You download an infected file, copy it into an email, copy it onto a CD or copy it onto a memory stick and give it to a Windows user...


They secure it the same way Apple secure OS X.

Adding their own AV software would be abusing their monopoly position.

The card did the passing, the person plugging it in didn't do anything.

If you copied the contents of the card to your hard drive, then copied the contents onto another card or packaged it up and e-mailed it to a Windows PC, you would infect their machine, if they weren't running AV software.

It isn't so much obscurity, as ROI. Currently, the target is Adobe, because exploits in Adobe Reader and Flash can be used to exploit on OS X, Windows or Linux machines. One of the reasons I am quite happy for Apple to not let Flash onto the iPhone platform.

It is a money game. Malware authors get more money per infected Windows machine in their botnets than they do for Apple machines.

Oh, and there is malware out there for OS X. That is why Apple introduced malware checking software in Leopard and Snow Leopard last year. Currently it only checks for 2 trojans, but they are out there in the wild.

It is not as if the machine is going through my contacts and sending it though. Whilst memory sticks/cards don't come with active AV installed on them then I don't see why my systems should.

I know most Windows users happily embrace AV software. As far as I can see it does nothing but harm on the Mac.

The problem with AV is that no one program is good enough.
Back about five years ago now, I installed a Win XP machine and used it for a week without any AV. I then scanned the computer using Avast, AVG Free, Sophos and Norton (licenses borrowed from friends).
Each AV came up with it's own list of malware...Many were common in each list, but each AV added it's own...

So two old and long ago patched Trojans. Apple seem to be on top of the job. They should let MS do the same.

I specifically stated virii because I wasn't including trojans as they require user intervention.
Interesting what you say about 10.6 though as I'm running that on my MBP.
A little more reading on that is in order for me.

Mark

That normally works

Microsoft does have the same technology installed by default in Internet Explorer. But it doesn't stop bloody minded Mac users sending them infected memory sticks.

Just because your computer can't get infected with a Windows virus - although MS Office viruses will generally work on versions of Mac Office up to and including 2004; 2008 is immune, because they crippled its ability to run macros - doesn't mean that you shouldn't be aware that such malware exists and can be passed along.

If you have a file called mypicture.jpg.exe and it won't open on your Mac, why would you pass it on to a Windows user? As a simple example.

And look at the 16 patches for Safari this week, they patched several remote execution flaws, which would allow hackers to access your machine from malformed websites, by crashing Safari and allowing them to run their code on your machine. Luckily, like most of these exploits, malformed websites are rare and there were no active exploits.

That said, the Google and other recent hacking attempts have shown a new trend. The hackers don't use widespread viruses to blanket attack as many PCs as possible - although the botnets are still the biggest threat for the average user. They are switching to using focused attack (spearphishing), where they find a target and work out from there, they find out which software they use, which browser is used in a company, for example, which social networks the employees are on etc.

They then use a combined attack - possibly exploiting a browser vulnerability to slip in a password grabber on the computer of a friend of the target(s) and gain access to their Facebook account, for example. From there, they send a malware bundle aimed at the targets browser or just a trojan, hidden as a picture file for example (the .jpg.exe above, Windows will only show it as a .jpg image file, but double clicking on it will execute the trojan, as Kindawobbly proved back on the old forums, it is possible to hide a malware script inside an innocuous file on the Mac).

There are then plenty of known exploits for all platforms (OS X, Windows and Linux), which would allow them to hide their software and start passing data outside the company to their command and control servers out in the web.

The Google instance used Internet Explorer on Windows XP, but it could equally well have been an unpatched Mac running Safari which could have been compromised. Just look at the last two Cansec West conferences, where Charlie Miller walked away with an Apple laptop two years running, after compromising them within a couple of minutes of the competition opening.

This isn't a big worry for the average home user, but such targeted attacks are worrying, as the security through obscurity is really out of the window, because the target cannot be obscure, because they are the only target. The attacker just needs a bit of social engineering and a couple of unpatched exploits of the guest OS and no OS is immune to that.

Edit: Oops, I seem to have done a Gareth...

Indeed. The law is on the side of the criminals, and the AV companies profit from this crime.

The real solution is to shoot the lawyers.

+1

I remember the flak MS got when they made Vista so secure, all of the security companies were up in arms. MS could include security software but that would be seen as anti-competitiveness and unlawful.

Yes but wouldn't that be better? Make the OS and browser so secure that you do not need Microsoft to provide any additional security software.

It isn't possible. No operating system is so secure that it can't be hacked or have malware. You can make it as secure as possible, but 100% secure is a myth.

Microsoft's problem is, a whole industry has grown up around making Windows secure. If Microsoft now make it as hardened and bullet proof as possible, they will kill of the paracites selling security software. The paracites have an easy recoures of action, Microsoft has already been found guilty of abusing its monopoly, so they only have to hint at abuse of position and the authorities clamp down on them, whether it is warranted or not - just look at the current browser debacle...

The licensing practices and the exclusion of competitors on the server side warranted investigation and fines, but the public didn't understand that, going after "silly" things, like the media player and later the web browser, were a sideshow, to give the public something they could understand in the news.

The problem is, once you start with the media player and web browser, where do you stop? The file manager? That isn't part of an operating system, the dir command was written by a programmer who wanted to see what files he had created, it soon became a very popular utility and worked its way in as a standard component. So, we'll see TotalCommander & others clamouring for a file manager voting screen next.

What about solitaire et al, they aren't part of an OS either, or Notepad or Wordpad or calendar or mail program etc.

If the OS makers were made to strip their operating systems back to being purely operating systems, your new computer would, at most, boot to an empty desktop and you wouldn't be able to do anything with it, until you had installed some software - or gone through about 50 different voting screens...

Discussion on OS X ransome ware...

http://blogs.zdnet.com/security/?p=5731&tag=nl.e550