more on mac viruses and quote and apple pie

[David Farber <dave () farber net>]

Begin forwarded message:

From: Rodney Joffe <rjoffe () centergate com>
Date: May 21, 2005 12:30:27 PM EDT
To: David Farber <dave () farber net>
Subject: Re: [IP] mac viruses and quote and apple pie


Hello Dave,


On 5/21/05 4:29 AM, "David Farber" <dave () farber net> wrote:


> Please do

You have had a number of readers who have responded providing some of  
the
details of the vulnerabilities of Mac OS-X already.

The overall impression is one of "There are easier targets, like  
Windows,
and the exploits are very quickly identified and patched, and Mac OS- 
X is a
much better option". All very true. I run OS-X on all my personal  
machines
for just that reason.

But to contend that there are no known exploits in the wild, and the  
only
virii that were UNIX specific were ten years ago is disingenuous at  
best.

As an opener, here is a Techworld article from earlier this month.:

http://www.techworld.com/security/news/index.cfm?NewsID=3598

Just a small excerpt:

" The flaws patched this week are more serious than those addressed  
by the
April patch, with some of the new bugs allowing remote attackers to run
malicious code on a user's system. A buffer overflow in Apache's  
htdigest
program could be triggered via a CGI application to allow remote system
compromise, Apple said.

An integer overflow in AppKit could allow for malicious code  
execution via
malformed TIFF images; two flaws in the libXpm library could allow code
execution via another image format, XPM, although Apple noted that  
libXpm
isn't installed by default.

A bug in the Foundation framework's handling of an environment variable
could result in a buffer overflow, allowing the execution of code, Apple
said. Help Viewer could be commandeered by remote attackers to run
Javascript without the usual security restrictions. A buffer overflow in
NetInfo's Setup Tool (NeST) could also allow remote code execution."

That is covered in just one patch.

But the claim that Mac OS-X is not vulnerable to virii, which is the  
fallacy
some folks are perpetuating, is best put to bed by a little contest  
"almost"
taking place through the folks at DVForge. It seems odd that there  
would be
such an outcry if there was no risk. No?

http://www.dvforge.com/virus.shtml

Another interesting article describing some of the fundamental issues:
http://news.com.com/Darwin+flaws+survive+in+Apples+Mac+OS+X/ 
2100-1002_3-5540
955.html

To understand more of the vulnerabilities, and how to patch them,  
above and
beyond waiting for problems to be found and patched by Apple and OS-X  
app
vendors, a good start is at http://www.bastille-linux.org/

There is no doubt that Mac OS is a better choice. The OS is better, the
vendor is far more reactive, and the users are far better informed,  
so they
share information quicker. But *don't* believe for a moment that  
because you
use a Mac, you have nothing to worry about. As I said in my original  
post, I
deal with compromised machines almost every day that are part of larger
botnets, and that are running Mac OS-X, with the owners believing  
that they
were secure.

HTH

Regards,
Rodney Joffe
CenterGate Research Group, LLC
http://www.centergate.com
"Technology so advanced, even WE don't understand it"(R)






-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/