On Jul 20, 2011, at 7:28 PM, MBR wrote:
> 
> There's a general belief that Macs aren't 
> targeted as much as Windows systems are.  Also, the fact that you're 
> generally not logged in as root limits the potential damage.

More the latter than the former.  There *is* Macintosh malware out there, but 
unlike Windows malware it largely isn't self-propogating.  Macintosh is a much 
harder target than Windows/NT simply because of the OS architecture.  
Similarly, Linux is a harder target than Windows for reasons similar to 
Macintosh.

Bear in mind that Macintosh and Linux share some vulnerabilities but they tend 
to fall into the "if you use X then you may be vulnerable" types.  For example, 
OS X with all updates uses Apache 2.2.17 so if you use Web Sharing you may be 
vulnerable to exploit.  It's no different running Apache 2.2.17 on Linux.  
Similarly, any vulnerability in Adobe Flash or Reader could be used to stage an 
attack.  Adobe is probably the most serious vulnerability in either Linux or 
Macintosh today if only because Adobe is so damned slow getting security flaws 
fixed.  While Adobe products on Unix don't hook themselves into kernel space 
like they do on Windows, they can still be used as a route to a local user 
exploit which in turn can be used to launch a local privilege escalation attack.

In the end, "nothing" amounts to "don't be stupid".  Keep up with OS updates, 
don't install programs from sources that you don't trust, and don't use Adobe 
products.

--Rich P.

_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss

Reply via email to