"Many Mac users believe they are better protected than the average Windows user against malicious attacks."

...to an extent, they're right. You really have to work at it to compomise a Mac to the same point that Windows comes standard with when it comes to system-wide permissions. OTOH, no one should seriously be comfortable with that. If an average Windows user is floating along in a birchbark canoe and the average Mac user is paddling in an aluminum one, either boater just as easily get swamped and sink if they get stupid and handle it wrong.

Both OSes are equally adept at 'encouraging' a user to use automatic updates - though both could improve that by quite a bit (hint for Apple: Look to SuSE Linux' YOU patching --which only very rarely requires a reboot thanks to extensive kernel modularization-- and make that mandatory by default. Dunno WTF to tell Microsoft given their internal OS structure - sorry).

"While InqTana is not a danger, Finisterre stressed that Mac users need to wake up to the fact that successful worms and viruses will attempt to attack the Mac OS X in the future. The poorly programmed OSX/Leap.A also shows that malicious coders are focusing on the platform, he said."

In all honesty, I suspect that people have been focusing on OSX ever since version 10.1, just that it took some real skills to do it until now, keeping the task of popping an OSX box way out of script kiddie reach.

"The two worms and the exploit could also give would-be malicious coders encouragement in their attempts to create programs for the Mac OS X platform, said Peter Allor, director of intelligence for Internet Security Systems."

True, but it'll still take a higher skillset than that available to the average Windows worm writer, methinks... mostly due to the *nix-like internal structure of OSX. This alone will prevent anything near the ungodly flood of crap that the typical Windows XP user has to deal with on a daily basis.

I also think that it is a testament to the superiority of *nix-like systems that it took so long to actually pull it off (and that most of them focused on Apple's adaptations of the BSD code, not the core itself).

""We Mac users have been living in this great world where we are more vulnerable than other Unixes, but we weren't seeing any attacks because we weren't targeted," Beale said."

I strongly disagree here. I think that OSX has been targeted the whole time, just that it took this long for anyone to actually find anything useful to crack it with, thanks to the ease with which Windows could be cracked and the higher skillset required to actually pop an OSX box from the outside.

"In addition, Apple needs to shake off its secretive approach to security and communicate better with the community and security researchers, said Finisterre. The researcher said that his attempts to communicate with the security response team at Apple has been mixed."

...this I agree with perfectly.

That said, I still feel more at ease in putzing around online at home on the Mac than I ever would on a Windows box.

/P

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11378/33265#33265