Author Topic: Virus help (Read 1195 times)

Vulcan · « **Reply #30 on:** July 22, 2006, 08:09:40 PM »

Quote

Originally posted by Debonair
i think the average mac use & the average pc user are likely similar, they both spend the majority of their time looking at online pornography. maybe the mac jerks spends a bit more time downloading music & the average pc guy has an extra 10/hrs a day to put in playing wow. i dont think it is as you make it out to be that the average pc user is an uber pro sysop that has been on top of security issues since SATAN was available & the mac guy is sitting there drooling, giggling & saying (out loud, to himself) "d00d!!1 i just turned on teh computr & no i kan see teh intarnet!!!!1".
any tool available for 'nix you can operate with a mac (or your dual boot PC)

Take 10 Mac users, how many do you think will have AV, Antispyware, and perhaps a personal firewall. Do the same with 10 Windows users. The difference is astounding. PC users are on average more paranoid about security, Mac users on average are extremely relaxed about security.

Chairboy · « **Reply #31 on:** July 23, 2006, 12:02:11 AM »

Well, i guess the whole part about me being a computer security expert gets in the way of my anti-mac zealotry. Can you provide any specifics about how the Macs were compromised? What criteria did you apply to determine that they were rooted or infected?

FYI, "the hard drive light keeps flashing" is not the answer.

Debonair · « **Reply #32 on:** July 23, 2006, 12:41:10 AM »

take 10 of each, PC & mac.
what % of PCs has exmodul32.exe pwning it & what % of macs.
why are we more relaxed?

Vulcan · « **Reply #33 on:** July 23, 2006, 06:51:02 AM »

Quote

Originally posted by Chairboy
Well, i guess the whole part about me being a computer security expert gets in the way of my anti-mac zealotry. Can you provide any specifics about how the Macs were compromised? What criteria did you apply to determine that they were rooted or infected?

FYI, "the hard drive light keeps flashing" is not the answer.

The desktop was trying to phone home to a .ru address every 30 mins (firewall was blocking it as a proxy bypass site). The guy that used it didn't think there was anything wrong with his machine so couldn't stuffed to check any further - its a Mac after all. The web server was comprimised via an SSH exploit, and the email server via SMTP exploit.

I don't run our networks, but our IT guys phone me for support when things get 'difficult', and I run several layer 7 devices on the network. My role is essentially a pre-sales engineer, the products I'm trained/skilled in are layer 7 firewalls, IDP and IPS systems, email security appliances, all kinds of switching rubbish, and SSL appliances.

So, I'm not a computer security guy, more a network security guy - you know the guys that spot the crap that computer security guys don't pick up

Ghosth · « **Reply #34 on:** July 23, 2006, 07:51:20 AM »

Quote

Originally posted by Debonair
take 10 of each, PC & mac.
what % of PCs has exmodul32.exe pwning it & what % of macs.
why are we more relaxed?

Because there are a 100 - 1000 PC's for ever mac out there if not more.
Because there are very few people who know enough about the inside workings of a mac to create a truly nasty virus for it. Where there are millions who could do the same for PC's.

That doesn't mean your better than anyone else.
Just slightly less at risk, today.

Just remember, the more people you convert, the more macs are out there, the more tempting the target becomes. The more likely someone will taylor a virus to take the macs out.

So best perhaps to sit down, be quite & hope for the best?

Vulcan · « **Reply #35 on:** July 23, 2006, 04:53:02 PM »

Actually its more like 25:1 on shipments at the moment

The problem is the landscape has changed on security. People are less into spreading nasty virus's and more into holding onto their exploits for other purposes. We know for sure that there are exploits kicking around for OS X that haven't been identified but Mac users go into some sort of rabid denial model when you corner them on it.

Debonair · « **Reply #36 on:** July 23, 2006, 07:39:03 PM »

some of teh ubr 1337 PC admin gods get rabidly angry when some1 suggests different thinking

Vulcan · « **Reply #37 on:** July 23, 2006, 07:48:16 PM »

Quote

Originally posted by Debonair
some of teh ubr 1337 PC admin gods get rabidly angry when some1 suggests different thinking

Yeah, sometimes its lack of knowledge, sometimes its a case of the devil you know versus the devil you don't. I'm surrounded by Mac people, technical Mac people. OS X is just BSD Unix with a GUI slapped on and a lot of marketing thrown at it. And its an old version, which hasn't kept up in patches. The GUI has also introduced 'issues', widgets is a good example of that.

I'm no less scathing of linux geeks either

dmf · « **Reply #38 on:** July 23, 2006, 07:53:51 PM »

Well I've said it before and I'll say it again....................... NOD32 anti virus
When are men gonna listen?
http://Http://www.nod32.com
Its only $35 guys

Ripsnort · « **Reply #39 on:** July 23, 2006, 09:51:19 PM »

Quote

Originally posted by Vulcan
Actually its more like 25:1 on shipments at the moment

The problem is the landscape has changed on security. People are less into spreading nasty virus's and more into holding onto their exploits for other purposes. We know for sure that there are exploits kicking around for OS X that haven't been identified but Mac users go into some sort of rabid denial model when you corner them on it.

Vulcan · « **Reply #40 on:** July 23, 2006, 09:59:20 PM »

Quote

Originally posted by dmf
Well I've said it before and I'll say it again....................... NOD32 anti virus
When are men gonna listen?
http://Http://www.nod32.com
Its only $35 guys

^^ what he said. I actually sell McAfee nowadays, but NOD32 always ranks in the #1 or #2 spot for performance/detections. Theres a top 4 group, McAfee, Symantec, NOD32, Trend - they always are within spitting distance in detection. NOD32 always seems to rank high, Symantec is a resource hog, some people report the same about McAfee (not in my personal experience though), and Trend isn't a bad choice either.

Debonair · « **Reply #41 on:** July 24, 2006, 12:37:38 AM »

Quote

Originally posted by Vulcan
Yeah, sometimes its lack of knowledge, sometimes its a case of the devil you know versus the devil you don't. I'm surrounded by Mac people, technical Mac people. OS X is just BSD Unix with a GUI slapped on and a lot of marketing thrown at it. And its an old version, which hasn't kept up in patches. The GUI has also introduced 'issues', widgets is a good example of that.

I'm no less scathing of linux geeks either

how about solaris nerds?

Vulcan · « **Reply #42 on:** July 24, 2006, 01:35:18 AM »

Quote

Originally posted by Debonair
how about solaris nerds?

Don't get me started on them! (had a nasty network issue recently where a solaris nerd configured a conflicting subnet for a blade servers internal network.... web server chaos ensued).