Truth about Mac OS X immunity

2013-02-19 22:26:48 by KatMaestro

I went into some heated arguments with people claiming Mac OS X is immune to malware. I'm not believe there is a huge amount of people still live under fail impression. I'll make this post short.

Mac OS X has more critical vulnerabilities (privilege escalation, RCE, root exploit, buffer overflow) than Linux and just a little lesser than Windows 7 (source: PacketStorm and Exploit-DB). Recently both Facebook and Apple system got pwned via Java 0-day exploit, all via Mac OS X computer. As long as an operating system is left open to 3rd party web app, you remain pwned. Example: Java (it's cute? :D), PHP and JavaScript. Flashback is the prime example of the danger of Java. Many more such as Mac Defender and most danger of all, Crisis (in case Mac fanbois say trojan isn't virus, this is the end of their argument).

So, it's time for fantasized fanbois to upgrade and beef up their OS X security?


You must be logged in to comment on this post.


2013-02-19 22:49:29

i never liked mac os ever, EVER


KatMaestro responds:

OS X is a good OS, but it's too damn expensive and doesn't allow user to customize in freedom.


2013-02-19 23:51:21

Damn, I thought this argument (not yours) was dated. I guess I was wrong.

KatMaestro responds:

It's just a sad belief that Mac users have to make unbelievably serious.


2013-02-20 00:11:48

3 viruses vs your thousands of viruses.

Your move, Windows.

KatMaestro responds:

-_- Do you even realize 3 viruses are just examples? Also, I never say Windows is secure. Neither Linux. If you want the most secure OS, take BSD.

My goal is to point out how simple viruses (virii) can infect a system without obstacles stopping them. The Java program is a memory-mode virus, written by me, works for all OS that enables and can operate Java. The PHP is a privilege escalation virus.

I analyze malware as my hobby. I can write much more complex virus. A good friend of mine is a former blackhat and he wrote malware as a tool of trade.


2013-02-20 01:10:43

The main reason people believe that OSX is immune to virii is because Apple marketed themselves like this for many years. Even the Apple Tech support are told to tell this to there customers. Recently they have stopped doing this, but in the eyes of many, they still think this is valid.

Anyways OSX is more secure than Windows, but not because of the Mach/NEXT/XNU Kernel, but because of the smaller market share. If anyone wants to write a program to infect others, than Windows would be their best bet (85% of all desktop computers run Windows), than Apple's 10% market share.

Apple fan boys are annoying though.

Also keep in mind OSX is not UNIX so "UNIX security" part in your post is kind of moot.

(Updated ) KatMaestro responds:

Well said. Thanks for the corrections, I have changed the post. :)


2013-02-20 09:12:02

The biggest problem is always the user, not the OS itself.

I had one virus in over 10 years of "heavy" computer usage - thanks to a Flash ad.

Block Java, block Flash, only allow it if you really need it, check suspicious files with Virustotal or a similar page, never trust a virus scanner. Oh, and use your brain.

Sadly, Linux is not an option for me (yet), as my audio software is Win / Mac only, but I run it as a VM on my 2nd screen to browse .. interesting pages.

KatMaestro responds:

Sadly, you need Flash to be on Youtube (their HTML5 support is quite clumpy). Java is quite useless nowadays. There is literally load tons of way to inject malware to your system... PHP, Perl, Python, Ruby, JS, Java, AS; even HTML, XML and CSS malware.