploit with such consumate ease.

To secure Windows against both click-happy users & script-kiddies, all MS has to do is adopt a non-cancellable 'User Alert' box, and to link to (or even create) a database of known malware/virus signatures, thus changing the alert box should someone try to install a dodgy file.

If MS made Windows security tight-enough, then the script-kiddies would be out of a job.

Currently, I am using XP as I am in the middle of setting-up Linux to share my FF & Tb folders with XP.

Jaffa.

patman99 wrote: »

To secure Windows against both click-happy users & script-kiddies, all MS has to do is adopt a non-cancellable 'User Alert' box, and to link to (or even create) a database of known malware/virus signatures, thus changing the alert box should someone try to install a dodgy file.

If MS made Windows security tight-enough, then the script-kiddies would be out of a job.

And if Microsoft made Windows with a database of known malware/virus signatures then they would also be putting security software businesses out of a business.

I think the whole installer thing with windows is the problem. Like you say Malware has it's advantages with the installers, windows has the UAC thing to contend with, not everyone uses the .msi installer so programs don't always uninstall properly...

It would be a step in the right direction if they just got rid of the installer thing, Apple has the right idea.

Marty_J

patman99 wrote: »

Mac OSX uses CUPS for its printer sub-system

That's because CUPS is owned by Apple.

[Deleted User]

patman99 wrote: »

For instance, Windows runs in 'Admin' mode all the time

A poorly configured home installation of Windows will run with administrative privileges as default, Vista and 7 OOB enforce lower user tokens by design.

script kiddies know that 96% of Vista & '7' users turn-off the 'User Alert' system as it becomes annoying (a weakness).

Just out of curiosity, is that an actual verifiable statistic?

To secure Windows against both click-happy users & script-kiddies, all MS has to do is adopt a non-cancellable 'User Alert' box, and to link to (or even create) a database of known malware/virus signatures, thus changing the alert box should someone try to install a dodgy file.

How would you prevent the escalation of something if you can't cancel the dialogue? Would you not be stuck in limbo?

If MS made Windows security tight-enough, then the script-kiddies would be
out of a job.

Don't discredit those who've made malware for Windows, for they aren't just 'script kiddies', they've taken a lot of time to actually understand the underlying infrastructure of the Windows platform to exploit it. Not that I agree with their motivations, but there's a certain begrudging respect for anyone who can dissect something and remain one step ahead (if only for a short time)/.

Lum

patman99 wrote: »

In my post I wasn't claiming Linux was so secure that no AV was needed. I use ClamAV, and Linux (of which the GNU BSD is a fully compatible fork) has a top class firewall built-in.

Actually BSD has been around since 1977. Linux didn't start until 1991. They're both implementations of Unix though.

Every O/S has it's strengths and weaknesses
For instance, Windows runs in 'Admin' mode all the time, and script kiddies know that 96% of Vista & '7' users turn-off the 'User Alert' system as it becomes annoying (a weakness).
Mac and Linux users have a password box pop-up, which they can't turn-of (strength).

True for Mac. Linux varies wildly depending on which distro you are using. I don't think either stop you from setting your password to "1" to make it really easy to get past the prompts.

Windows (XP-on) has a built-in (basic) firewall, as does Linux (S).
Mac users have 'Apple Security Suite' installed (this includes F/w & AV) (S).
Linux also has a free AV program installed by default (s).

Windows one is on by default, Linuxes again varies by distro but most don't enable it. No idea what the default Mac setup is. Again most distros don't install ClamAV unless you ask them to. Also ClamAV does not have a realtime scan function

Windows has a large user base with lots of programs and utilities, but most of the end-users are like sheep, they blindly click on 'ok' without even looking at the contents of the dialogue box (something I am occassionally guilty of), it is this vunerability that virus & malware creators exploit with such consumate ease.

Absolutely correct and these people would behave exactly the same if you stuck a linux or mac box in front of them.

To secure Windows against both click-happy users & script-kiddies, all MS has to do is adopt a non-cancellable 'User Alert' box, and to link to (or even create) a database of known malware/virus signatures, thus changing the alert box should someone try to install a dodgy file.

So basically the UAC prompt and Windows Defender then?

If MS made Windows security tight-enough, then the script-kiddies would be out of a job.

Nah, there's always ways to exploit human stupidity and gullibleness.