HOME  |  BLOGS  |  MESSAGE BOARDS  |  AUDIO  |  VIDEO  |  WEBCASTS  |  RESOURCES  |  ABOUT US
Comments
View Comments: Newest First | Oldest First | Threaded View
<<   <   Page 2 / 5   >   >>
Tom Murphy
User Rank
Blogger
Re: Jiujitsu
Tom Murphy   4/13/2012 4:26:49 PM
NO RATINGS
Keith: I'm all for raising all boats, but that will also create more targets for the criminals.  I think security is a separate issue and that the tech industry's solutions for dealing with it are, to put it nicely, stale. This is the perfect area for disruptive innovation -- a new kind of security that sidesteps entirely the potential for hacking. Steel instead of clay. And we need to get proactive in heading off attacks and tracking the source back to the point of origin -- just because that's hard to do today doesn't mean we can't figure out how to do it tomorrow. 

kdawson
User Rank
Blogger
Jiujitsu
kdawson   4/12/2012 6:18:12 PM
NO RATINGS
Nice work if you can get it. I'm afraid the malware underground is Hydra-like. Arrest 4 of them and 40 rise to take their place. Long-term solution? Raise more boats economiclaly, in more parts of the world.

Tom Murphy
User Rank
Blogger
Re: How many Macs?
Tom Murphy   4/12/2012 11:46:51 AM
NO RATINGS
For all the ways that Keith explained that hackers have proceded to rip apart the PC infrastructure (and are now moving on to mobile and Macs), it is critical to change our thinking on security from a "bolt-the-door" response to a "get-the-bastards" approach.  Bot hit teams are needed both to hut down malware and trace their creators. This is cyber judo: use your attacker's strength against him.

kdawson
User Rank
Blogger
Phones & malware
kdawson   4/12/2012 7:17:43 AM
NO RATINGS
It's a sticky situation all right. On the PC side, at first the bad guys targed the Swiss cheese that was Windows, and it got tightened up a lot. (Not enough of course.) The targeting shifted to Internet Explorer, then the components of Office, then 3rd-party add-ons like Flash and Adobe Reader. Companies like Adobe were also slow to come up the curve; you could argue that they are just about there now (with self-updating Flash), years late and too late to matter much.

Having learned all this, the malware writers very well may target 3rd-party components on phones, more than the phone OSs themselves. And yes, end users are not going to know who to blame, except Apple.

Android is already a mess malware-wise, and it will get much worse. Fragmentation is a huge drawback here.

kdawson
User Rank
Blogger
Re: Developing a culture of security
kdawson   4/12/2012 7:12:51 AM
NO RATINGS
if we're going to talk a big game about how seriously we take security as an industry, we have to be willing to back it up on all fronts

Absolutely. And there's an existence proof: Microsoft. Their security / patching practices were terrible when Windows first began to be targeted, which I date to 1998 (I was covering this heavily at the time). But Microsoft got way better, fast, and were pretty much conceded to be world-class during most of the 2000s.

Apple is going to have to do the same.

kdawson
User Rank
Blogger
Re: How many Macs?
kdawson   4/12/2012 7:09:24 AM
NO RATINGS
I don't have a solid number of how many Mac users there today worldwide, but this seems like it is only a small start.

I have seen estimates that Flashback has infected 1% to 2% of the Macs in use. That would put the number at between 30 million and 60 million, which is plausible based on the 2008 analysis you linked.

The salient fact may be that the largest PC virus ever, Cornfickler, at its peak infected about 1% of extant PCs. So this malware event is a true watershed for the Mac community.

Yes, we all knew it was coming. Right about on time according to the best guessing I have read.

kdawson
User Rank
Blogger
Re: How many Macs?
kdawson   4/12/2012 7:05:03 AM
NO RATINGS
The three removers I have seen (two from antivirus companies and the first one from just some guy) all seem to be simple scripting / packaging of the three Terminal commands that are completely effective in removing at least that one version of the malware. This stuff is morphing constantly. I worry that when Apple releases their remover (within a week best guess) it will quickly be obsoleted. I hope not.

Chez
User Rank
Agile Expert
Re: Mac Malware
Chez   4/12/2012 4:37:22 AM
NO RATINGS
This also makes me wonder how mobile device & mobile service providers will handle their security responsibilities on this front in the future. We're very critical of the speed at which Microsoft and Apple address these kinds of issues and distribute fixes for them. However, I imagine if that many users view their mobile provider in a different way.

Microsoft is considered a monolith in desktop operating systems, so even a user who has no real tech knowledge knows who to blame (or at least, who they want to blame) when something goes wrong. I wonder if, with people switching phones every couple years, they will never come to view their provider in the same way, even if theyre sticking with one brand. This may cause mobile providers to go take these threats less seriously than if there was the more traditional pressure on them to distribute fixes quickly.

Chez
User Rank
Agile Expert
Re: Developing a culture of security
Chez   4/12/2012 2:28:27 AM
NO RATINGS
this goes to show how lax we really are when it comes to security - as users, and as organizations. It's always been common knowledge among IT professionals that macs were never inherently safer - and yet, something like this still manages to catch us off guard. Like Seth and others have said, this rule applies to phones and other devices as well; Their security is not inherent, it's just circumstantial. They'll become targets in due time. If we go to defend platforms after they're targetted, then we're playing the game wrong from the beginning. That would be a terrible idea if you were talking how to write security into your own application.

Of course, there are limited resources to take into consideration, and everyone is always doing what they consider best. However, if we're going to talk a big game about how seriously we take security as an industry, we have to be willing to back it up on all fronts.

hannahtravels
User Rank
Business Processor
Re: How many Macs?
hannahtravels   4/12/2012 12:12:20 AM
NO RATINGS
My apologies, @Keith. I just saw your post about Flashback killer. To your knowledge, does this look to be effective? Will there be other options available? 

<<   <   Page 2 / 5   >   >>


Latest Blogs
Researchers have discovered a new service offering -- criminals customizing cyberattack tools and hosting in a MaaS package.
Apple recently acknowledged (sort of) that Macs are not immune to malware. Here's why it's past time to run AV on Macs.
The pressure is on to build your on-premises cloud. Here's how to get started.
A survey by The Economist Intelligence Unit confirms some important trends we've been watching.
The social network will let users choose not to be featured in advertising, pay $20 million, and forego at least $103 million in revenue.
Business Agility Twitter Feed
HOME  |  BLOGS  |  MESSAGE BOARDS  |  AUDIO  |  VIDEO  |  EXECUTIVE FORUMS  |  WEBCASTS  |  RESOURCES  |  ABOUT US