Skip to content

Tag: Apple

Apple Attacks On The Rise?

We here at Geekamongus are by no means partial to one operating system over another.  We love Macs, we love Linux, we love Solaris, and we love those other guys.  Seriously, in no way do we ever intend on taking sides, and articles such as this one are not to be mistaken as an attack upon a particular vendor, nor should they be misconstrued as a statement proclaiming that we prefer other platforms.

That said, some news items of late have raised a few eyebrows upon the foreheads of the security-minded regarding Apple and their operating system, OS X.  For example, there seems to be a new variant of an OS X trojan out there, according to the folks at macnn.com.

Judging by the responses from the opinionated users at the bottom of that article, the Mac fan base may be smart enough to avoid such malicious software.  Cynicism aside, it is clear there is an entirely untapped user base upon which Phishing attacks may be starting to prey.  One must consider the fact that people who have used Macs their whole lives may not be as familiar with such vulnerabilities, where web sites attempt to trick you into downloading a plugin with ulterior motives in mind, and that they could be more easily fooled into taking the bait.  Heck, it would seem the folks at Apple could use some tutelage about Microsoft viruses too.

Seeing as Apple still considers themselves to be rather impervious to viruses, trojans, worms, and their ilk, I don’t forsee this getting better any time soon, even though they did briefly post a note about using antivirus software on their website.  One thing Microsoft users have going for them is that they are by-and-large more aware of common Internet vulnerabilities because they run into them more often, and they must take steps to avoid them.  Some may even have received training in the workplace or from a geeky neice or nephew.

Granted, OS X is based upon a relatively secure Unix kernel and the Apple marketshare is much smaller than that of Microsoft.  That can certainly help when talking about the prevention of spreading traditional viruses, trojans, and worms.  However, when a user is unaware and clicks “OK” to download and install seemingly legitimate plugin, all bets are off.  And who know what evil is brewing in the basements of evildoing jerkfaces to target OS X itself in ways which Windows users are unfamiliar with.

Apple Doesn’t Understand This “Secure” Thing

For years, people have loved Apples and Macs because of their relative security when compared to the likes of Microsoft, who are the target of tens of thousands of viruses, worms, trojans, and other types of malicious programming.

A large part of this has been because of the prevalence of Microsoft Windows, and the fact that Macs make up a tiny little percentage of the home or office computer realm.  However, ever since Apple released the iPhone, it would seem as if they have taken a step out into the world of the unknown, venturing into new territories where no one has gone before.

The problem is, many people have already been in these territories for many years, and Apple obviously has not been paying attention.  It’s like they never considered the thought that once they started venturing outside of the obscure marketshare into the eye of the general public, they too would become targeted by script kiddies, spammers, and all-around evildoers.

The fact of the matter is, Apple, Macs, iThings, and everything else they are doing IS being targeted more now than ever before, and unfortunately, Apple is sitting around wondering why instead of doing anything about it.

Take, for example, this new TechCrunch article explaining a simple way for spammers to harvest all the email addresses of MobileMe users.

From the article:

Apple knows about the problem but insists it isn’t an issue because no one has complained publicly. An Apple representative said to one of our readers: “We’ve never had a complaint from a customer about people spamming them because of their iDisk public folder name. There is no way to remove your account name from the iDisk folders. I’m very sorry.”

Um…ok.  So if I use MobileMe, I can expect a lot of spam.  Maybe they think I’ll get used to it.

TechCrunch goes as far as suggesting that Apple is falling apart at the seams.  They suggest failures with customer service and security exploits as warning signs.  The sad part is, Apple seems to either not care about fixing things, or just not get it, both of which are starting to come off as being arrogant.

Look at the recent ‘patching’ Apple did with the widely-publicized DNS spoofing vulnerability last month.  While every other vendor quickly tackled the problem, Apple released a patch that fixed only their server products, leaving their entire desktop user base still vulnerable.  It took them two more weeks, but on August 15 they finally patched it for everyone.

The nature of being secure, in my opinion, relies upon being open, recognizing vulnerabilities, and taking them head-on.  That’s why there is such a large, active community of security-aware researchers, vendors, and system administrators out there.  Apple seems to be shying away from all of this, perhaps out of naivity, perhaps out of conceit.

Whatever the case, I sincerely hope they come to their senses before it is too late.

Clicky