Organized Crime Targeting Apple Computers for the First Time

Apple LogoWhile it’s nothing new for organized crime to focus on phishing and identity theft, Windows-based computers have traditionally taken the brunt of most attacks. So much so, in fact, that plenty of my Apple friends claimed it as yet another reason to switch to the below-the-radar Mac. Too bad, then, that a report out last week shows that the end of 2007 was the beginning of “financially-motivated” organized crime targeting Apple computers.

Is this good news or bad? After all, it could be taken as a sign of Apple’s success. Macs finally appear to be popular enough that cybercriminals care. However you frame it, check out this call to arms of sorts from Graham Cluley, senior technology consultant at Sophos (the firm responsible for this report):

“Mac users have for years prided themselves on making smarter decisions than their PC cousins – well, now’s the chance to prove it. The Mac malware problem is currently tiny compared to the Windows one, so if enough Apple Mac users resist clicking on unsolicited weblinks or downloading unknown code from the web then there’s a chance they could send a clear message to the hackers that it’s not financially rewarding to target Macs. If they fail to properly defend themselves, however, there’s a chance that more cybercriminals will decide it’s worth their while to develop more malware for Mac during 2008.”

So there you have it, Mac users, unite and be as smart as you feel! The report also noted that Wi-Fi enabled devices and other mobile technologies (even mentioning Apple’s iPhone and iPod Touch) are likely to be targeted this year.

Be Sociable, Share!
  • Paul Ellis

    I seriously doubt the Mac users will do better at resisting malware Than PC users have. Most Mac users feel so protected because they use a Mac that they’ll probably trust even more links than PC users do. Combined with this that Mac OS’s default security settings (firewall, wifi, etc) are much more lax than windows can get away with. People have been saying it for years, if Apple got a large enough market share they would face very similar security issues as Windows has.

  • Brian

    The argument of security though obscurity is total FUD. Apple enjoys far greater security because the system is far more secure.

    Paul, the firewall software changed in Leopard, but Mac has always offered far more sensible default configurations than Microsoft, you are seriously confused about that point.

  • Ben

    If that trojan was from organized crime like you say, then they must be retarded. First of all, you had to download this file from a porn site that may or not be real. secondly you had to install it.
    This isn’t the first time someone has tried to do this. Most of these so called “trojans” are spread by going to illegal file sharing sites or by going to porn sites from links from obvious rogue emails.

    You can’t really blame the platform for idiots that use it and don’t know what they are doing. In contrast, you can plug in a PC with XP and leave it online and don’t visit any sites and it can get infected.

    Paul, you must have never used a Mac because the Mac’s default security settings in Tiger are way better than XP.

  • azureblue

    The writer of the article has no idea of the differences between OSX and Windows XP / Vista, that inherently make OSX more secure to begin with. And like most FUD spreaders, they fudge the facts to make their point.

    Note that, so far, all of the supposed infections of OSX have been done by crippling the Mac so that it becomes possible to infect the OS, and usually done through a third party software hole. And note the source of most of the so called vulnerability scares: the companies that make virus protection software.

    FUD. Get a Mac.

  • azureblue

    PS- and, unsurprising as it is, today yet another hole is found in Windows:

    http://www.infoworld.com/article/08/01/30/Critical-Windows-bug-proves-highly-exploitable_1.html

  • http://www.mybsod.com Tyler Reber

    I agree completely with you Paul. A bunch of my friends have switched over to Mac in the past couple years, and they consistently use this excuse and usually I just kind of smirk to myself. The only reason Mac’s are more secure is because until recently hackers and other malicious online types didn’t care enough to go after them. It’s like you said, now that they’re gaining more popularity, they will not be as secure as they once were. It’s been known for a while that Mac’s do not contain the levels of security measures that PC’s do and I think in time Mac users are going to find this out. I think Mac’s security policy is kind of one of security through obscurity. Keep any security flaws secret…your users dont know about them, the attackers (who dont care…yet) dont know about them….all is well. That’s probably going to need to change in the near future.

  • http://www.mybsod.com Tyler Reber

    Sorry, when i started typing that, there was only one other comment, I didnt see the rest of this. I want to wait and see what others have to say though before I comment further.

  • mack520

    I am an organized criminal, and have used macs almost exclusively since 1984,and I think no one has suffered any ill effects. I believe its good to be a criminal, and better to be an organized one.
    Paul ellis-”I seriously doubt the Mac users will do better at resisting malware Than PC users have.”, I advise you to adopt a course of intellectual rigor, perhaps you might think about what you say, and try to relate it to rw.

  • What’s the frequency, Kenneth?

    Why do people always spout BS like this and show their ignorance? Mac OS X *is* inherently safer. You have to be a major league Windows zombie not to know and accept that. Having said that, I wouldn’t be surprised if the first few trojan horses that effectively target OS X fooled a lot more Mac users, because they simply aren’t educated in such things, on average. Informed people owe it to them to remind them that there are plenty of entities on the internet that mean people harm, and it’s best to avoid helping them hurt you.

  • Paul Ellis

    Wow, I’m going to have to address these in order.

    Brian, About the firewall check this review of Leopard’s firwall (http://www.heise-security.co.uk/articles/98120/1). ‘The Mac OS X Leopard firewall failed every test. It is not activated by default and, even when activated, it does not behave as expected. Network connections to non-authorised services can still be established and even under the most restrictive setting, “Block all incoming connections,” it allows access to system services from the internet.’

    Ben, ‘You can’t really blame the platform for idiots that use it and don’t know what they are doing.’ That is exactly what happens to Windows. By far most malware that targets and successfully exploits Windows (XP or Vista) is really a “social engineering” trick. If you can get people to run a program (via P2P, porn, etc) on ANY OS you are going to have a lot more problems.

    ‘In contrast, you can plug in a PC with XP and leave it online and don’t visit any sites and it can get infected.’ That statement is not true. It is only true if you use a pre-service-pack release of Windows XP from 2001. The Windows XP SP2 firewall (which has been out since 2004!) is far more secure than the Leopard firewall.

    Mac may still be safer for the time being, but it is because of obscurity. Even a lot of the praise Linux gets for its security is a result of its obscurity. If the current versions of Mac OS X or Linux commanded 95% market share they would have far more problems with security than Windows XP or Vista.

    Mack520 you might try actually making a point to illustrate my error. I am saying it is a stupid, and completely unfounded expectation that Mac users (who assume they are inherently immune) will be smarter about malware than Windows users. If anything they are ripe for the picking.

  • What’s the frequency, Kenneth?

    “If the current versions of Mac OS X or Linux commanded 95% market share they would have far more problems with security than Windows XP or Vista.”

    This is the kind of ignorance I’m talking about. Security was tacked on to Windows as an afterthought. Security was a prime directive in the creation of Unix. That fundamental difference makes OS X inherently more secure. Windows has holes by nature. OS X has (far fewer) holes because it grew from a platform that is secure by design.

  • George

    Interestingly enough, as an IT professional, I read through dozens of IT blogs daily and like an airborne illness, every few days some security “expert” from some completely unknown “security firm” makes the statement that “The Mac’s are next”.

    I’ve been hearing that since 1997.
    That line has outlasted most of the security professionals careers.

    The Mac zealots say, not us, the PC guys say, why not you.

    I say, show me something.
    For some reason unknown to me, no one can ever show me a situation where a user opens a e-mail and their Mac turns into a robot sending out hundreds of e-mails every night at 3 am.
    Show me where a user has their password directory or database compromised by some outside hacker without their help.
    Somebody show me something where a Mac gets hacked while the owner is sleeping and no one is using it to “click on something” or authenticate a process.
    Until then, please stop all this “largely unknown security expert” wishful thinking income enhancing nonsense.

  • DAavidK

    Anyone that believes that malware is easier on Unix than MS’s operating system does not or has not chosen to understand the difference. Yes Apple will attract more hackers due to market share rise but it DOES NOT mean it will be as easy for the hackers. If it had one of them with a hard-on would have already made a name. This is an old MS tale to make them feel superior of their choice of OS’s. Kinda like whistling in the woods.

  • Paul Ellis

    Kenneth, “This is the kind of ignorance I’m talking about. Security was tacked on to Windows as an afterthought. Security was a prime directive in the creation of Unix. That fundamental difference makes OS X inherently more secure. Windows has holes by nature. OS X has (far fewer) holes because it grew from a platform that is secure by design.” Not all Unix is created equal. The security of a platform has a lot to do with the vendor that creates and sells it. It is a fact that the Leopard firewall “accepts all incoming connections” by default. It is also a fact that that is not a good security practice. So trying to say that Unix is inherently secure is BS, because it is Apple’s security practices that are at play here.

    George, I agree with you that currently OS X is safer, and it has been a long running story that Mac would be next. Do you know what has happened? People always assumed Mac was actually going to grab some significant market share (read: somewhere around 20% or higher) and it hasn’t. And if anyone tries to argue that any Mac OS before OS X was secure (going back to 1997?) they don’t have a clue. Pre-X Mac OS was a joke: no protected memory, no real user-level access controls, the ability to easily grab any other user account’s password, etc.

  • Paul Ellis

    One other note, it isn’t like I’ve never been exposed to *nix, or other operating systems for that matter. I’m kind of an OS junkie. I first used RedHat 6.2, and have tried most of the popular flavors (and many unknown flavors) of Linux, even as my only OS on my desktop and laptop. I have used Macs since the SE/30 was a good machine. I ran BeOS for a while (still one of my favorites). I have used various versions of BSD. I even used OS/2 Warp with Windows 3.1 for about 2 years as my only OS.

    Do you know what I’ve learned from all of this? Every single one of them has very visible flaws, and it is ignorant to act like any of them are perfect. Pick and choose your problems. As for me I actually really like Vista. Although I’m sure I’ll get slammed for my personal preference.

  • Empty Tank

    If pre Mac OS X security was crap, then the argument that OS X is secure by obscurity is totally moronic. The fact is I’ve used macs since 1986. I never used a antivirus program, a d I’ve never had a problem. Wish all you want mac haters, the Mac is the most secure computer money can buy.

  • kboggs

    As a Mac user I suspect that there is probably some truth to the security by obscurity idea. However, there is one incredibly conspicuous Mac that, to my knowledge, has never been hacked. The U.S. Army’s web site at http://www.army.mil is hosted on a Mac web server. It would seem to me that this particular site would be a frequent target for foreign and domestic hackers trying to earn some cybercred. See:http://www.apple.com/itpro/profiles/army/

    The army is apparently pretty happy with the performance of their Macs as they have been hosting on the Macintosh platform since 1999.

    Beside that I’ve never really understood the down side of security by obscurity. I mean if you are more secure, you’re more secure right? Who cares why? It’s as if you built two houses, one in the country, one in the inner city, the one in the country would probably be more secure for the same reason. I fail to see how that is detrimental to the country house.

  • daisyraven

    Is the Mac more secure? Probably. Why? God only knows. Will it be more vulnerable to malware attacks because it is becoming more popular? Remains to be seen. The one thing that you can be sure of is that any attacks on the Mac platform will be immediately quashed. Why? Because Mac users pay attention. A Mac attack vulnerability will be disseminated throughout the community, and dealt with rapidly. My guess is that the fanboy tag will finally pay off when the going gets tough.

  • Wiley

    Actually, the Mac OS X previous to OS X was pretty secure. (A few worms existed) The US Army used the Webstar web server that ran on the classic Mac OS for some time. The reason for the security? Part of it was that the pre-OS X Mac OS was a from-scratch GUI and had no command line. True, it didn’t have preemptive multi-tasking, (or robust memory protection) but the original Mac OS was designed as a single-user OS. That’s unlike UNIX, invented when computers were so expensive that everyone had to share the computer and keep their stuff safe and secure from everyone else’s stuff.

  • mack520

    “Mack520 you might try actually making a point to illustrate my error.” Why? Why would I try to make a point to you?How would I even go about doing so- since reason, logic, deduction, and every other thought process I am familiar with clearly are
    inappropriate. How about try typing fsck -f

  • George

    My point wasn’t Mac centric, it was more proof centric.

    To my knowledge, there have been exactly zero Mac’s compromised without the help of the user to click on something or to authenticate a process.

    I know there have been some attempts, highly publicized dog and pony shows to hack a Mac OS X based server, but I think we’re still waiting or someone to actually take control of one.

    If there was a MS or anyone else’s OS that had that sort of security success, I would be for that, as well.

    I just get annoyed that every know-nothing blogger falls for and subsequently publishes every “almost known security expert’s” Chicken Little statements of an impending security doomsday scenerio that’s about to fall on the heads of every Mac admin.

    Just stop with the BS “proof of concept video’s” from these so completely unknown security firms showing that if a certain user were to inadvertainly log onto some spoofed portal than perhaps they could get lured into downloading an app that might, just might, with the proper authentication and only after running the app, might actually do something bad someday in the future to someone, maybe…well it could happen, maybe

  • http://www.techconsumer.com Bob Caswell

    “My guess is that the fanboy tag will finally pay off when the going gets tough.”

    Lol, one can only hope it will eventually be good for something…

  • George Said it!

    George said it best:

    “I say, show me something.
    For some reason unknown to me, no one can ever show me a situation where a user opens a e-mail and their Mac turns into a robot sending out hundreds of e-mails every night at 3 am.
    Show me where a user has their password directory or database compromised by some outside hacker without their help.
    Somebody show me something where a Mac gets hacked while the owner is sleeping and no one is using it to “click on something” or authenticate a process.
    Until then, please stop all this “largely unknown security expert” wishful thinking income enhancing nonsense.”

    Yeah, yeah, someday the Mac will be hacked.
    C’mon! Do it! Doesn’t anyone want to be the first to be famous for this?
    C’mon! It happens with regularity in the Windows world!
    C’mon! Hack the Mac! Be famous!

    Oh, and that marketshare crap:

    More Internet servers run on open-source (eg. Apapche) instead of IIS (Microsoft).
    Guess which one gets hacked more?
    I knew you’d know the answer!

  • http://www.techconsumer.com Bob Caswell

    Geez, George, take it easy. We get it: you’re the IT professional who knows what’s really going on. And you’re apparently sick of reading about Mac security issues that you haven’t seen or heard of.

    The “unknown security expert” in question (Sophos), by the way, has over 100 million users. What they say may or may not be completely accurate, but that likely has little to do with their popularity. But I thought I’d throw out a popularity number to appease those for whom it matters.

    And, George, did you look at the report? It’s quite possible that it’s not just made up to annoy you (though that’s still a possibility, I suppose), despite your convincing argument that suggests otherwise (what was it again? oh yeah, something along the lines of you’re tired of reading about it, so it’s not true).

    And all your the-MAC-is-more-secure scenarios that you mention are beside the point. If you read what this report is about, it’s precisely about those instances where users (Mac or PC) are tricked (phishing, etc.). And this is type of activity is on the rise for Macs (i.e., users of Mac computers are targeted). So Macs could still be safer when left on and not touched for all I know, but again, that misses the point of the article.

  • DaveK

    Paul wrote:

    “Brian, About the firewall check this review of Leopard’s firwall (http://www.heise-security.co.uk/articles/98120/1). ‘The Mac OS X Leopard firewall failed every test…’”

    At the bottom of that article:

    “Update:
    Apple has issued security patches to address the issues raised in this article.

    All new software releases have problems. Staying up to date (with any OS) helps a lot.

    There’s no way to win this argument right now, on any side. The “Security through Obscurity” thing is a theory, no matter how many claim it is fact, and will only be proved if Mac continues to gain market share AND at some magical market share point, suddenly has a boatload of successful attacks. So far, the market share is gaining, but there have been no significant increase in successful attacks, so one could conclude that it’s either more secure, or it hasn’t reached that magical market share point. Time will tell. All we know is for sure is that Windows has had a rough time of it in the past, with tens of thousands of pieces of malware. OS X so far does not have that history. As with stock market disclaimers, the performance of the past does not guarantee future performance, but I’ll keep using my Mac, which I’ve been very happy with, for many reasons beyond security.

  • Wiley

    Currently, most Mac security boils down to this:

    1) Your Mac admin password wields power. If any installer asks for this password, know why, or don’t type the password.
    2) Even *without* an admin password, a malicious application can do damage to files in your Home Directory. (Your home space on the computer) The reason for this is common sense–
    You have, in your own space on the computer, the power to create, edit, or delete files.
    3) Because of #2, always know why you are running any application, and only download applications from trusted sources. Note that Mac OS X Leopard will actually warn you if an application and has been downloaded from the internet and you are about to run it for the first time.
    4) Just like in the Windows world, keep up with the security updates.
    5) If anyone accuses you of being a smug mac user, deny it. Why? Because you’re not a smug Mac user, you’re a sensible one.

  • Paul Ellis

    I think we need to draw a distinction between being secure and not being attacked, or being safe. Warning: I’m going to illustrate an imperfect example, and you may interpret the words security and safety differently than me.

    Certainly you wouldn’t say burying a million dollars in a suitcase in your backyard is more secure than depositing it in a bank right? It may be safer because nobody knows you have a million dollars buried in your backyard, but the bank would be more secure because it has certain protection measures that it implements to stop people even though they all know the money is there. Now image that everyone starts burying money in their backyard because it is safer than the bank. You can see that as soon as you loose the obscurity you lose the safety.

    The point being, if the underlying platform is not more secure (which I believe, pound for pound, it isn’t) and the platform becomes significantly popular (which Apple runs lots of ads to try and make that happen) then obscurity isn’t enough. Microsoft learned a long time ago that not having your firewall on by default is a bad idea. If Mac becomes popular, Apple will learn that same lesson. Also remember, that if I wanted to be safe through obscurity I could just run BeOS (I still wish Apple would have bought them instead of NeXT).

    Let’s look at another insecure part of OS X, the wifi configuration. Did you know OS X will connect to any wireless network it can (maybe not peer-to-peer ones, I’m not positive) without asking the user? I’ve had a lot of Mac people tell me how they hate how they have to “setup” the wireless on Windows and Mac just does it automatically. That is actually a very bad idea. You could be using your Mac somewhere where there will be a rogue network that your OS will automatically connect to. Keep in mind that your firewall is off, so any shared folders (with potential sensitive information), or vulnerable services (which every OS has, that is why they all get security updates), or even website spoofing/phishing/sniffing all available to whoever runs that network. Again, maybe not a problem yet, but if (and it is a big if that this whole conversation hinges on) Mac really takes off you will have a major problem.

    BTW, only George and maybe kboggs have made legitimate fact-based arguments. Anecdotal stuff like using a Mac since ’86 and not having a problem doesn’t really matter. I have been using PCs for that long and I don’t run anti-virus either, and I don’t have problems. Yet, I wouldn’t recommend that for my parents.

    I’m still on the record that pre-OS X was insecure. When you don’t even have protected memory it is so insanely easy to do whatever you want if you can compromise almost anything on the computer. You could still write a really secure (or even the most secure) web server that would run on it, but the consequences of a security failure in the web server program would be much worse.

    Last but not least, picking out one website (army.mil) to show security doesn’t really mean anything. The Navy and Airforce run Linux with Apache, and the Marines use Windows 2003 and IIS. I’m sure they all get a lot of hack attempts. Interestingly enough, when I was briefly looking at a number of bank websites, they all ran Solaris.

  • George

    Bob,

    You so completely don’t get it.
    It’s not that if I don’t read about it it’s not real.
    It’s that they write about a topic that at this point in time is not relevent.
    Hackers can target all the Mac’s they want, but the way it works right now, unless someone is moving a mouse and clicking on a dialog box with an admon password in front of that particular Mac, it’s not happening.
    As to Sopho’s having 100 million users…my guess is that they’re not Mac users.

  • Paul Ellis

    George: about the IIS vs Apache security, IIS actually has a better record (http://www.infoworld.com/article/07/06/29/26OPsecadvise_1.html. It is also has the largest market share (depending on how you calculate it). Which reinforces the idea that if Mac becomes really popular, things can change. Keep in mind that I am not saying that today, Jan 13, 2008, the Mac is not safe.

    DaveK: while I will agree that all new software has issues, I wouldn’t call OS X 10.5 to be really new. It is much more akin to Windows XP SP2. Pretty much the same as the preceding version (10.4 and SP1 respectively). I just think it is crazy that in 2007 Apple would try to sell an OS with the firewall off by default. You can see why though (http://www.heise-security.co.uk/news/98492), because it broke applications. Even now you have to allow Skype to accept inbound connections every single time you use it. It was easier for the user to not have a firewall on. Probably the same reason Microsoft didn’t enable it by default on pre-SP Windows XP.

    Wiley: all the points you make are valid for Mac, Windows, or Linux. That’s really the problem today for most operating systems, how can you protect people from their own stupidity/ignorance? How can you get everyone to actually obey that list. Really. Have you heard of anyone having Windows Vista get hacked while just sitting connected to a network? I haven’t, and it already has a larger install base (i.e. exposure) than Mac. That’s why if you can get a user to run a file through social engineering it really doesn’t matter how “secure” the OS is. The malware might not crash OS X, but it could delete your home folder, and all the time machine backups of it.

    If you find a great way to take care of that problem then talk to me about starting a business. We could be billionaires.

  • fustian

    I might buy the obscurity argument, except I am old enough to have had several Macs before MacOSX. Even though they had significantly less market share than PC’s back then, I did get viruses and did need to use virus protection software.

    Those problems all ended with MacOSX.

  • kboggs

    Paul, I’m not sure where you got the info on OS X wifi but a Mac will not automatically join an open network. It will notify the user that an open network is available but it will not join until the user gives permission. Which brings up another distinction between OS X and Vista, I’ve noticed that VIsta will ask if I initiated a given procedure that might be a security risk but does not ask for my password. OS X on the other hand will ask for an administrative password. This seems to me to provide a higher level of security at the desktop.

    My example of the Army’s server was just to illustrate that here’s one server that is definitely not obscure. If OS X is such a security push over as others claim, then why does the Army continue to use Macs? Why has this considerably conspicuous Mac not been hacked?

    All that being said I know that no OS is perfect nor 100% secure. I think it is important for us maintain antivirus software if for no other reason than to prevent being a carrier for Windows viruses.

  • http://macgecko.blogspot.com/ Greg

    Well I think I do the outlook when and if I see there is a problem I might worry. However I have been hearing about how the sky is falling because the hackers are going to get Macintosh users from the time of OS 9. Guess what never happened! Then I was told just you wait those hackers will get you when you run OS X. Guess what never happened! So to this day there are many bot nets that own many a PC u,ser but I have yet to hear of one running OS X…

  • JZ

    Most Mac users have used Windows. This argument that Mac users are not aware of viruses is more nonsense made up by PC users who of course have never touched a Mac. They also know absolutely nothing about the Mac OS or Mac users. OSX is not perfect…but let’s be honest it started from a more secure space than XP or any previous MS OS. People seem to forget that Windows used to ship out of the box running as Super User as the default configuration for it’s users, executables could just be run by a users clicking on a link with no protection for the user.
    This was supposed to be a feature or a convenience…it was a bad decision on MS’s part. Why?

  • JZ
  • Paul Ellis

    kbogg: I stand corrected. The behavior must have changed since I last used a Mac laptop about a 18 months ago. But I have seen it first hand. My client’s wife even touted that it did it, that’s how I noticed. I’m not sure which version of OS X she was running.

    Greg: The statement that the sky is failing was usually (at least when I read them) tied to Mac’s becoming popular, and that hasn’t happened either.

    JZ: Just because Windows defaulted to super user, it doesn’t mean the underlying base is insecure. In fact, I think that Windows 2000 was a very good base for a multi-user GUI OS. The defaults may have been set insecure, but it could be locked down quite well.

  • DaveK

    “DaveK: while I will agree that all new software has issues, I wouldn’t call OS X 10.5 to be really new. It is much more akin to Windows XP SP2. Pretty much the same as the preceding version (10.4 and SP1 respectively). “

    I don’t think even Microsoft, the best company in the world at marketing mediocrity, believes that. See:

    vs.

    Granted, I wouldn’t consider all the 300 things Apple touts as “features”, but Leopard is substantially more different from Tiger than SP2 is different from SP1.

    For further information, see:

    ?

    “I just think it is crazy that in 2007 Apple would try to sell an OS with the firewall off by default. “

    But that doesn’t mean all the ports are open. They’re not. Actually, even all Mac OS versions prior to Leopard installed with the firewall preference setting off I believe, and always came with all ports closed out of the box. So all Mac OS X versions have had the firewall off by default since what, 2000? Where are all the security breaches cause by the firewall being open? Oh yeah, the security by obscurity thing that we can’t prove yet.

    Traditionally you only needed to “turn on” the firewall in Mac OS X if you needed to open some ports. Most users would not need to do this. But they can if they want.

    If I run Shields UP from the Gibson Research Corp. web site (), with the Leopard (10.5.1) firewall off, and outside my hardware router, I see that all ports are closed. Not all marked as “stealth”, but all closed. Of course you can configure the Leopard firewall to “Enable Stealth Mode, if you like.

    “You can see why though (http://www.heise-security.co.uk/news/98492), because it broke applications. Even now you have to allow Skype to accept inbound connections every single time you use it. It was easier for the user to not have a firewall on. Probably the same reason Microsoft didn’t enable it by default on pre-SP Windows XP.”

    Microsoft didn’t enable it AND they left a bunch of ports open, which was why all you had to do was connect a Windows box to the internet and watch it get violated in 20 minutes or so.

    I think the reason the firewall is left off by default in OS X is because all the ports are closed by default, and you only need to turn the firewall on if you need to open ports, not because it breaks software when turned on. Not that Skype has been the most reliable software on the Mac anyway, but I’m sure that problem will get sorted out eventually.

  • DaveK

    Sorry. the links didn’t come through.

    I wrote:

    I don’t think even Microsoft, the best company in the world at marketing mediocrity, believes that. See:

    http://www.microsoft.com/windowsxp/sp2/features.mspx
    vs.
    http://www.apple.com/macosx/features/

    Granted, I wouldn’t consider all the 300 things Apple touts as “features”, but Leopard is substantially more different from Tiger than SP2 is different from SP1.

    For further information, see:

    http://www.roughlydrafted.com/2007/10/31/ten-myths-of-leopard-2-its-only-a-service-pack/

    Gibson web site:

    http://www.grc.com

  • Paul Ellis

    DaveK: If the firewall is off, ports are open, no matter what OS. Also, even though my Windows firewall is off right now (my home network is set as a private network in Vista) ShieldsUp isn’t finding any open ports, but that is because I’m behind a NAT router and no ports are forwarded. Odds are that unless you are plugged straight into your cable/dsl modem that ShieldsUp will give the same report. The firewall is really only that significant in public network (usually wifi) scenarios for most people. I can see people’s Mac’s on my school subnet (but they can’t see me). Actually I can see all of their bluetooth IDs too since that defaults to visible. It is well documented at a number of sites that OS X defaulted to “allow all incoming connections” until very very recently.

    About Leopard, I would call it more of a feature pack than a service pack. Arguably the underpinnings of a lot of significant parts of Windows XP were dramatically changed between SP1 and SP2. That is why a fair number of programs had to be fixed to work with SP2. Not a lot of features changed though. Sure the dock changed some, they added built-in backup, etc, but the core of the OS is mostly the same. It isn’t at all like the difference between XP and Vista, good or bad.

    And the internal numbering differences (from the roughlydrafted.com link) between Microsoft and Apple don’t really mean much for me. Just because Windows 2000 was NT5 and Vista is NT6, but Apple has gone from Darwin 4 to 9 in the same period doesn’t mean anything. It is just their version policy. Just look at the difference in numbering between Debian and Fedora Core. In the last 12 years Debian has gone from version 1.1 to 4.0. Fedora went through 8 versions (cores) in 4 years. Yet fundamentally they are both using the same base components.

  • DaveK

    Paul wrote:
    “DaveK: If the firewall is off, ports are open, no matter what OS. Also, even though my Windows firewall is off right now (my home network is set as a private network in Vista) ShieldsUp isn’t finding any open ports, but that is because I’m behind a NAT router and no ports are forwarded. Odds are that unless you are plugged straight into your cable/dsl modem that ShieldsUp will give the same report. ”

    But what I said was that I was NOT behind a NAT router. I plugged a MacBook Pro right into my incoming internet connection – no hardware firewall whatsoever, and reconfigured the ethernet settings to use the direct connection. And the Leopard firewall preference setting was to “Allow all incoming connections”, and ShieldsUp stated all ports are closed. So you are wrong, at least about the Leopard “firewall”. And you obviously haven’t tried it, or you’d see that I’m correct.

    I think the confusion is that the firewall in Apple’s preferences seems to be what Apple is calling an “Application Firewall” – the open source firewall ipfw is still present at a lower level, and can be accessed via the terminal, from what I’ve read. I think Apple has major terminology problems here, but the fact remains that if the preferences are set to have the APPLICATION firewall in the preferences “Allow all incoming connections”, all ports are still closed. That explains the basic security out of the box of a Leopard install. Perhaps the correct terminology would be to say that in Leopard, the packet inspection firewall ipfw is still always running (on) in the background, even though the Apple’s UI seems to indicate the firewall is off. I’m not defending them – I think this was a major UI blunder. And it’s caused all sorts of bad press.

    BTW, when I am behind my hardware firewall, Shields UP shows all the ports as “stealth” unless I configure them otherwise on my router.

    “The firewall is really only that significant in public network (usually wifi) scenarios for most people. I can see people’s Mac’s on my school subnet (but they can’t see me). ”

    True. Which is why a default install of Leopard has all ports closed, so you don’t have to worry while on a public network.

    “It is well documented at a number of sites that OS X defaulted to “allow all incoming connections” until very very recently.”

    They still do, but all the ports are closed, as I said.

    “About Leopard, I would call it more of a feature pack than a service pack. ”

    Sure, you can call it what you want. The many additional features is why it was a paid upgrade. Apple’s service packs are free. Apple is just a bit more responsive than Microsoft in this area. But there were many changes to the underpinnings of Leopard, from a developer’s standpoint. Probably more than any other OS X release. Many made to support the new features Apple added, but also to allow more innovation from third party developers.

    “Arguably the underpinnings of a lot of significant parts of Windows XP were dramatically changed between SP1 and SP2. That is why a fair number of programs had to be fixed to work with SP2. Not a lot of features changed though. Sure the dock changed some, they added built-in backup, etc, but the core of the OS is mostly the same. It isn’t at all like the difference between XP and Vista, good or bad.”

    I would agree with you – there were many more differences between XP and Vista than between XP SP1 and SP2.

    “And the internal numbering differences (from the roughlydrafted.com link) between Microsoft and Apple don’t really mean much for me. Just because Windows 2000 was NT5 and Vista is NT6, but Apple has gone from Darwin 4 to 9 in the same period doesn’t mean anything. It is just their version policy.”

    And Apple’s version numbering policy is that all of the Mac OS X releases have a version number starting with “10″, with the first number after that signifying paid releases with major features AND many underlying changes, and the second number after the “10″ being free “service pack” releases. But yet many don’t understand that going from 10.4.x to 10.5 is a MAJOR release and don’t understand why they have to pay for it. It’s all marketing – Apple wants to milk the roman numeral “X” for as long as possible.

  • Paul Ellis

    I did miss that you said you were outside your hardware router. There is one other aspect to ShieldsUp that I have to address. Unless there is a something running on the port it is scanning it doesn’t matter if there is a firewall or not. Something has to be listening to the port for it to be compromised. Which scan did you do? Unless you manually set it to scan, it will only stick to the default service ports which are usually not used by a service in a desktop OS (which the except of file sharing perhaps). Anyway, the behavior has change in Leopard anyway. That said, before the changes made to Leopard, the Heise guys found that any service they ran was accessible from the web.

    Anyway, I think we have kicked this dead horse enough. It all comes down to personal choice, and everyone is entitled to their own. Each OS has its positive and negative points. Personally I’m happy with Vista.

    I think half the problem for Vista has been that a lot of Windows users do not welcome change like Mac users do. Especially after XP being around for so long. I actually had a guy I was talking to say he hated Vista and for him Windows 98 was perfect. He wished that Microsoft had just stopped there. How do you satisfy that guy? Windows 98 really wasn’t the epoch of OS design, I’m sure of that.

    There really are a lot of good features in Vista. The new explorer is really good. It will automatically adjust your security (file sharing, firewall, etc) settings based on if you are on a private or public network (wifi or lan). The new start menu is so useful. I think it has the best implementation of search I’ve seen (better than Google Desktop, Spotlight, Beagle, etc). Vista Media Center is by far the best DVR interface I have used. You never hear about that stuff though, you just hear that some old program won’t run on it.

    Check this link this guy says that Linux with Wine or DOSBox runs games better than Vista because it could run Soldat, Darwinia, Blackthorn, and Civilization 4. I haven’t even heard of the first 3 games, and from looking online people run Civ4 on Vista. It might have taken some tweaks (when doesn’t PC gaming? That’s why I have a console instead), but I’m sure it was less that setting up Wine on Linux.

  • Pingback: More News Out Showcasing Mac Security Issues | TechConsumer

  • Pingback: Organized Crime Targeting Apple Computers for the First Time | TechConsumer