BF2S Forums Apple to support reps: "Do not attempt to remove malware"

Kmar wrote:

*Help
Does it completely stop? No. Is it another layer of scrutiny. Yes. You don't need to read through a blog post to understand the benefits of being proactive .

pwn2own .. yea, I know
http://forums.bf2s.com/viewtopic.php?id=123211
http://forums.bf2s.com/viewtopic.php?pi … 6#p3477266
However, to conclude that the results of any particular hacking event is the average is nonsense. The speed at which those guys take down a system isn't necessarily indicative of overall vulnerability.

I'm not saying that Pwn2Own necessarily describes the vulnerabilities are in the wild like that in such a dangerous way (though perhaps they are in a limited amount?), but given Apple's track record over the past few years at Pwn2Own, I think all it requires is OSX reaching the necessary critical mass on the Internet and we'lll start seeing such exploits in the wild. I hope for all the Apple users out there that this is most definitely not the case, but who knows - there are a lot of unknowns and it's clear that Apple doesn't give a damn about the users, whereas Microsoft does.

I also don't consider Apple's total control of OSX a layer of security. If anything, it actually hurts them. Windows might as well be open source with the way it is scrutinized and reported back to Microsoft from the world at large. Microsoft has also shown that they're perfectly fine with people hacking Windows Phone 7 and Kinect (even encouraging it), because the hackers do a lot of research work that might otherwise have never been done at Microsoft. Microsoft has learned a great deal from the late 90s, early 2000s and has done a fantastic job, I think, in turning around not only its image but also how its business practices. Microsoft is still a large, slow beast, but it's getting quicker and smarter.

Apple meanwhile, seems to be turning into the Microsoft of yore. Now you can't even replace the main system drive on an iMac with a normal one because Apple is once again eschewing industry standards and going its own way. Sorry, gotten a bit off topic here, but I think these points are relevant to how Apple handles problems. Remember the constant denial about the iPhone 4's antenna problem before they finally caved?

Kmar wrote:

I acknowledge that less "in the wild" also means less chances of an attack. However, you seem content on basing your entire rationale on the notion. That's not prevention, that's after the fact. .. and that's why we have update Tuesday every second Tuesday of the month with MS.

Of course crowd sourcing can be effective. And I'm sure that Apple utilizes their customer base to discover exploits to some degree as well. Still, it's not the end all be all approach to security.

The Apple doesn't give a damn about the users rhetoric is ridiculous. That is a completely illogical and unsustainable business model. Personally, everything I've experienced with them has been the opposite.. Right up to the free upgraded iPod touch they gave my daughter last month because she cracked the screen. Of course you are going to have bad situations with any large company. However, the ultimate goal is profit. A satisfied customer is one that will keep coming back, thus maintaining revenue.

Yes I remember antenna gate. And by no means do I think apple is ethically superior to their competition. In fact, they should probably go back and watch their iconic 1984 commercial again.

No, don't understand me wrong when I say that simply because Pwn2Own shows a number of very critical vulnerabilities that the OSX will always be that vulnerable in the open Internet, what I am saying is the fact that such exploits are regularly discovered on Apple's machines shows that they either haven't learned how to properly patch anything or there are just so many potential exploits there, that the researchers are essentially working down an invisible list.

Now assume that Apple OSX devices now make up over 20% of the world's computer population - that would certainly mean a lot of hackers are going to want to be able to attack those machines and will actively search for large holes just like they have been doing on Windows for the past two decades. If Apple does not lock down the OS and implement proper security measures as Microsoft has done, they're going to be in for a world of hurt. That is, however, not the case, but the defenders are always playing keep-up with the attackers in Internet and computer security, so I would speculate that we could see a major attack tomorrow or in two years or never - it's impossible to know and simple saying it's unlikely and not taking the proper precautions is very irresponsible and misguided.

I am not saying that crowd sourcing is a be all, end all solution. In computer security, there is no magic silver bullet that will solve everything. It requires multiple strategies tuned for various situations. You can't use the same solution in every situation, but you can't rely on a few solutions, especially weak ones. You have to take a proactive approach and it seems to me that Apple is content to just sit back and let the "security through obscurity" be their main line of defense. Apple doesn't even have an in-house security software suite that they offer to customers whereas MS does - how irresponsible is that?

I think Apple also does care about the users. You can't ignore your customer base, because you'er right - it's unsustainable. But what you also cannot do is ignore a problem like Apple is doing now (reading the official Apple documentation that has been leaked to Ed Bott shows that Apple is essentially telling its customers to piss off and stop bothering them) and has done already in the past. Not only antenna gate, but they have also liked to ignore problems about GPU overheating and such until the problem reaches the big blogs and then all of a sudden Apple gives a damn. That's not how you are supposed to operate.

I'm not saying Apple is ethically superior, either, but they like to present that image. It's a false image in many ways, but it's still the image they want to present. Take a look at this blog post I wrote http://daviwie.tumblr.com/post/45801080 … e-devices, it's about Apple wanting to begin building carbon fiber into their products as major chassis parts. If they do that, they can kiss their "being green" label they've given themselves goodbye.

I agree with you entirely. My point is that Apple's refusal to acknowledge this problem and flat out refusing to help customers when the competition is obviously willing to do so means that they run a great risk of destroying that trust. Apple has threatened termination of employees that help customers with this malware problem. That's a bit extreme and also hurts morale among employees.

Kmar wrote:

Well if that's the case they are playing with fire at a very bad time for them. .. considering the recent news and general public sentiment towards it.

Apple's had a habit of doing this, though, and outside of antenna gate, their issues have never really reached the mass media. The usual tech blogs most definitely, but never mass media. I can't watch American news programs from Austria, though, so perhaps it is already in the news there? I don't know.

CBS seems to have reported this last thursday.
http://www.cbsnews.com/stories/2011/05/ … 4528.shtml

And CNN today.

http://www.cnn.com/2011/TECH/gaming.gad … index.html

But since both are relegated to their tech section, the regular person won't even likely be aware of the issue.

I've removed this bit of malware before...

Seems to be everywhere - watch out for Google images in Safari.

CapnNismo wrote:

Uzique wrote:

well they are still safer than pc's, are they not? look at the numbers of threats on both platforms. of course it's marketing spiel, but it's not strictly dishonest. you're far less prone to pick up something nasty on a mac than a pc. the fact that apple have bastard tech-support and will be largely unhelpful if you do happen to get infected doesn't change that probability/base statistic.

If you think safer means simply a smaller number of threats, you'd be right. Unfortunately, Apple's OSX and Safari browser have more holes than a slice of Swiss cheese. I'm doing a computer security class at the moment and it isn't done by a group of professors but rather an actual security firm that just does a few seminars and lectures at our uni (since it's across the street) and the folks that there constantly bring up the lack of security in Apple products. If you talk a look at the Pwn2Own results from the past few years, you'll also see that OSX and Safari are always the first to fall. Windows and IE always took a much longer time to fall, especially since Windows 7 and now IE9 have been on the market. IE9 has some very innovative security features (the same author that wrote the blog in the OP, Ed Bott, is a friend of mine - he's been doing a lot of articles about computer security lately; pretty sure he's working on a new book).

Swings and roundabouts - each have their own vulnerabilities. OSX does have a fair few features offering much better security than you get on Windows boxes - an example being the fact that OSX uses a true implementation of NTP, instead of the rubbish Windows version (which doesn't have to sync with stratum servers). Not good for Kerberos...

Although I agree, OSX does tend to have lots more vulnerabilities - but all developers end up putting stupid security holes in, usually to help with convenience. In Apple's case convenience is just a higher priority than proper security.

CapnNismo wrote:

Bertster7 wrote:

but all developers end up putting stupid security holes in, usually to help with convenience. In Apple's case convenience is just a higher priority than proper security.

Yea, that's one thing that was a huge stress point in my security class I've done recently. Often times the security built into an OS or a browser will be circumvented by lazy programmers.

Haha, tell me about it.  Back in college, they'd have an interface that disallowed you from alt-tabing or whatever from the app.  But they allowed you to run command.com./facepalm.