Ron Schenone

One Hacker Says Apple And Mac Users Don’t Take Security Seriously

Posted by on Apr 18, 2010 | 13 Comments

Most of us, like myself, who have been using Windows based PCs since Windows was in diapers, know how to effectively protect our systems from attack. Using a variety of third party software, we Windows users know that we must protect our computers from outside attacks. Through the years Windows users have been made fun of by Mac users who like to point out how virus free their machines are. But even with Apple having a few stellar years selling its Mac stuff, Windows still remains the operating system of choice for most of us.

But now Mac users are coming under attack, by those same hackers, that have made Window users cringe. What these hackers are finding is that neither Apple nor Mac users haven’t a clue about security. These same people who had bad mouthed Windows for years are now going to get a taste of infections specifically designed to bring their systems to its knees. One well known hacker states:

Marc Maiffret, currently chief security architect at security firm FireEye first gained a modicum of fame as a hacker targeting Microsoft products. For example, he uncovered the security hole that the Code Red worm exploited back in 2001 to attack Windows servers.

He’s been no stranger to publicity, being one of the hackers featured on MTV’s I’m a Hacker, and named as one of People Magazine’s “Next Wave” of people to watch, back in 2004.

In an interview with CNet, he claims that Microsoft takes security more seriously than does Apple, and excoriates Apple fans as being “ignorant” about security risks.

Maiffret says he believes Microsoft does one of the best jobs in the industry around security, telling CNet:

“From an internal process in how they go about auditing their code and securing software from a technical perspective, they do have one of the best models. The area they still have room for improvement is around time lines of how long it takes for them to fix things.”

As for Apple and its fans, he has very little good to say, saying that the Mac is vulnerable, and its fans ignorant about security risks:

“…they try to market themselves as more secure than the PC, that you don’t have to worry about viruses, etc. Anytime there’s been a hacking contest, within a few hours someone’s found a new Apple vulnerability. If they were taking it seriously, they wouldn’t claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don’t see more attacks out there compared to Microsoft is because their market share isn’t near what Microsoft’s is.”

Interesting take from one hacker’s perspective. But what do you think? If you are a Mac user do you give a second thought about security or do you think your system is exempt from being hacked?

Comments welcome.

Source – PC World

  • Pingback: Notebook And PC | Newest Gadget

  • nichtJan

    As far as I understand the Mac OS, it is way more difficult to get root priviliges on a Unix System then on a Windows based machine. And since hopefully anybody is using a root Account for their daily work on a Mac, they should be fairly safe.
    But overall I have to agree that Mac Users pay less Attention to Security as the “scared to death” Windows Community.

  • Pingback: My Social Media for April 19th « ☺ | LockerGnome.net Lifestream

  • Pingback: One Hacker Says Apple And Mac Users Don't Take Security Seriously … : : mac

  • http://geeks.pirillo.com/profile/robbwindow Robert

    Mac user here Chris enjoyed the I-Pad tapping vid and the dry supernoodle vid too. Anyway my mouse is making a strange sound having sprayed with disinfectant. Anyway cutting long story short I thought it was a virus because the screen kept flickering and the page scrolling down. Having disabled the down mechanism on the mouse and tracking the sound to the mouse I figure its me who’s the worst enemy. Anyway I worried now too, care too elaborate a little more please, I don’t fully understand, I like most think the complicated Linux is free from Hacks even from 2004+ professionals?

  • hmurchison

    Been running my Mac and OS X for 4 years. Not one virus has been seen or needed to be eradicated. Every Mac user likely laughed when they read the part about “a variety of 3rd party software”

    How are you going to be persuasive to us Mac users who never had to buy that “brew” of security software?

    Trotting out spokeman from a security firm to talk about potential malware for Macs is like trotting out a representative from Chick Fi-A to discuss the harmful effects of Beef. Their job depends on virus, hacker and malware threats.

    Of course though just because my attitude is somewhat flippant about security does not mean Apple is and to that end Apple hired Ivan Krstic of Bitfrost and One Laptop Per Child (OLPC) fame. If they didn’t care about security they wouldn’t have hired Ivan last May.

  • http://www.australianguy.com AustralianGuy

    Time will tell, as a Mac user, I most definitely hold my breath if I ever use a credit card online, or even when I use paypal which I can get near instant notification of account usage.

    As for the opinion of Marc Maiffre, its difficult to take seriously straight away when he’s making comparsons but fails to point out how obviously bad Microsoft’s security was in 95, 98, 98SE, ME, 2000, and XP, and how many times they didn’t learn about some very fundamental things. It is a comparison afterall and it hasn’t been very long since those mistakes were part of every day life for most people.

    I wonder if I clicked through to the rest of what he said on CNET, if he offers any solutions or just focuses on problems. I’m guessing that since I’m merely a “fan” that he sticks with complaining.

  • http://www.pleasedontfuckwithmy.info Max

    I’ve been following security in both domains for quite a while and Apple certainly does not take security nearly as seriously as MS. That aside, because Apple has gotten their users to believe that they are invulnerable, there is very little market for serious security tools for Apple.

    nichtJan made the comment “But overall I have to agree that Mac Users pay less Attention to Security as the “scared to death” Windows Community.” and I have to disagree with the last part of that statement. I don’t know anyone on windows that is “scared to death”. I just know people that install the right tools to secure their systems and move along with the daily grind. I personally don’t think about it. Most of my security tools aren’t very intrusive into my PC usage and I only notice them when I need to run updates or when they catch something going wrong before it’s gone wrong. I can’t remember the last time I actually had to remove a virus from my PC.

    To address another comment by nichtJan “As far as I understand the Mac OS, it is way more difficult to get root priviliges on a Unix System then on a Windows based machine.” It entirely depends on what available exploits are available, and the configuration of the system. OSX is built on an OS I am intimately familiar with, FreeBSD. OSX is not set up very securely at all because it has to loosen up security or have a really obnoxious, dare I say “Vista like”, experience with having to grant superuser privileges every time someone sneezes.

    Apple has a great platform, I just wish they took security more seriously and stopped threatening people when they find holes in their existing security. Using lawyers to suppress information is a shit tactic that reeks of a massive lack of credibility and confidence in your product, at least to me it does. That’s my two cents anyway. Cheers!

  • http://wp3.lockergnome.com/nexus/blade/ Ron Schenone

    Thanks for the comments everyone. I appreciate your opinions and for sharing your thoughts.
    Regards, Ron

  • Juan

    Anyone who uses a computer hooked up to the Internet and/or shares files with other people needs to be conscientious about security. Mac users should avoid using root with the exception of times when handling maintenance and setting issues, avoid using many Adobe and Microsoft products with a track record of possessing vulnerabilities (or at least keep them up-to-date), and make sure to regularly run Software Update for security patches. It is also not a bad idea to install ClamXav and keep it up to date for running scans of files you receive or download. Keeping your Mac in a secure location is also not a bad idea (as many of the biggest publicized exploits require physical access to the machine).

    That being said, people on Macs currently have much less to worry about than those on Window machines. The evidence is indisputable. HOWEVER, as Apple continues to experience staggering year-over-year growth, Mac OS users will only become an increasingly attractive target to malware developers. The same can be said of any operating system that enjoys a large (especially those with a majority) share of a market, be it on a computer, mobile device, or tablet.

    If the current trend continues, the potential risk to Mac users will force them to become more vigilant. in the meantime, Apple should begin preparing for this scenario. Recently, they hired Mozilla’s security expert (who also did a stint at Microsoft) and have been responsive to some of the exploits discovered through hacking conferences.

    No OS is airtight because they are designed and used by people. Even Linux (considered the most secure OS in many circles) users are vulnerable to phishing scams and can use “password” as their password.

  • Sam LaForest

    Honestly, if Macs begin to get viruses like Windows can, I’m going back to Windows because I know there’s some great anti virus software out there, there isn’t for Mac!

  • Pingback: My Social Media for April 19th « ☺ | LockerGnome.net Lifestream

  • J

    To say that mac users don’t take security seriously is a completely false statement. Maybe the 15 year old kid who got a mac for Xmas, and knows nothing doesn’t… But those of us who have an understanding of what threats are out there do. I would have to agree the above post… Mr Maiffret’s job, and many others depend on scaring the masses, and bashing the Competition. I use mac almost exclusively… I take my security VERY seriously. And as serious, and watchful as I am, any pc’s I’ve used in the past have still managed to become infected.
    I don’t mean to imply that macs are impervious. But without a doubt, I have experienced far fewer problems with them. How can Mr. Maiffret claim that microsoft does “one of the best jobs in the industry around security” when PC’s are always getting infected with something. Sure… They have made some serious advances as of late. I won’t deny this fact. But my macs have never had any of the problems my pc’s have.
    Don’t be fooled people. What would make you truly “ignorant” as Mr. Maiffret put it, would be to take one man at his word just because of his position within some company. I don’t say that to bash Mr. Maiffret in any way, and if you decide to use a mac, I strongly urge you to investigate what risks exist, and how to protect your machine, and yourself from those risks. But don’t believe for a single second, that mac users are “ignorant” or don’t take security seriously. This simply isn’t the truth.