Mac Security Reputation 'is In Tatters'

David Utter
Staff Writer
2006-05-02

The SANS Institute released its spring update of the top 20 Internet security vulnerabilities, and the increased adoption of Mac OS X and the Firefox browser have made them more tempting to malicious hackers.

Macs Not as Safe as They Used to Be

SANS provided an update to its top 20 vulnerabilities list, to ensure the newest and most important ones are brought to the attention of security professionals everywhere.

Long regarded as much more secure than Windows, Apple's Mac OS X has slowly become a more attractive target for attacks. "OS/X still remains safer than Windows, but its reputation for offering a bullet-proof alternative to Windows is in tatters," SANS said.

Microsoft still figures prominently in several places on the list, thanks to the "continuing discovery of multiple zero-day vulnerabilities in Internet Explorer." SANS also noted a "substantial decline" in critical vulnerabilities in Windows Services, which unfortunately has been offset by the client-side problems in Windows and Internet Explorer.

Firefox and the Mozilla Foundation have found the price of fame includes a following from fans it does not want. SANS said there has been "rapid growth in critical Firefox and Mozilla vulnerabilities," as attackers continue to probe those products for arbitrary code execution weaknesses.

SANS also observed a couple of disturbing trends. One concerns zero-day attacks, which they claim are used to "infiltrate systems for profit motives." Adware figures in this trend, they noted:

One possible explanation is that cyber crime has become so lucrative - reaching at least $10 billion per year -- that huge sums of money are being spent to sponsor research to find more vulnerabilities faster. Many vulnerabilities being found make their way into zero-day attacks meant to collect zombies to be infected with lucrative adware downloads.

The other vulnerability can't be blamed on software, but "gullible users" instead. SANS cited a three-year series of disciplined attacks emanating from hostile countries against US, Canadian, and British government interests has escalated to a higher pitch.

Defense and nuclear sites have been specifically targeted, but SANS did not discuss which sites, or which countries have been the sources of the attacks. Spear-phishing attacks aimed at users at those sites try to entice users to download a piece of software for security needs.

They end up downloading a Trojan file that steals information, sends it back to its distributor, and opens a back door for future intrusions.

---
Tags: SANS, Apple, Firefox

Add to | DiggThis | Yahoo! My Web | PreFound.com

Bookmark WebProNews:

About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials