Monday, April 30, 2007

Rootkits: The next big enterprise threat?

Capable of cloaking malware, rootkits are fast infiltrating the enterprise to expose sensitive data without detection

By Steve Hultquist
April 30, 2007 Talkback E-mail Printer Friendly Reprints
Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about $4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyze them.

What MANDIANT found was that an unauthorized kernel modification had caused the system to become unstable, and that the modification had compromised the system's security as well. To determine the extent of the breach, each of the 48 servers needed to be taken offline, booted in a controlled environment, and analyzed for three to five hours each. About half had the crack installed, forcing the company to assume that all credit card information had been compromised. What had first seemed routine resulted in a financial nightmare -- one that many companies are leaving themselves exposed to, unaware of the increasing pervasiveness of rootkits.

Every organization is aware of the importance of securing core systems, networks, and end-user equipment in an increasingly mobile and malware-saturated world. But what most may not realize is the growing threat of malicious software intended to keep its presence hidden from administrators and traditional anti-virus software. Termed after early Unix packages designed to replace commands that would otherwise alert admins to the presence of intruders who had "root" or admin access to systems, rootkits are on the rise among those seeking to steal corporate and personal information for financial gain.

Rootkits alone, of course, are not inherently malicious. But when packaged with malware, they can facilitate deeply compromising security breaches undetected, especially as they become increasingly popular for attacks on non-Unix systems, specifically Windows. And with Forrester Research recently estimating that security breaches cost companies between $90 and $305 for each record lost, who can afford to turn a blind eye to what may invisibly be leaching sensitive data from their network?

The rise of rootkits
Rootkits date back to the earliest years of the Internet, when crackers created cloaked variants of Unix commands to ensure their deeds on compromised systems would go undetected. A concern mainly of system administrators for Net-connected Unix systems, rootkits remained relatively low-profile for many years, until Sony BMG Music Entertainment's Windows rootkit DRM (digital rights management) boondoggle of 2005.

In an attempt to enforce copyright protection, Sony BMG developed a rootkit that surreptitiously installed XCP (Extended Copy Protection) or MediaMax CD-3 software when music CDs were played on a PC. Poorly designed, the software opened holes in the Windows OS, facilitating infection by viruses and causing other system problems. Mark Russinovich, now a technical fellow at Microsoft, discovered the rootkit's behavior, which he then announced on his blog. The resulting furor and further illustrations of the fallout of the rootkit led Sony BMG to recall the CDs and issue a removal program. Unfortunately, the removal program was equally poorly designed, leading to additional privacy and security concerns, as documented by Russinovich.

This incident awoke two groups to the potency of Windows rootkits: crackers and professional criminals who break into computers on the one side, and the companies who create software to protect systems on the other. Already entrenched in a high-stakes battle over malware, the two camps now had a new, potentially more damaging front on which to contend. The Computer Economics 2005 Malware Report, the organization's latest, put the cost of malware in 2005 at $14.2 billion. The ability of malware authors to hide their scripts from anti-virus software's capability of automatically detecting, protecting, and eradicating most malware would only serve to escalate the stakes, especially as malware authors' motivation "continued to shift from a general desire to inflict damage to an intent to gain financially, through theft of personal information such as credit card data or by gaining access to financial accounts," according to the survey.

The greater emphasis on mobility in the enterprise has certainly contributed to the increasing likelihood of infection with cloaked malware. So too are the various unpatched security holes in Microsoft Windows and related products, which provide access for automated rootkit installation. The proliferation of rootkits -- which are used to cloak files on disks, system hooks, and processes running on systems -- is alarming, as spyware developers and malware authors are creating bot networks that use rootkits to evade detection, hiding not only the malware but also what information is being obtained. Some of the more sophisticated rootkits even modify and corrupt Windows APIs. (For more detailed information on rootkits, visit rootkit.com or read Greg Hoglund and Jamie Butler's Rootkits: Subverting the Windows Kernel.)

Part of what's fueling the proliferation of rootkits is the ease with which they can be implemented.

"It has definitely ramped up over the last year and a half to two years," says Butler, principal software engineer at MANDIANT. "It has gotten very easy for malware authors to cut and paste these technologies into their code set to maintain a presence on the machine."

For the time being, malware rootkit use remains crude. "Many of the attacks are unsophisticated," Butler says. "We're not seeing leading-edge rootkit technologies." But the dynamics of intrusion and response that are the hallmarks of the security industry are fast pushing the use of rootkits in innovative directions.

The front lines of rootkit defense
Rootkits employ a variety of methodologies to conceal themselves. Some overwrite kernel structures to replace the hooks normally used by Windows commands. Others create files within the file system that are effectively invisible. Still others capture hooks in Windows commands to corrupt their outputs. Many hook into addresses used for kernel services, changing the address of the table entry so the rootkit gets called before the real Windows system call is performed. Extensive details on current approaches to concealment are available at rootkit.com and other Internet sites. One recent methodology posted on rootkit.com involves loading a drive in place of the Windows null.sys dummy driver. The same post outlines three other methods for hiding drivers and offers the code for null.sys replacement.

In terms of defending against infection, Microsoft Windows Vista 64-bit resource protection and Software Restriction Policies in Windows XP provide some assurance, but developers of rogue software have proven their ability to find new ways to hide code on compromised machines. In fact, the rootkit front is fast transforming into an arms race, with each side innovating in response to developments the other camp pushes forward. Keeping on top of the latest modes of prevention is essential, especially if you are responsible for a fleet of computers running any variations of Microsoft Windows.

As for the big security players, a number are appropriating the traditional approach to viruses, using signature-based searches to track down known rootkits and applying related fixes. Two of the major vendors, Symantec and Trend Micro, however, are taking unique tacks in combating rootkits.


Symantec is leveraging mapping technology to discover rootkits on compromised systems. Oliver Friedrichs, director of emerging technologies for security response at Symantec, believes rootkit eradication requires a stable, reliable design that minimizes false positives and mitigates system instability during rootkit removal. To make good on this mission, Symantec has employed the expertise and technology brought on board during the Veritas acquisition. Using VxMS (Veritas Mapping Service), Symantec's Norton Internet Security 2007 maps data on the hard drive, compares it with the Windows file structure, and isolates any discovered mismatches in an effort to repair potential problems. In effect, VxMS enables Norton to compare file systems with the raw data on the disk. Differences are immediately suspect.

For example, say Windows Explorer shows five files in a directory, whereas VxMS shows 10. Clearly, the additional five files are cloaked. Norton sends the suspicious files to Symantec for analysis, eradication occurs during reboot, and the discovered rogue is removed from other systems worldwide as a result.

Trend Micro takes a different approach. Using experience gained in its security labs, the company developed a complete library -- the RCM (Rootkit Common Module) -- to replace the Windows APIs, says Geoff Grindrod, solution product manager at Trend Micro. According to Grindrod, the library includes double encryption to avoid spoofing, and its proxy for API calls is constructed as a special kernel module. With the RCM, the system sees hidden processes, hidden registry keys, and hidden files. As the RCM has matured, it has been integrated into more and more Trend products and is now a core component of anti-spyware and other Trend Micro products, Grindrod says.

Discovering rootkits, however, is only half the battle, as excising them can result in its own set of problems.

"Rootkits are so imbedded in the operating system," Mandiant's Butler says. "Plus, we're seeing firmware attacks and survivable rootkits installing themselves in the BIOS. Removing rootkits can also make the system unstable while it's running."

Admins should be aware of the implications of rootkit removal before lunging headlong into the endeavor, says Ron O'Brien, senior security analyst at Sophos, one of the first security vendors to offer a rootkit removal tool.

"Rootkits are not 'bad,' but they have developed a reputation for being bad," O'Brien says. "They are really just a form of hidden files" that may have legitimate uses. Ripping rootkits out before establishing their purpose can prove detrimental to overall system health, he adds.

Coping with an evolving threat
Despite advances in prevention and removal, Steve Manzuik, senior manager of security engineering and research at Juniper, sees no end in sight to the rootkit threat. In fact, Manzuik believes that rootkit.com, Joanna Rutkowska's work on the Windows kernel, and Microsoft's resource protections for 64-bit Windows Vista are "making it more difficult for both attackers and vendors."

Manzuik sees that current approaches to rootkit discovery and removal are beginning to fail despite improvements in Windows security. Factor in the lag time before Vista protections are widely deployed, and you have a perfect breeding ground for rootkit innovation. For example, Manzuik points out that some rootkits can now bypass the security sandbox. They detect they are in the sandbox and lay low, effectively tricking the system into thinking they are legitimate apps.

MANDIANT's Butler, however, believes that Vista protections will have an impact. Not only will the protections make it more difficult for rootkit authors to break in, Butler says, but it will also require "another separate effort to conceal themselves and maintain their presence."

Manzuik and Butler do, however, agree on the importance of strict user access policies. Both view rootkits as further evidence against giving users admin-level access to systems -- especially at smaller organizations, where the practice is often promoted as a cost-cutting necessity.

"The culture in smaller companies is that they will only call the IT guys if they can't figure it out themselves, which leads to most users having admin rights on machines," Manzuik says. Any organization employing this policy -- regardless of its size -- will be compromised, Manzuik says.

Because of this, Manzuik believes policy should figure foremost as a means for protecting systems against rootkits: "Without buying special technology, [most organizations] can deal with the majority of the threats with proper security policy and management."

That said, recent attention paid to rootkits has resulted in a raft of discovery and removal tools, both free and host-based, including IceSword, RootkitRevealer, F-Secure's Blacklight, and Sophos Anti-Rootkit. Over time, these functions will be integrated into enterprise-grade anti-virus and host-based security solutions. In the meantime, however, most organizations remain unprepared -- all the more troubling, given that opportunism is pushing rootkit know-how deeper underground, out of the IT community spotlight.

In the past, innovations in the art of hiding rootkits was shared in newsgroups and posted to community Web sites. The financial upside of having rootkit knowledge, however, is changing that, MANDIANT's Butler says. Those who uncover new approaches may take their discovery to a security company as their calling card to obtain a job. More disturbing, however, is the amount of money malware authors are willing to pay for new techniques. And with both sides of the divide doling out cash for the latest innovations, rootkit development is clearly becoming a lucrative pursuit -- one that leaves most organizations in the lurch, unaware of what's coming.

To reduce the probability and impact of rootkit infection, organizations should take the following proactive steps:

1. Do not ignore the threat and do not rely entirely on deployed anti-virus or host security systems.
2. Develop and implement a plan to analyze the current state of all systems.
3. Establish proactive procedures for maintaining an expanding defense against rootkit installation attempts, including policies and end-user communication.
4. Create a plan to analyze any infections that occur.

Kevin Mandia, president and CEO of MANDIANT, notes two essential capabilities for discovering rootkits in the enterprise: "the ability -- tools and technology -- to detect the rootkit’s network traffic via network security monitoring; and the ability to perform a sophisticated host-based console review, [making sure you're] able to conclude that the host-based review did not identify the process that is generating the suspicious network traffic."

For organizations looking for added protection against rootkits, enlisting the assistance of security experts is a worthwhile idea. MANDIANT, for one, provides incident-response software and professional services, enabling organizations to tap experts when developing risk-mitigation strategies and when responding to incidents to determine what data was lost and how the attack entered and evolved.

Unfortunately, too many organizations will wait until they have lost data and have exposed themselves to great financial harm before taking steps. Don't be one of them.

Steve Hultquist is a contributing editor of the InfoWorld Test Center.

Thursday, April 26, 2007

Florida Might Be Tech's Next Big Hub

By Deborah Perelman
April 26, 2007



When most people think of big high-tech hubs, what comes to mind is Silicon Valley. In-the-know IT workers might also add Northern Virginia, Denver or Austin to that list. But rarely is much said about Florida, which, according to the AEA's "Cyberstates 2007" report, is the fourth-largest and second-fastest-growing technology hub.

Florida's high-tech industry added a net 10,900 jobs between 2004 and 2005, a growth in technology-related employment surpassed only by California, which added 14,400 high-tech jobs in the same period.

Florida's employment of a total of 276,400 high-tech workers in 2005, the most recent year for which data is available, made it the fourth largest high-tech employer out of the 52 areas (50 states plus Puerto Rico and the District of Columbia), surpassed only by California (919,300), Texas (445,800) and New York (299,900).

Florida's tech manufacturers added 2,100 net jobs in 2005 alone, driven largely by a 1,500 net job increase in the defense electronics sector. Among the tech services sectors, engineering services saw the largest increase (over 4,600 jobs), followed by computer systems design and related services (over 2,500 jobs), and Internet services (over 1,100 jobs).

"Florida's high-tech industry is riding the crest of a wave," said Amjad Shamim, CEO of AAJ Technologies, in Fort Lauderdale, Fla., and chair of the American Electronics Association's Florida Council.


"While other states are only now beginning to recover from the bursting of the tech bubble in 2001, we have seen two straight years of some of the fastest growth in tech industry jobs in the country. While other states continue to see their tech manufacturing base erode, Florida added manufacturing jobs. And this growth benefits the entire state economy. The average tech industry wage in Florida pays 70 percent more than the average wage of Florida's private sector," Shamim said.



Specifically, high-tech employees in Florida earned an average salary of $61,000, which ranked 29th in the nation for tech salaries.

Meanwhile, high-tech firms employed 41 out of every 1,000 private sector workers in 2005, a substantial number in a state where, according to the U.S. Census Bureau, nearly 17 percent of the population was above retirement age.

So, why is it that when people think of big tech hubs, Florida rarely comes to mind?

"From our vantage point, very few people realize that Florida is a high-tech state," said Todd Rader, CEO of Avancent Consulting and vice chair of AEA's Florida Council. "In fact, most Floridians would not see the Sunshine State as a high-tech giant, even though we are the fourth-largest and second-fastest-growing 'Cyberstate' in absolute number of jobs."

Some argue that this is because Florida lacks an identifiable technology epicenter, such as California's Silicon Valley or Northern Virginia's tech corridor.

"The state doesn't see itself in high-tech terms, largely because their tech jobs are spread all over the state, from Tallahassee to Miami, and that's an enormous area, but there isn't one pocket that dominates," William T. Archey, president and CEO of AEA, headquartered in Washington and in Santa Clara, Calif., told eWEEK.

Lacking a centralized tech region may not seem particularly harmful, but analysts and planners alike point to the power of a nerve center to attract the best employees and businesses.



"Clustering is a notable phenomenon in the high-tech industry. High-tech companies like to go where high-tech companies already are. In other words, geeks like to be with geeks," Archey said.

As Silicon Valley, still in the No. 1 slot, grows increasingly more expensive to live or start a business in, the question of where tech startups may cluster next is up for debate.

"To some extent, Silicon Valley has been a victim of its own success, causing the cost base of its companies to accelerate," said Paul Forster, CEO and co-founder of Indeed.com, a job search engine based in Stamford, Conn., told eWEEK.

And in an age of wireless communications and cross-country telecommuting, technology professionals may be looking to stay closer to home.

"Not everyone wants to live the California lifestyle. There are places with a higher quality of life and tech-challenging positions," said Brandon Courtney, vice president of the Professional Services division of Spherion, a staffing and recruitment firm based in Fort Lauderdale, Fla.

Check out eWEEK.com's Careers Center for the latest news, analysis and commentary on careers for IT professionals.

Friday, April 20, 2007

Myth crushed as hacker shows Mac break-in

Dino Dai Zovi was able to remotely break into a Mac as part of a contest designed to illustrate security flaws in OS X

By Nancy Gohring, IDG News Service
April 20, 2007 Talkback E-mail Printer Friendly Reprints
A hacker managed to break into a Mac and win a $10,000 prize as part of a contest started at the CanSecWest security conference in Vancouver.

The conference organizers decided to offer the contest in part to draw attention to possible security shortcomings in Macs. "You see a lot of people running OS X saying it's so secure, and frankly, Microsoft is putting more work into security than Apple has," said Dragos Ruiu, the principal organizer of security conferences including CanSecWest

Initially, contestants were invited to try to access one of two Macs through a wireless access point while the Macs had no programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs via e-mail.

Dino Dai Zovi, who lives in New York, sent along a URL that exposed the hole. Because the contest was only open to attendees in Vancouver, he sent it to a friend who was at the conference and forwarded it on.

The URL opened a blank page but exposed a vulnerability in input handling in Safari, Comeau said. An attacker could use the vulnerability in a number of ways, but Dai Zovi used it to open a back door that gave him access to anything on the computer, Comeau said.

The vulnerability won't be published. 3Com's TippingPoint division, which put up the cash prize, will handle disclosing it to Apple.

The prize for the contest was originally one of the Macs. But on Thursday evening, TippingPoint put up the cash award, which may have spurred a wider interest in the contest.

One reason Macs haven't been much of a target for hackers is that there are fewer to attack, said Terri Forslof, manager of security response for TippingPoint. "It's an incentive issue. The Mac is not as widely deployed of a platform as, say, Windows," she said. In this case, the cash may have provided motivation.

The contest was a chance for hackers to demonstrate techniques they may have boasted about. "I hear a lot of people bragging about how easy it is to break into Macs," Ruiu said.

Some attendees didn't think it was a coincidence that on late Thursday Apple released a patch for 25 vulnerabilities in OS X.

Macs haven't been targets for hackers and malicious code writers nearly to the degree that Windows machines have historically. That's in part because there are fewer Macs in use, thus making the potential impact of malicious code smaller than on the more widely used PCs.

Also, Apple is "extremely litigious when people do find stuff," noted Theo de Raadt, OpenBSD project leader and an attendee at the conference. He suspects that will backfire on Apple, which could begin to "look evil" if hackers begin to publish potentially threatening letters from the company.

This story was updated on April 20, 2007

tenelenven 2007-04-20 18:13:06 flag as inappropriate
This is not a hack to the OS, it's just a hack to Safari and offers no breach of the OS once the blank page appears. Nice try, but another yawner.
riquiscott 2007-04-20 19:14:15 flag as inappropriate
From the article: "The URL opened a blank page but exposed a vulnerability in input handling in Safari, Comeau said. An attacker could use the vulnerability in a number of ways, but Di Zovie used it to open a back door that gave him access to anything on the computer, Comeau said." Sounds to me like the OS was in fact breached...
MattInChicago 2007-04-20 19:42:59 flag as inappropriate
Funny, to me it seems to prove the point of just ho secure "Mac OSX" really is! They couldn't crack it! Try as they might it was a non-starter. So rather than be embarrassed they changed the rules and opened a browser, the least secure app of any OS (made to read/write over internet) and they found a hole there! Ok fair enough! The headlines and stories should then be factual. This one should have read: "Myth proven as hackers are unable to perform Mac break-in Dino Di Zovie was only able to remotely break into a Mac when allowed access to a running browser, Safari, as part of a contest designed to illustrate security flaws in OS X, that had until then yielded no winners".
riquiscott 2007-04-20 20:32:19 flag as inappropriate
Di Zovie was still able to inappropriately gain root access through an application, something that a totally-secure OS would not allow.
MacKTHeRIPper 2007-04-20 20:40:28 flag as inappropriate
You may be right as long as the Mac was sitting there doing nothing it was not cracked. Once they started using it, things changed. It was cracked as though it was hit with a ton of bricks. Seems to me that it cost a lot not to use though??
tenelenven 2007-04-20 20:59:47 flag as inappropriate
InfoWorld might want to pull this story, since it has now been reported, they bent the rules to make this hack work: From CNET: "The successful attack on the second and final day of the contest required participants to surf to a malicious Web site using Safari--a type of attack familiar to Windows users. CanSecWest organizers relaxed the rules Friday after nobody at the event had breached either of the Macs on the previous day." So it wasn't a break-in as first believed... which is "priceless" since it shows OSX remains unhacked.
MattInChicago 2007-04-20 21:24:57 flag as inappropriate
First of all...I did NOT say OS X was "totally secure". All one has to do is check software updater today! What I am saying is that it's one thing to have some vulnerability and another to actually exploit it in the wild. So many OS X issues are local in nature or require a set-up that's "just right". This is why attacks, even if they were to happen, would even be more limited than the Mac's market share. Will some hole be found one day in OS X as it ships by default? Maybe, I wouldn't be surprised. But in the meantime the Windows fan boys need displays such as this, for what, I guess to post stuff like I've read here. It's really got to bother them that OS X itself wasn't hacked especially when a similar contest using Windows will never happen...I mean who wants to loose $10K on a sucker bet! ;-)
tenelenven 2007-04-21 07:44:19 flag as inappropriate
InfoWorld publishes FALSE report: "Opening an email URL that exposes a security flaw in Safari is both news to report and a problem for Apple to tackle, but reporting it as a remote exploit is inaccurate, irresponsible, and sloppy journalism, particularly for IDG's InfoWorld, which purports to be an authority on computing." More Here: http://snipurl.com/1hh5n oops!
TomH 2007-04-21 09:27:29 flag as inappropriate
First, they change the rules, then they forget to mention the OS X Leopard is axing input manager hacks. Don't tell us Microsoft is doing more. What a lame attempt at making Macs look less secure than Windows as the Leopard release approaches. complete reporting would have been, well, more complete. And lets just do away with this whole there aren't enough macs to make it worthwile. John Gruber took Larry Seltzer to task on this one a while back. http://daringfireball.net/2006/11/jackass_larry_seltzer
Dragon76 2007-04-21 09:30:26 flag as inappropriate
If you read what actually happened, instead of just this article, they were not able to achieve root, just user access to the system.
millenium 2007-04-21 09:48:19 flag as inappropriate
thous are very, very big lies - did you follow the contest???? - now i know that we can't trust no more to InfoWorld - or you just need to change your Reporters - Nancy Gohring you are unacurate and uneducated and you're a big lier - you write, but you don't follow ( what you're writing about )
DarekMeridian 2007-04-21 15:36:34 flag as inappropriate
So your mac is secure as long as you don't use any browsers. That's useful in this age.
tenelenven 2007-04-21 16:03:34 flag as inappropriate
For DarekMeridian: No. It only affects Safari, using Camino or FireFox or one of about 30 other Mac browsers you'll be fine. The Mac is still 100% secure, it's just a demo of a weakness in javascipt/safari if you have physical access over both sides of the equation. This hack can't do anything, so relax.
Info4 2007-04-21 19:04:22 flag as inappropriate
They couldn't do as they wished, crack OSX, so the changed the rules and made it simple. What they did was more like a home owner who puts a neon-sign on their roof that states: 'Valuables Inside; No one Home; Back-Door Unlocked; Come In and Help Yourself!" I'm not really impressed with people claiming that they did this or that, but then say that they won't publish the details to prove their point. When they show their exploit to Apple and they confirm it, then BIG DEAL... one exploit in six-years compared to the over 114,000 virus's, plus other Window exploits, the fact remains.... Macs are still, by far, more secure than Windows. I rest my case.
1macgeek 2007-04-22 05:27:07 flag as inappropriate
Hold on just a cotton-pickin' minute! Everyone please re-read this : "Di Zovie used it to open a back door that gave him access to anything on the computer, Comeau said." Having access and having ROOT are very far apart. I can put any Mac into firewire target disk mode and have "access" to everything on the drive, but I do not have root access. Should it be counted as a "hack" if I can access everything, do everything the "hack" can do if I can do it without writing one line of code? It should be simple to confirm if root was attained by submitting the Mac to a disinterested third-party and looking at the logs. Even then, there is another problem - this one being a problem of time. If you look at the CanSecWest web site, there is an (almost) three hour gap between the announcement of the rule change and the hack. Yet, in media reports thus far, Di Zovie claims it took nine hours to write the "hack". Why the time difference? On top of that, is it really a "hack"? Remember, the original terms said the "hackers" had to come in, but under the revised "rules" they used the target computer to visit the web site which compromised Safari. Would this not ultimately be a social engineering "hack" to get a user to visit the site? Somebody isn't being completely honest about the whole mess. I am not denying the flaw in Safari, but I think the debate is wide open if this is a "hack" in the true sense of the word. And remember - we do not have independent confirmation that root was attained. Smells like a set-up to me.
mack520 2007-04-22 06:28:50 flag as inappropriate
Don't you think its about time to modify this article so it is factual rather than the utter fantasy it now is? Or are you happier lying?
QueQueg72 2007-04-22 10:59:09 flag as inappropriate
Wow, the mac fanboys sure do come out of the wood-work.
mblort 2007-04-22 14:03:57 flag as inappropriate
Microsoft is a sponsor of CanSecWest
QuadraHex 2007-04-22 14:47:16 flag as inappropriate
Windows is suppose to have 90% of the market and Apple less than 10% of the market while Linux has a fraction of 1% of the market. Windows malware has 90+% of the breaches of their operating system while Linux malware has near 10% of the breaches. Apple has ZERO % of the breaches because there is no malware that can or does exploit any known vulnerability. OS-X was first exposed to hackers in March 1999 and is open source so they can hack away any time to their hearts content. OS-X is based on BSD known for decades as the MOST SECURE OS in existence. OS-X has held that title for six years since it's open release in March 2001. Tens of millions of Macs are in use daily for over half a decade and not a single one has been infected with any form of malware. During this time there have been hundreds of trillions of successful malware breaches of Windows. If this vulnerability was proportional, under the assumption that OS-X is as vulnerable as Windows, then Apple should have had tens of trillions of breaches during this time but they have had none. If the Apple share argument was valid then there would have been ZERO breaches of Linux just like the Mac but this is NOT the case. Since so many zealots have such trouble with proportions and reality let me ask a simple question to illustrate this proportional reality with an example where proportion may have some meaning: Which is a more desirable prise, $900,000,000,000,000.00 or $0.00. If you chose $0.00 your a hopeless moron and zealot and shouldn't be commenting here. If you chose the hundreds of trillions then you understand that lots of good stuff is desirable and by extrapolation lots of bad stuff is not desirable. I know Microsoft wants you to believe that trillions of breaches of your computer is good and no breaches like on the Mac is bad so perhaps you'll have enough insight to realize Microsoft is simply lying. Got it? To further elucidate this point if you use Windows for any time you will be PWN'd by some malware and it will take longer by at least ten times in Linux or your a tenth less likely, while history would show it is not going to happen in Mac OS-X, At least not until some malware exploit is in the wild and only until Apple closes the vulnerability. This situation does NOT currently exist and if it comes to pass Apple will foreclose it quickly. It will be impossible to miss this event since it will be part of every news program and article related to technology for months if not years after it happens. Nobody is now making any money from exploiting Macs and it is near to zero chance they will in the future since the Mac community would never allow the situation to develop where one is even one trillionth as vulnerable as Windows. Until then all Mac users can relax and all Windows drones can live in perpetual fear as always.
jill129 2007-04-22 18:11:38 flag as inappropriate
But what happened to the second Mac laptop? Was it hacked or was it given away?
malcolmross 2007-04-23 08:04:29 flag as inappropriate
Perhaps InfoWorld will set up an authoritative, unbiased and objective challenge, along the lines of a serious lab evaluation, and report accordingly? That would be much more useful than this kind of hyped up, biased "tabloid" reportage. I expect better from InfoWorld.
ExiMod 2007-04-23 09:28:22 flag as inappropriate
Computer security experts are hackers that are on the light side of the force. The line between the light side and the dark side gets blurred sometimes. It's interesting to see how these hackers have moved into social engineering and have hacked the news media (with the help of 3com, Microsoft, IDG, and Nancy Gohring).
newguy20070423 2007-04-23 09:41:03 flag as inappropriate
So I assume you mean I have to visit some stranger's link by my own choice? And if I went via another browser it would not hack the OS? Do I also have to allow Safari to execute code? (Perhaps JavaScript which I would probably normally allow). Sounds like a breach through Safari iff (if and only if) I choose to visit some stranger's URL. Why don't I just ask some stranger to execute my code I attach in an email and if he does, Mac OSX has been hacked?
markatosu 2007-04-23 11:12:37 flag as inappropriate
Amazing! There are actually people out there who think that it is possible to make an operating system which is unhackable. Sorry, humans make mistakes ... and operating systems. Last fall one of my Mac servers only used as a failover XSAN metadata controller was hacked. It was fully patched and not used for anything but that limited function (not email, web browsing, etc). However, i unfortunately failed to enable the firewall to deny outside access. i reported the problem to Apple and they did not seem surprised. The bottom line, don't kid yourself, everyone is vulnerable.

Thursday, April 19, 2007

Microsoft's $3 Anti-Linux Weapon

By Steven J. Vaughan-Nichols
April 19, 2007

Opinion: The company's Student Innovation Suite is an attempt to con the world into using Windows and avoiding Linux. (Linux-Watch)

In Beijing, Bill Gates announced this week that Microsoft's "Unlimited Potential" initiative will now include offering a software package, the Student Innovation Suite, to governments and students in emerging countries across the world at a price of just $3.

This suite, available in the second half of 2007, will include Windows XP Starter Edition, Microsoft Office Home and Student 2007, Microsoft Math 3.0, Learning Essentials 2.0 for Microsoft Office and Windows Live Mail desktop. However, Microsoft has no takers for its offering yet.

Officially, the goal is to help bring social and economic opportunity through new products and programs to as many as possible of the potential 5 billion people who do not yet use Microsoft products.

What a lot of bull feces. The goal is to kill open source off at its roots. Microsoft wants to make sure that young people in developing countries get brainwashed into the Microsoft way of computing.



Here's what's really happening. Microsoft is seeing that the OLPC (One Laptop Per Child) initiative is taking off. Soon, millions of kids will be using a computer for the first time, and their first computer is going to be running Sugar, an innovative software environment built on top of a Red Hat Fedora-based Linux