Mac users - be aware

On 2015-08-04 16:47, Eric Stevens wrote:
http://www.theregister.co.uk/2015/08..._exploit_wild/

"The amusing vulnerability in Apple's OS X that grants
administrator-level access to anyone who asks is being exploited in
the wild by malware. Yeah, malware exists for Macs, this isn't the
1990s.

Anyone logged in to a vulnerable OS X computer, or any software
running on it, can use the security hole to gain the same privileges
as the powerful root user, meaning they can install new programs,
change files, remove or add new users, wreck the system, and so on, at
will.

According to Adam Thomas of Malwarebytes, dodgy software distributed
on the internet is now exploiting the vulnerability to inject the
VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and
point users at an app to download from the official App Store."


Yeah - just funny how the approximately 100M Mac users are rarely, if
ever, affected by such "Malware".

There are many theoretical exploits, and to be sure some of them are
dangerous and able to do damage (esp. from the info gathering side and
take-over (bot net) side) - but they are also paved over by Apple on a
regular (if not urgent) basis. They often need the attacker to have
physical access to the computer to be infected.

The remaining few are trivial to detect and trivial to remove w/o
resorting to Malware protection.

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

On 2015-08-05 09:37, PeterN wrote:
On 8/5/2015 7:06 AM, AnthonyL wrote:

snip


It strikes me as being bad form to let users have physical access to
their computers and even worse form to allow them permissions to
install anything on them. Bring back the mainframe I say.


Many software publishers would like to see that happen. Except, what you
call mainframe, they call the cloud.

Bring back dumb terminals.

Dumb terminals are for dumb users.

In article , Alan Browne
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do anything.

On 8/6/2015 11:27 AM, nospam wrote:
In article , PeterN
wrote:

It strikes me as being bad form to let users have physical access to
their computers and even worse form to allow them permissions to
install anything on them. Bring back the mainframe I say.

Many software publishers would like to see that happen. Except, what you
call mainframe, they call the cloud.

no they wouldn't.

The all knowing speaks again, for all publishers.

as if you do?
Never claimed that, you proposed to speak for all.


selling apps is big business. apps use the cloud. apps are not going
away.

twisting.

--
PeterN

On 8/6/2015 11:44 AM, Alan Browne wrote:
On 2015-08-05 09:37, PeterN wrote:
On 8/5/2015 7:06 AM, AnthonyL wrote:

snip


It strikes me as being bad form to let users have physical access to
their computers and even worse form to allow them permissions to
install anything on them. Bring back the mainframe I say.


Many software publishers would like to see that happen. Except, what you
call mainframe, they call the cloud.

Bring back dumb terminals.

Dumb terminals are for dumb users.



https://fasab.files.wordpress.com/2013/10/stupid-people.jpg

--
PeterN

nospam wrote:

In article , Alan Browne
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game over.

--
sid

On 2015-08-06 12:55, sid wrote:
nospam wrote:

In article , Alan Browne
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game over.

The point is that root access, if "achieved" will have no power over
critical parts of the system.

https://en.wikipedia.org/wiki/System...ity_Protection

I've been running this iMac without a root account for nearly 3 years.
Prior Mac's root account was used exactly twice over a period of nearly
6 years and only because I was doing things out of curiosity and
experimentation that weren't "needed" to be done. Sudo is enough.

In article , PeterN
wrote:

It strikes me as being bad form to let users have physical access to
their computers and even worse form to allow them permissions to
install anything on them. Bring back the mainframe I say.

Many software publishers would like to see that happen. Except, what you
call mainframe, they call the cloud.

no they wouldn't.

The all knowing speaks again, for all publishers.

as if you do?
Never claimed that, you proposed to speak for all.


selling apps is big business. apps use the cloud. apps are not going
away.

twisting.

there is no twisting.

you said 'many software publishers would like to see that happen'
(quoted above), referring to users not being able to install apps.

that is flat out *false*.

although industry is definitely moving to the cloud, it still requires
the user to have and install native apps to access the cloud.

apps are *not* going away nor do 'many software publishers' want that.

In article , sid
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game over.

because in 10.11, root can no longer modify system files and other
critical files.

if you crack root or even intentionally use sudo to run as root, you
still can't compromise the system. it won't work.

thus the nickname 'rootless', which means means root can do less. the
official name is system integrity protection.

only code that's codesigned to make system modifications can do so,
such as what happens during a system update.

the only way around that would be to crack the codesigning and then
spoof it so that it has the proper credentials. good luck on that one.

the end result is that it's for all intents, not possible to hack.

nothing is truly impossible, but the bar is *extremely* high, *much*
higher than before.

hackers will go after easier targets. like android.

In article ,
Alan Browne wrote:

On 2015-08-06 12:55, sid wrote:
nospam wrote:

In article , Alan Browne
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game over.

The point is that root access, if "achieved" will have no power over
critical parts of the system.

https://en.wikipedia.org/wiki/System...ity_Protection

I've been running this iMac without a root account for nearly 3 years.
Prior Mac's root account was used exactly twice over a period of nearly
6 years and only because I was doing things out of curiosity and
experimentation that weren't "needed" to be done. Sudo is enough.

The article that you refer to implies that SIP can be disabled.
--
teleportation kills