Pregled posta

Adresa bloga: https://blog.dnevnik.hr/sunshinesolarnews

Marketing

Flashback Malware Puts Apple in Security Spotlight: Experts Weigh In

Flashback Malware Puts Apple in Security Spotlight: Experts Weigh In


By Howard Baldwin



Increased market share coupled with Apple's lack of transparency are largely to blame for an uptick in Mac security problems, say experts.


It was a busy week for Apple malware hunters fighting the Flashback Trojan horse, which has infected between 270,000 and 600,000 Macs. A bevy of tools to find and remove the malware debuted this week. And two days after promising to release a detection and removal tool, Apple finally offered its own fix.


Flashback Malware Puts Apple in Security Spotlight: Experts Weigh InNow, as the dust settles on what is considered to be the largest Mac malware threat to date, experts have started pointing fingers at Apple as being partially to blame for the scope of the Flashback malware infection. They argue that if Apple were more transparent about security issues--and if it had promptly released a Flashback fix--the extent of the damage could have been smaller. Also contributing to the magnitude of the infections is a boost in the number of Mac OS users, they say.


"When the installed base [of an OS] is 10 percent or less, the bad guys don't care," says Peter James, spokesperson for Mac antivirus and security product vendor Intego. The bigger the user base, the more attractive the target, he says. Web analytics firm NetMarketShare.com estimates that the Mac installed base has jumped to 13 percent in the United States, and research firm Gartner says that Apple has become the fastest-growing U.S. computer maker--overtaking Acer and Toshiba--over the past year.


Apple's Image of Invulnerability--Gone


Perhaps surprisingly, James and other security experts say that Apple needs to look to Microsoft when it comes to handling OS security breaches. For years Apple has mocked Microsoft for its track record in dealing with Windows malware, viruses, and weekly patches. Now the tables have turned, says Larry Ponemon of the Ponemon Institute.


Flashback Malware Puts Apple in Security Spotlight: Experts Weigh InPonemon and others say the Flashback Trojan horse is the final nail in the coffin for Apple's stellar security image. He says that although Microsoft juggles a much larger number of threats, it does a better job of warning customers and delivering fixes.


We have heard dire "Macpocalypse" warnings before. Last year Apple's sterling security image was tarnished with the advent of the Mac Defender malware program. Before that, in 2006, the focus was on the Leap.A virus, the first ever virus for Mac OS X. (For a great short history of Apple Mac malware, check out NakedSecurity.com's timeline from 1982 to 2010.) But this time, security experts insist, Apple's security bragging rights are gone for good.



 


Mac Security Experts: Full Disclosure


It's worth noting that Mac security software sales jumped as Flashback infections began to dominate tech headlines. That fact has prompted many vocal critics to point out that it's in the self-interest of Mac antivirus companies to be critical of Apple's security measures.


But a brief timeline of Flashback, security experts say, illustrates their point. The underlying Java vulnerability that Flashback exploited was publicly known, and patched by Oracle, in February. On April 3, Apple released a Java security bulletin pointing to the Oracle patch, and declined to disclose, discuss, or confirm the infections. On Tuesday, Apple acknowledged the existence of Flashback and said that it was developing software to detect and remove the malware. On Thursday, it released the Flashback malware removal tool.


What Apple Can Learn From Microsoft Security


First off, there is no disputing that Microsoft, having the dominant OS, faces far more security threats than Apple does. You can argue all day about how secure Apple's flavor of BSD Unix is versus Microsoft's Windows, but the difference is Microsoft's transparency. As PCWorld's sibling publication Macworld puts it: Apple has a good security record, but "it still has some work to do in terms of its reputation for security."


Flashback Malware Puts Apple in Security Spotlight: Experts Weigh InMac OS users unfamiliar with Windows may be surprised to learn that Microsoft regularly schedules the rollout of security fixes on Patch Tuesday, the second Tuesday of each month. But for IT managers and consumers, knowing what's at risk and when a fix will be available is vital for minimizing exposure to threats. Microsoft also issues critical patches as they become available for exploits.


The system is not perfect; coupled with Windows Update, however, it offers a first line of defense against malware, exploits, and viruses.



 


Mac OS also automatically checks for software updates every week, and you can change that setting for more-frequent updates. But it's Apple's legendary wall of silence and foot-dragging on deploying fixes that have placed it in security experts' crosshairs.


"When problems and vulnerabilities exist, Microsoft provides information quickly," Ponemon says. Microsoft, he notes, has been good at communicating, sometimes to the point of being annoying. "Apple hasn't done as much to communicate with its users," he says.


Apple's iron grip on information and the release of fixes has been a nagging issue for years. In 2008, for example, Apple took over four months to patch a DNS vulnerability.


"Why Apple did not deploy these fixes before Mac users were victimized by criminals is unclear," wrote Chester Wisniewski, a security researcher for UK-based vendor Sophos, in a blog post about Flashback.


Brian Krebs, of Krebs on Security, says that more threats are on the way. "We can expect an evolution of threats against Mac users that will largely mirror those that Windows users face: that is, via the exploitation of vulnerable browser plug-ins, such as Adobe Reader, Flash, and most definitely Java."


Apple's Flashback fix, deployed Thursday, mitigates Java flaws. "As a security hardening measure, the Java browser plug-in and Java Web Start are deactivated if they are unused for 35 days," Apple says.


Ignorance Is Not Bliss


The bigger problem, say some observers, is correcting the perception that the Mac platform is invulnerable. That notion has fostered a laissez-faire attitude toward security among Apple customers, says Intego's Peter James.


For years Apple has promoted the idea that Macs are far less vulnerable to malware and viruses than PCs are. As part of the "Get a Mac" television ad campaign in 2006, actor John Hodgman (as the PC) says, "Last year, there were 114,000 known viruses for PCs." And Justin Long (as the Mac) replies, "PCs, but not Macs."


Mac users are faced with new threats that require new security precautions, James says. "They're faced with threats they've never seen before."


System administrator Steve Mallard says that many of the student Mac users for whom he provides help-desk services live in denial. Mallard, an IT manager for several state universities at the Tennessee Technology Center in Shelbyville, Tennessee, says students come to his staff with Mac problems and don't believe that their computers have been infected until shown the evidence.


Over the past few years, Mallard says, he has seen the percentage of infected Macs brought in by students jump from 1 to 15 percent.


"Even though the Mac OS is more secure, its users don't have the awareness," Intego's James says. "Educating users to the risks that they face is one of the most important things Apple can do, the same way you teach your kid to cross at the green light."



 


Dual-focus contact lens prototypes ordered by Pentagon


By LJ Rich


The Pentagon has put in an order for prototype contact lenses that give users a much wider field of vision.


The lenses are designed to be paired with compact heads up display (HUD) units - glasses that allow images to be projected onto their lenses.


Much bulkier HUDs are already deployed by the US Army and Air Force to superimpose data about targets and other status updates over users' views.


The tech could help troops enhance their awareness on the battlefield.


The iOptik system's developer, Innovega, told the BBC it had signed a contract earlier this week to deliver a fully-functioning prototype to the Pentagon's research laboratory, Darpa.


The US Department of Defense had previously funded part of the Washington-based firm's initial engineering work on the project.


"The new contract gives us an immediate opportunity to start prototyping and demonstrating elements of this new system," Innovega's chief executive Steve Willey said.


Multifocal


The lenses work by allowing the wearer to focus on two things at once - both the information projected onto the glasses' lenses and the more distant view that can be seen through them.


They do this by having two different filters.


The central part of each lens sends light from the HUD towards the middle of the pupil, while the outer part sends light from the surrounding environment to the pupil's rim.


iOptik contact lens


By building two filters into each lens, close-up and distant light sources are both in focus


Watch more about how the iOptik system could transform how we see the world around us


The retina receives each image in focus, at the same time.


"Normally, for example, with a camera you focus on something distant or something close - but you focus on a particular spot," said Mr Willey.


"By wearing our contact lens you automatically have this multi-focus, or dual-focus, and you are doing something that humans don't usually do."



 


Augmented reality


The chief executive said he also hoped to license the technology to be sold to the public.


One suggested application would be to allow users to watch what appear to be big-screen 3D movies on their glasses - with a different image projected to each lens.


Other potential uses include augmented reality eyewear similar to that teased by Google in its recent Project Glass demo, and a device to offer gamers a more immersive experience.


The lenses are still going through clinical trials as part of the US Food and Drug Administration's approval process, but Mr Willey said he was confident the tech should be available to the public towards the end of 2014.


Motion sickness


However, one eye expert suggested that a similar technique had proved problematic when used to treat post-surgery cataract patients.


"Two superimposed images tend to be degraded and lower in contrast," said Prof Gary Rubin from University College London's Institute of Ophthalmology.


"I question whether a multi-focal contact lens is the right solution.


"If you're walking around with a heads up display on, the image projected on the lens could mask your peripheral or central vision. And if it's magnifying the image or changing the way it moves when your eyes move, you could get motion sickness."


You can see more on this type of wearable technology on Click on the BBC News Channel at 1130 on Saturday and Sunday in the UK, and worldwide on BBC World News this weekend.


 


Laptop Batteries Replacement:


 




 


...etc.




Post je objavljen 05.06.2012. u 09:04 sati.