Apple's arrogance and their security theater puts their customers in danger because it creates a false sense of security. It's just a matter of time before hacktivists make an all assault on Mac OS and iOS just to make Apple consumers more conscious about security.
I've never understood why this hasn't happened. It seems like being the first to create a widespread Mac (or Linux, etc.) virus would be much more appealing to write than just yet another Windows virus. Everyone and their brother have already done that.
There are plenty of *nix viruses around, except they are usually known as worms.
The first author[1] of a successful worm[2] did become quite famous from it, later did a startup[3] and even later went on to be one of the co-founders of this thing called YCombinator[4].
FWIW, the Morris worm was a Unix worm from the 80's. It's not quite on par with the malware you'd see roaming around on Linux machines today, if such malware does exist and is, in fact, roaming around.
The existence of the Morris worm doesn't really say much about the resilience of today's Linux to worms or viruses.
Yes, malware can be a lot more sophisticated now than it was in 1988. In many cases it doesn't need to be though. For example, there was a comparatively recent case of a botnet infecting Linux-based routers which lacked front end authentication[2](!!).
Exploitable software runs on many platforms.
The existence of the Michelangelo virus[1] doesn't really say much about the resilience of today's Windows to worms or viruses.
There are OS X viruses out there. Linux would be harder because of an increased fragmentation and systems being more up-to-date generally (especially since linux is commonly used on servers, and thus held up to a different standard of security in first place)
On windows or mac, getting a virus to run is generally just a matter of packaging it with some downloadable software. In linux, pretty much everything is available through package managers. You can't just throw a virus into a torrent for photoshop or whatever.
They certainly exist, but nobody has successfully created one that has spread to the levels seen on Windows system. That's really what I'm referring to: Something that would cause panic in the media, so to speak. Code that attacks a small handful of systems isn't particularly interesting to anyone, no matter what platform it targets, Windows included.
I respectfully disagree. Fully functioning and frequently self-replicating malware does now exist in the wild for the Mac platform.
I've seen drive-by website infections, malicious software installs using social attacks, and malicious attachments infecting Office. When Flashback alone infecting the better part of one million Macs, it is now newsworthy.
That's not really what "security theater" means. Security theater refers to highly visible actions that make it seem like enhanced security, but ultimately have no effect. Think: the ticking agent asking you if you are bringing bombs onto the plane in your luggage.
The Apple review process, draconian as it may be, almost certainly has a real, strong effect in actually preventing malware.
Security theatre is also putting all your faith in some security authority who claim that it must be safe because they are the security authority - but you aren't allowed to look under the hood.
It's exactly like the TSA having magic terrorist detectors - but you can't be told how they work because of security
"Think: the ticking agent asking you if you are bringing bombs onto the plane in your luggage."
Actually average people would probably know enough to think "someone could just lie when asked - that doesn't provide protection".
To me "security theater" is doing things that seem to appear to lock something down in the eyes of an average uninformed person. Average is not Bruce Schneier or an 8 year old. It's a typical traveler who believes they are secure because they see checkpoints, have to take their shoes off, and have to have their laptop scanned.
What if there is a hack/mistake/bug in the appstore ?
The de Cartes-style demon argument is generally a weak fallback. The end game of this argument is that you can't trust anything because you can't fully trust anything.
The reality of the situation is that the app store is most definitely more secure than Windows's distribution model because it normalizes the vehicle for software delivery. Security is scrutinized and narrowed down to one place. Users become less trusting of software coming from 3rd party sources (detrimental in some cases, to a more free and open platform), but added security is definitely gained as part of the tradeoff here.
Yes the app store limits improves security - compared to randomly clicked email attachments in windows.
But as the recent flame worm, signed by a microsoft trusted certificate (http://isc.sans.edu/diary.html?storyid=13366) shows central security systems aren't automatically foolproof - and if you are prevented from having any sort of local control or anti-virus by that same central security system, you can be up a certain creek with a certain paddle
shows central security systems aren't automatically foolproof
That was never contested by anybody. What the flame worm showed was that there needs to be stronger security around private key portions of signing certificates.
any sort of local control or anti-virus by that same central security system
Funny how that works. Anti-viral software is a central security system that uses similar distribution and signing techniques as the app store! Not to mention, anti-viral software doesn't protect you from zero-day exploits, unpatched software, and brand new malware that tends to be the thing that causes the most problem. Not to mention metamorphic and polymorphic malware, which is getting more and more common and runs circles around modern AV software.
Actually iOS has more security than you could ever get on a Windows platform with an anti virus.
The only way to run executable code on iOS is to install it via the AppStore, to get to the App Store you need to pass the review process, you have to be really clever to be able to hide your malware. Even if your malware gets trough you are still stuck in your apps sandbox and once Apple realizes what you have done, they can remotely pull all instances of your app and the police will be waiting for you outside.
So virtually it's impossible to spread virus on iOS, an anti virus would be just crapware.
"to get to the App Store you need to pass the review process, you have to be really clever to be able to hide your malware.
Let's hope no one sets up The International Obfuscated Objective-C Code Contest; or that the code reviewers at Apple are competent and experience enough to work with advanced software security threats.
"Even if your malware gets trough you are still stuck in your apps sandbox"
Sandboxes can and are exploited. Recently [1]
"So virtually it's impossible to spread virus on iOS, an anti virus would be just crapware."
Sure on HN we all know that security is more than (anti) viruses.
Let's hope no one sets up The International Obfuscated Objective-C Code Contest; or that the code reviewers at Apple are competent and experience enough to work with advanced software security threats.
Apple isn't doing thorough code reviews of every app they get. They're just checking sanity and adherence to "the rules". Even if the code was obfuscated and they wanted to review your code, they could write you an email that says "your code is unreadable, make it better or you're not going to get on the app store".
Sandboxes can and are exploited.
So are you saying that because Chrome was exploited, that the sandbox model in iOS some how makes the system less secure? The notion doesn't follow. Yes, sandboxes can be exploited, but it's NOT EASY TO DO THIS. The idea behind good, secure design is not to try to secure from every attack vector possible, but to eliminate low hanging fruit entirely, and make elaborate breaches very, very expensive to find and create. Apple is doing all of this here with the sandbox design, and it works quite well for them.
Sure on HN we all know that security is more than (anti) viruses.
Case-in-point: iOS. Quite secure, doesn't require anti-virus software to be as secure as it is.
Here's the thing, A/V software is just one more thing to work around. There's no inherent aspect of an operating system that should require A/V, and there's nothing about A/V that suddenly makes a system invulnerable to exploit.
Yes, security should be managed in layers, but the management of those layers should be trusted to the "right" person. A/V companies believe that they are the right person. Apple believes that they are the right person.
If you're going to levy the "security theather" attack at Apple, we could just as easily fire that shot in the direction of A/V companies. When "malware" came on the scene, A/V companies were completely unprepared. Their response was that "malware isn't a virus". From a technical perspective, they're correct, but from the user's perspective, it was a huge failing. Virtually everyone I know who has been affected by malware said the same thing: "But I pay for Kaspersky/McAfee/Avast/Whatever anti-virus, how did I get infected!?" I'm supposed to believe that these are the "right" people with whom to entrust the security of my computer?
There's no inherent aspect of an operating system that should require A/V...
Most operating systems allow you to install software. If the user installs software from untrustworthy sources an A/V is the only thing that can protect him/her. No it isn't perfect but few claim it to be.
Well, you can do it on Android, but they make it hard enough that you really have to know that you want to. There have been isolated instances of this being a source of malicious problem for users, though.
And yet, A/V hasn't been -- by any reasonable measure -- succesful in stopping malicious software. Maybe the solution is to stop installing software from untrustworthy sources?
My statement can't be taken without context. Stated with more context: "there is no inherent aspect of an operating system that favors A/V as protection from malicious software over any other (like code signing)." In practice, quite the opposite is true. We've proven, through practice, that A/V is a poor solution.
You do know that anti-virus software is most definitely security theater at its finest, right? It gives users around the world a false sense of security.
"I'm safe because I'm running McAfee/Kaspersky/Norton/what-have-you." I'd say pretty much every infected machine I've dealt with has had anti-virus software on it.
The security via obscurity argument is floating around this discussion for years. And I don't buy it that OS X is not tested by malware experts.
I don't know who has read that reddit AMA of a malware writer but he stated that 90% of all bad guys can't write code.
And apart from that he stated that his malware can bypass anti virus software.
To get programs on your Mac that cause real trouble it's necessary to type in your password during installation. The last big trojan used a Java hole.
Therefore I state that Mac is secure enough for the average user as long as he gives no privilegs to obscure programs and does not use Java (and Flash?) in the browser.
I don't know how else you can get malicious code onto an iOS device apart from jailbreaking it, getting something through the App Store checks or someone getting it in his hands.
For the real bad stuff a virus scan won't help you, these bad guys know how to work around. It's all about the user and his knowledge about what precautions he should apply (not giving th device in other hands, not jailbreaking).
Are there ways to hack a phone via browser, let's say with a JavaScript hack?
There were a few remote execution holes in iOS' Webkit implementation that were mostly used to jailbreak phones. I'm not sure how quickly those were detected and patched, though.
> To get programs on your Mac that cause real trouble
I think this is the big fallacy of the UNIX security model. Every program you download can delete your home folder without warning, it only can't mess up the OS (and other users, but those are increasingly rare). That's terrible because restoring /System is the easiest thing in the world, restoring user data isn't. I think you can't delete Time Machine backups without admin rights, but malware could easily purge TM with an artificial mammoth file too.
I am super paranoid about downloading software to my work Mac even from the App Store. And even for iOS I only try random free apps on my iPad where I don't have my address book synced.
iOS apps don't have access to a home folder, and the new Sandbox model for OS X is that way, too. Each app has its own folder, with no access to the folders of other apps. There are APIs to access data from other apps that share it (for example photos and the address book, so you're right to be wary there), but no direct access to arbitrary folders. This is both good and bad, of course. It forces you to jump through hoops if you legitimately need access, and makes certain types of programs difficult/impossible to write.
The author mentions getting malware from a jailbroken device, without realizing that the jailbreak itself is a great example of "malware" (from apple's point of view) that is constantly getting around their presented security.
As long as jailbreaks work, Apple's security stack isn't worth much.
I figured it depends on the type of jailbreak. The drive-by web browser jailbreak was scary - the hole could easily have been used to install malware in the background.
But how dangerous is the average jailbreak that requires a USB connection?
I agree that the same exploits used to jailbreak iOS devices could be used to install actual malware, but what could third party anti-virus software do that Apple can't? If the OS can be exploited, the anti-virus software can surely be exploited as well.
IMO, the more Apple shakes their stick, yelling "You're not getting into my house" the more likely the right person is going to take on that challenge and succeed. You can only yell "Come at me bro" so many times before someone actually does come at you.
This is a note most of us wouldn't have read without it being posted to HN via Forbes. Apple ran TV ads claiming that Macs had no viruses years ago - those were much more provocative and not much happened. Or maybe the Flashback worm just took a long time to develop :)
Times change. Maybe there wasn't quite the incentive/appeal years ago. And this is Hacker News. I understand "hacker" in this case is not exactly the same thing as a malware writer. But if I were to bet on a TV ad years ago vs. an article posted here today (along with others on the topic in the recent past) my money would not be on the TV ad.
41 comments
[ 3.2 ms ] story [ 85.6 ms ] threadThe first author[1] of a successful worm[2] did become quite famous from it, later did a startup[3] and even later went on to be one of the co-founders of this thing called YCombinator[4].
[1] http://en.wikipedia.org/wiki/Robert_Tappan_Morris
[2] http://en.wikipedia.org/wiki/Morris_worm
[3] http://en.wikipedia.org/wiki/Viaweb
[4] Seriously?
The existence of the Morris worm doesn't really say much about the resilience of today's Linux to worms or viruses.
Yes, malware can be a lot more sophisticated now than it was in 1988. In many cases it doesn't need to be though. For example, there was a comparatively recent case of a botnet infecting Linux-based routers which lacked front end authentication[2](!!).
Exploitable software runs on many platforms.
The existence of the Michelangelo virus[1] doesn't really say much about the resilience of today's Windows to worms or viruses.
[1] http://en.wikipedia.org/wiki/Michelangelo_(computer_virus)
[2] http://lwn.net/Articles/325434/
On windows or mac, getting a virus to run is generally just a matter of packaging it with some downloadable software. In linux, pretty much everything is available through package managers. You can't just throw a virus into a torrent for photoshop or whatever.
That being said, I'm by no means an expert.
I've seen drive-by website infections, malicious software installs using social attacks, and malicious attachments infecting Office. When Flashback alone infecting the better part of one million Macs, it is now newsworthy.
What if there is a hack/mistake/bug in the appstore ?
There's no need to worry about security because the app store guarrantees that.
The Apple review process, draconian as it may be, almost certainly has a real, strong effect in actually preventing malware.
It's exactly like the TSA having magic terrorist detectors - but you can't be told how they work because of security
Actually average people would probably know enough to think "someone could just lie when asked - that doesn't provide protection".
To me "security theater" is doing things that seem to appear to lock something down in the eyes of an average uninformed person. Average is not Bruce Schneier or an 8 year old. It's a typical traveler who believes they are secure because they see checkpoints, have to take their shoes off, and have to have their laptop scanned.
The de Cartes-style demon argument is generally a weak fallback. The end game of this argument is that you can't trust anything because you can't fully trust anything.
The reality of the situation is that the app store is most definitely more secure than Windows's distribution model because it normalizes the vehicle for software delivery. Security is scrutinized and narrowed down to one place. Users become less trusting of software coming from 3rd party sources (detrimental in some cases, to a more free and open platform), but added security is definitely gained as part of the tradeoff here.
But as the recent flame worm, signed by a microsoft trusted certificate (http://isc.sans.edu/diary.html?storyid=13366) shows central security systems aren't automatically foolproof - and if you are prevented from having any sort of local control or anti-virus by that same central security system, you can be up a certain creek with a certain paddle
That was never contested by anybody. What the flame worm showed was that there needs to be stronger security around private key portions of signing certificates.
any sort of local control or anti-virus by that same central security system
Funny how that works. Anti-viral software is a central security system that uses similar distribution and signing techniques as the app store! Not to mention, anti-viral software doesn't protect you from zero-day exploits, unpatched software, and brand new malware that tends to be the thing that causes the most problem. Not to mention metamorphic and polymorphic malware, which is getting more and more common and runs circles around modern AV software.
The only way to run executable code on iOS is to install it via the AppStore, to get to the App Store you need to pass the review process, you have to be really clever to be able to hide your malware. Even if your malware gets trough you are still stuck in your apps sandbox and once Apple realizes what you have done, they can remotely pull all instances of your app and the police will be waiting for you outside.
So virtually it's impossible to spread virus on iOS, an anti virus would be just crapware.
Let's hope no one sets up The International Obfuscated Objective-C Code Contest; or that the code reviewers at Apple are competent and experience enough to work with advanced software security threats.
"Even if your malware gets trough you are still stuck in your apps sandbox"
Sandboxes can and are exploited. Recently [1]
"So virtually it's impossible to spread virus on iOS, an anti virus would be just crapware."
Sure on HN we all know that security is more than (anti) viruses.
[1] http://www.techspot.com/news/47731-google-rushes-out-chrome-...
Apple isn't doing thorough code reviews of every app they get. They're just checking sanity and adherence to "the rules". Even if the code was obfuscated and they wanted to review your code, they could write you an email that says "your code is unreadable, make it better or you're not going to get on the app store".
Sandboxes can and are exploited.
So are you saying that because Chrome was exploited, that the sandbox model in iOS some how makes the system less secure? The notion doesn't follow. Yes, sandboxes can be exploited, but it's NOT EASY TO DO THIS. The idea behind good, secure design is not to try to secure from every attack vector possible, but to eliminate low hanging fruit entirely, and make elaborate breaches very, very expensive to find and create. Apple is doing all of this here with the sandbox design, and it works quite well for them.
Sure on HN we all know that security is more than (anti) viruses.
Case-in-point: iOS. Quite secure, doesn't require anti-virus software to be as secure as it is.
One can still do a driveby attack where a malicious webpage kicks Safari's teeth in and finds a way through the sandbox.
(Or replace Safari with 'any app that consumes network content')
Yes, security should be managed in layers, but the management of those layers should be trusted to the "right" person. A/V companies believe that they are the right person. Apple believes that they are the right person.
If you're going to levy the "security theather" attack at Apple, we could just as easily fire that shot in the direction of A/V companies. When "malware" came on the scene, A/V companies were completely unprepared. Their response was that "malware isn't a virus". From a technical perspective, they're correct, but from the user's perspective, it was a huge failing. Virtually everyone I know who has been affected by malware said the same thing: "But I pay for Kaspersky/McAfee/Avast/Whatever anti-virus, how did I get infected!?" I'm supposed to believe that these are the "right" people with whom to entrust the security of my computer?
Most operating systems allow you to install software. If the user installs software from untrustworthy sources an A/V is the only thing that can protect him/her. No it isn't perfect but few claim it to be.
This has never been an inherent possibility on mobile operating systems.
My statement can't be taken without context. Stated with more context: "there is no inherent aspect of an operating system that favors A/V as protection from malicious software over any other (like code signing)." In practice, quite the opposite is true. We've proven, through practice, that A/V is a poor solution.
"I'm safe because I'm running McAfee/Kaspersky/Norton/what-have-you." I'd say pretty much every infected machine I've dealt with has had anti-virus software on it.
I don't know who has read that reddit AMA of a malware writer but he stated that 90% of all bad guys can't write code.
And apart from that he stated that his malware can bypass anti virus software.
To get programs on your Mac that cause real trouble it's necessary to type in your password during installation. The last big trojan used a Java hole.
Therefore I state that Mac is secure enough for the average user as long as he gives no privilegs to obscure programs and does not use Java (and Flash?) in the browser.
I don't know how else you can get malicious code onto an iOS device apart from jailbreaking it, getting something through the App Store checks or someone getting it in his hands.
For the real bad stuff a virus scan won't help you, these bad guys know how to work around. It's all about the user and his knowledge about what precautions he should apply (not giving th device in other hands, not jailbreaking).
Are there ways to hack a phone via browser, let's say with a JavaScript hack?
I think this is the big fallacy of the UNIX security model. Every program you download can delete your home folder without warning, it only can't mess up the OS (and other users, but those are increasingly rare). That's terrible because restoring /System is the easiest thing in the world, restoring user data isn't. I think you can't delete Time Machine backups without admin rights, but malware could easily purge TM with an artificial mammoth file too.
I am super paranoid about downloading software to my work Mac even from the App Store. And even for iOS I only try random free apps on my iPad where I don't have my address book synced.
As long as jailbreaks work, Apple's security stack isn't worth much.
But how dangerous is the average jailbreak that requires a USB connection?