View Single Post
Old 06-23-2012, 10:17 AM   #94
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
Quote:
Originally Posted by David Munch View Post
Maybe I should have been more descriptive; Files can't execute malicious commands on their own, they require applications with flaws in order to do it, as is the case of the PDF exploit you mention. It takes advantage of a loop hole in the PDF viewer built into the system.
I agree, on iOS it's either signed or not running. On ML that will also soon be the case too if you want it.

There's still the risk of drive-by downloads though, such as the flash back/pdf and other exploits. There was a case a while back where the Spotify client displayed a malicious advert that caused computers to be infected. Now chances are AV wouldn't help any of those initially infected, however once new definitions rolled out, if Spotify had still not pulled the ad, or if a similar exploit was repeated using other sites, people would be protected.

Quote:
So in order to hit wide with a trojan, you must target applications that all have, ie. Apples own apps that come with the system, and in those cases when discovered, they will be fixed.
I agree, as long as Apple fix the problems promptly. The java exploit was known about and left un-patched for months, despite Sun having issued a security update. Also users can be partly to blame, those who were running old out of date versions of MS office on the Mac were recently hit.

Of course AV would only help protect against anything found using that exploit if it's already known. If the malware makers were sloppy and reused known malware but just updated the way it infects the PC then that might be the case.

Quote:
I think Apple will push for it quite aggressively, since it works so well with iOS. Heck, it is absolutely required for apps to be signed, if they are to be sold through the Mac App store, so if you get all your software there, then you don't have much to care about.
I hope they do. Whilst I don't want it to reach the point where I can't install unsigned (or at least self-signed) apps on my Mac, it'll be a lot better when the majority of apps people download are signed. I had a quick google and it sounds like Gatekeeper will by default only allow installation of Apps from the App Store, with options to make it allow dev ID signed apps or unsigned apps for users that need it.

At least it'll cut out the major vector for malware, users downloading trojans. Probably still be cases of it, but Apple should then pull the developers certs. As for malware/worms that get in via exploits. I see AV as offering some protection against that, but at the same time IF app/OS developers react quickly to all security reports, the usefulness of AV would diminish.

Don't get me wrong, I'm not saying every Mac user needs additional AV. I just think you can argue for or against just as easily at the moment. So those who don't run it are no more in the wrong than those who do.

Also for what it's worth, Mac users do run a limited AV scanner by default as Apple have one built into the OS that they update definitions for now and then.

Edit: Could be wrong on the default for GateKeeper, it may be defaulted to the middle option, any signed. Conflicting reports in the sites that are talking about it.

Last edited by JoeD; 06-23-2012 at 11:02 AM.
JoeD is offline   Reply With Quote