8 Replies Latest reply: Feb 27, 2012 2:20 PM by R C-R
popparty9 Level 1 Level 1

Can it be hacked easily becuase i want to purchase one mac and my win 7 two computers have been hacked!

iMac, iOS 5.0.1
  • Kappy Level 10 Level 10

    Any computer can be hacked if you are careless enough to permit it. There's nothing special about any computer in this regard.


    Getting hacked means you have put your computer onto the internet with no protection like a firewall or hardware router or you have allowed general access to the computer but do not have a sufficently strong enough password(s).

  • MAC ATTACKED Level 1 Level 1

    That depends on your definition of hacked.  I am a long time Windows user but recently bought a MacBook Pro. Be careful.  Mac's are definately vulnerable to exploits.  I have personally run across malware, cross site scripting attacks and have seen code execution, google forgeries, WordPress mySQL exploits, Safari Plugin exploits and on it goes.  I have recorded these events, captured and recorded the source files/code so I know it is real.  There are two major problems with Mac's. 


    1. There are little or no effective counter measures to attacks.  Unlike windows machines where security companies work around the clock to find exploits and defend against them, there are no effective barriers on the market (I tried what was out there).


    2. Complacency.  I have found the Mac community to be completely unwilling to accept the possibility that exploits exists.  Trying to engage someone in a thoughtful discussion based on real evidence is difficult.  People tend to deny the possibility, blame it on something you did or dismissed it as not a real threat. 


    All you need to do is search  for "OS X Exploits" and there are plenty of examples.  I would highly recommend Firefox as I have seen Safari and Chrome fall easily through personal experience. 


    There is a contest that tests the vulnerabilities of various browsers and operating systems and Safari/OS X is consistently compromised...http://en.wikipedia.org/wiki/Pwn2Own.


    I like the MacBook Pro.  What I find frustrating is the lack of support and outright denial when it comes to security.  Malware and click jacking is a billion dollar industry.  There are more people working to exploit it than are trying to stop it but unfortunately the Apple world's answer it to pretend it can't hurt them. 


    Best of luck and do your research.  There is plenty of good information about real vulnerabilities and plenty more people willing to deny the possibility without first looking at the evidence.

  • R C-R Level 6 Level 6

    MAC ATTACKED wrote:


    Malware and click jacking is a billion dollar industry.  There are more people working to exploit it than are trying to stop it but unfortunately the Apple world's answer it to pretend it can't hurt them.

    The first statement is conjecture; the second is not true. Apple has an entire section of its support domain devoted to security, including guides for hardening Macs like this 277 page PDF for Snow Leopard. And starting with OS 10.6.6 or so, Apple built a modest amount of anti-malware detection into the OS itself. Just like with most commercial AV software, it automatically "phones home" periodically to check for updated malware definitions, & is even capable of automatically updating its own software detection algorithms.


    For users that want more AV protection, the freeware app ClamXav is a frequent recommendation & is actively & aggressively maintained. Companies like Intego & Sophos also offer Mac-specific AV products. Both companies are among those that actively monitor the Internet for new attacks & run "honeypots" to detect new variants quickly, sometimes within a few hours of their release into the wild.


    Regarding Pwn2Own, the malware is real but require only "proof of concept" exploits to be judged successful, which may or may not actually be capable of compromising a machine in any significant way -- for example, the hack that launched the built-in Calculator app did not demonstrate any ability to bypass the OS's built-in application quarantine provision, gain access to the system domain, or compromise user data. Significantly, one of the most consistently successful Pwn2Own participants has said he considers OS X to be among the most secure OS's available to end users


    It should also be noted that by the time the Pwn2Own hacks are made public, the vulnerabilities they exploit usually have been patched, or will have been within a few days of that time. OS X's built-in Software Update app will install them with minimal user effort & should be considered a standard part of every user's security strategy.


    Of course, the most common form of malware Mac users need to worry about are social exploits, & no AV software or OS provisions can fully protect them against that. Complacency is a problem in this area (as it is for software updates) so common sense must also be a part of any prudent user's security strategy. Only obtain software from trusted sources; examine URL's before you click on them in emails & web pages, & so on. It doesn't matter how strong the gates are if you open them & let the bad stuff in.

  • MAC ATTACKED Level 1 Level 1

    Unfortunately you proved my point.  My first statement was based on the multiple times my system was exploited despite all of the countermeasures in place.  Many of these vulnerabilities allowed arbitrary code to be executed by simply loading a page with a corrupted image, audio or video embedded or going to a compromised wordpress blog.  No action, approval or social engineering required. Instead of finding out what might have really happened you responded to the poster by stating that what I had to say was untrue.  I think I predicted your response in statement 2. I only brought up pwn to own as an example that the system can be compromised (there are those that won't even accept the possibility).  Fortunately Apple has acknowleged that many vulnerabilities do in fact exist and addresses some of them in the latest update http://support.apple.com/kb/HT5130.  I guess my issue is that the gates are not strong and the threat isn't taken seriously.  I'm coming at the problem with a new set of eyes and have no emotional investment in the success or failure of Apple.  My disappointment is that no one wants to seriously discuss the problem.  All I hear is that what I am saying is impossible, untrue or somehow my fault.  Then Apple admits there was a problem all along with a published list of new vulnerability patches.  All I'm doing is stating my experience and being dismissed.  I encourage you or anyone out there to do some research.  There are many sites that identify the problems I experience and many that will show you how to exploit them.  HTML5, SOL, EVERCOOKIES and a host of new technology are introducing new threats all the time.  Most of these are met with indifference all the while the vast amount of money being made are only making the cyber criminals stronger and better financed than before.  I may publish my findings at some point but I'm afraid that a) no one would care and or b) people would refute what I had to say without even evaluating the evidence.  I have the code and files and activity logs to support what I claim but I don't think the jury is even listening.  I expected a lot more from the Apple community but in the end the MacBook Pro makes a pretty solid Intel based Windows machine which is why I got it in the first place.

  • b j t Level 4 Level 4

    I have only read reviews that safari is one of the most secure browsers out there.

    { I am NOT saying that it IS the most secure }

  • R C-R Level 6 Level 6

    MAC ATTACKED wrote:


    All I'm doing is stating my experience and being dismissed.

    The problem is you haven't given us any details of even one specific example of how your system was exploited. We don't know if your software was up to date, what kind of arbitrary code was executed or what it did, where you found the pages that contained the corrupted data, or what you mean by multiple exploits.


    Anyone who reads the info Apple provides about its security updates knows it regularly patches bugs that can lead to arbitrary code being executed; however, their presence in un-patched systems does not mean anyone has crafted a successful exploit based on them. Companies like Intego publish info about actual "in the wild" malware, their effectiveness, & their vectors of attack. To date, they have found none capable of infecting systems running OS X without some kind of user action. Not even the much touted new variant Flashback.G is actually capable of doing that.


    It is also unclear why, if your system was exploited "multiple times," that you did not at least check out the existing Mac AV products like ClamXav, Intego's VirusBarrier, or Sophos Home Edition, or if you did, what specifically lead you to conclude they were ineffective or that their developers were not working "around the clock" to defend against Mac-specific malware just like they do for the Windows stuff.


    If you want to have a "thoughtful discussion" about the very real dangers of malware, great. But a bunch of vague comments about "the Apple world" & your experiences, tossing in a half dozen buzzwords, & misrepresenting the comments of others is the opposite of that.

  • MAC ATTACKED Level 1 Level 1

    I had CalmAV running at the time so the defences to me don't work.  I posted the original information and was told it couldn't happen.  Malware reappearing in apple.safari.com cache.db The challenge was to find out how to extract the offending code/files from the .db system for analysis.  It was interesting to see the forged google search pages operating on both Safari and Chrome.  I think the "on page unload" java script that prompts a popup can be easily corrupted to create an unwanted user event.  Also Flash actionscript can be used to call all sorts of actions unknown to the user.  I can only guess those are the two ways in. In any event, I am far more cautious about where I take my Mac on the net.  Its too hard to prevent a mishap and even harder to explain to others what happened.

  • R C-R Level 6 Level 6

    MAC ATTACKED wrote:


    I posted the original information and was told it couldn't happen.  Malware reappearing in apple.safari.com cache.db

    That is a huge oversimplification of what you were told in that discussion. The closest anyone came to telling you "it" couldn't happen was that if you did indeed completely erase the HD as you claimed you did, nothing could remain of the "malicious cookie" (which is not of itself a system exploit, which was also explained to you in some detail).


    You then went on to explain that during the erase there was "a declaration that some media etc cannot be erased." It was never made clear exactly what you meant by that so it's hard to say what actually happened, but the point here is that you didn't provide enough info for anyone to help you.


    I think you will find that a lot of knowledgeable users are quite willing to help you learn how to troubleshoot your Mac, but only if you are willing to provide accurate, detailed info about your issues & what you have done to try to correct them; & to consider to what they have to say carefully rather than misrepresenting or oversimplifying it to the point it becomes useless to continue.


    It was interesting to see the forged google search pages operating on both Safari and Chrome.

    It should be no surprise because it has nothing to do with the browser or platform (Mac or PC), or for that matter with the ability of the search page links to infect your computer. This kind of exploit is called an SEO (for search engine optimization) poisoning attack & it is so named because hackers try to exploit search engine optimization routines (like Google's page rank system) to make their links appear high in the search results to trick users into clicking on them instead of legitimate ones. IOW, it is a social engineering exploit, albeit a very insidious one because it exploits users' trust in legitimate search engines. There is nothing the local OS can to to prevent this. To protect yourself from this kind of attack you must use a browser plug-in like WOT and/or careful, common sense rules about checking out what you click on before doing so.