Re Mac Office and Security

[smackedass]

Hello,

I've heard it suggested that installing/using Office for Mac on a MacIntosh
computer compromises some of the innate security features of the Mac.

Can this be true? It doesn't make sense to me, unless a malicious macro is
introduced and run.

Any suggestions/links will be much appreciated.

Thank you,

smackedass

 

[JE McGimpsey]

I've heard it suggested that installing/using Office for Mac on a MacIntosh
computer compromises some of the innate security features of the Mac.

Can this be true? It doesn't make sense to me, unless a malicious macro is
introduced and run.

Well, ANY application can, if badly designed (or just including an
unfortunate bug), compromise the OS security features.

There's nothing in my experience that would indicate that Office for Mac
poses a significant danger, other than the potential for rogue macros.

MS has offered security updates from time to time, just as Apple does
for MacOS.

 

[smackedass]

Thank you for your prompt, informative replies.

sa

 

[Kurt]

You are wise to ask the question. There is an awful lot of nonsense spoken
about computer software. You need to consider "How much does the person who
is telling you this know about the subject?"

In this case, I am with John. We're both in the software industry. I have
not heard of any ability in Microsoft Office to compromise Apple OS X
security, either. Since Office 2004 was released, Microsoft, Adobe, and
Apple have released several updaters, each of which has contained security
reinforcements.

It is possible to get a rogue macro virus into Office Mac, and such a virus
could damage your Office documents. But not OS X. Moreover, the majority
of the macro viruses currently existing will not survive on Mac Office
because they were written for the PC.

Any reputable antivirus program will easily deal with the rest.

Ever notice that every time there's a big story on the news about a new
malicious computer virus on the rampage, they generally fail to mention
that it is PC only?

 

[smackedass]

Ever notice that every time there's a big story on the news about a new
malicious computer virus on the rampage, they generally fail to mention
that it is PC only?

Probably because it's a foregone conclusion!

sa

 

[Kurt]

Ever notice that every time there's a big story on the news about a new
malicious computer virus on the rampage, they generally fail to mention
that it is PC only?

Probably because it's a foregone conclusion!

sa[/QUOTE]

Not really, there are a lot of new Mac users who don't know that viruses
are OS specific.

 

[John McGhie [MVP - Word and Word Macintosh]]

No, it is very definitely NOT a foregone conclusion

Macs CAN get viruses, there ARE viruses for Mac OS X, and there are
vulnerabilities in the Mac system.

However, the major damage being done to computers these days is via phishing
and trojan malware. These types of attacks do NOT damage your system at all
(because they depend on it to keep running in order to do their bad stuff.)

The PC vs Mac "Catching a cold" TV advertisements are highly amusing. Just
so long as we remember that the people laughing loudest about them are the
bad guys... You know what they say about an ounce of prevention

Cheers

Probably because it's a foregone conclusion!

sa

--

Please reply to the newsgroup to maintain the thread. Please do not email
me unless I ask you to.

John McGhie <[email protected]>
Microsoft MVP, Word and Word for Macintosh. Business Analyst, Consultant
Technical Writer.
Sydney, Australia +61 (0) 4 1209 1410

 

[smackedass]

No, it is very definitely NOT a foregone conclusion

Macs CAN get viruses, there ARE viruses for Mac OS X, and there are
vulnerabilities in the Mac system.

Aw, cmon. Of course, Macs aren't bulletproof, but probably 999 out of every
1000 virus infection occurs on an MS platform.

sa

 

[Kurt]

No, it is very definitely NOT a foregone conclusion

Macs CAN get viruses, there ARE viruses for Mac OS X, and there are
vulnerabilities in the Mac system.

However, the major damage being done to computers these days is via phishing
and trojan malware. These types of attacks do NOT damage your system at all
(because they depend on it to keep running in order to do their bad stuff.)

The viruses are extremely rare. I'm more afraid of macros.

 

[John McGhie [MVP - Word and Word Macintosh]]

Sure: But there are people reading in here who know little about computers
and care less. They are never aware that their machines have been taken
over by the bad guys and are spraying the rest of us with all manner of
exploits like Typhoid Mary.

So I always rush in to post the warning so people who don't have a big
interest in maintaining computers don't go away with the idea that they
don't need protection "Because I'm on a Mac."

That's like saying "I don't need protection because I only sleep with my
boyfriend." Who does HE sleep with? Are you sure? Would you bet YOUR life
on it? I'm a guy: I'm in a good position to know that the risk of doing
that is NOT 'zero'

Same with computers. The fact that the odds may be 999 to 1 falls apart
when you realise a computer enables the bad guys to make up to a thousand
attempts A SECOND! One of them will succeed; eventually.

I'm on cable broadband -- high speed, always on -- my firewall reports
around one serious attempt to break in every 20 minutes, and 10 or 15 "port
scans" of people looking for a way in.

An acquaintance of mine got a monthly Internet bill for $17,527.00 recently.
Turns out he had a trojan root-kit using his computer to send spam (yes, it
WAS a PC). Of course, he's a programmer: so much smarter than the rest of
us. So HE wasn't running any protection "because it slows the computer
down, and I don't go to any bad sites so I will be OK." You don't HAVE to
go to the bad sites, Phil -- they'll come to you

The court said he could pay the bill off at so much per month. But he can't
get a home internet connection until he has done.

Of course, if you're running a Mac on a dialup connection you bring up only
to get your email, then maybe that's a risk worth taking. Personally, I
don't...

Cheers

Aw, cmon. Of course, Macs aren't bulletproof, but probably 999 out of every
1000 virus infection occurs on an MS platform.

sa

--

Please reply to the newsgroup to maintain the thread. Please do not email
me unless I ask you to.

John McGhie <[email protected]>
Microsoft MVP, Word and Word for Macintosh. Business Analyst, Consultant
Technical Writer.
Sydney, Australia +61 (0) 4 1209 1410

 

[Kurt]

Sure: But there are people reading in here who know little about computers
and care less. They are never aware that their machines have been taken
over by the bad guys and are spraying the rest of us with all manner of
exploits like Typhoid Mary.

So I always rush in to post the warning so people who don't have a big
interest in maintaining computers don't go away with the idea that they
don't need protection "Because I'm on a Mac."

That's like saying "I don't need protection because I only sleep with my
boyfriend." Who does HE sleep with? Are you sure? Would you bet YOUR life
on it? I'm a guy: I'm in a good position to know that the risk of doing
that is NOT 'zero'

I just don't know how well this argument holds up to the reality of Mac
vulnerability. So small is the risk of virus that having anti-virus
software is much more for piece of mind than the reality. Last worm I
saw was over 10 years ago.
PC-specific vulnerabilities have little to do with our realities.
I'm not saying that we should be cavalier, only evaluate the risk,
which, for Mac users is pretty low.

Not saying that this couldn't change as the Mac market expands.

 

[John McGhie [MVP - Word and Word Macintosh]]

The expanding Mac user base -- That's the whole point, isn't it. I don't
know at what point it becomes material either.

There's an element of "critical mass" involved. I don't pretend to know
what the number is at which it becomes worth the bad guy's time to put some
effort into ripping us off. But I suspect it's below 30 per cent.

In some markets, the Mac population is above ten per cent and rising.

I run an antivirus, a firewall, a Spam filter, and a an anti-malware
utility.

But then I live out here on the public internet in a world containing people
so deluded they believe I work for Bill Gates, and that they are somehow
striking a blow at Microsoft by sending me a copy of every nasty they can
lay their hands on. Some of us represent a smaller target than that

Cheers

I just don't know how well this argument holds up to the reality of Mac
vulnerability. So small is the risk of virus that having anti-virus
software is much more for piece of mind than the reality. Last worm I
saw was over 10 years ago.
PC-specific vulnerabilities have little to do with our realities.
I'm not saying that we should be cavalier, only evaluate the risk,
which, for Mac users is pretty low.

Not saying that this couldn't change as the Mac market expands.

--

Please reply to the newsgroup to maintain the thread. Please do not email
me unless I ask you to.

John McGhie <[email protected]>
Microsoft MVP, Word and Word for Macintosh. Business Analyst, Consultant
Technical Writer.
Sydney, Australia +61 (0) 4 1209 1410

 

[Kurt]

The expanding Mac user base -- That's the whole point, isn't it. I don't
know at what point it becomes material either.

There's an element of "critical mass" involved. I don't pretend to know
what the number is at which it becomes worth the bad guy's time to put some
effort into ripping us off. But I suspect it's below 30 per cent.

In some markets, the Mac population is above ten per cent and rising.

I run an antivirus, a firewall, a Spam filter, and a an anti-malware
utility.

I've still never heard of a Mac "being taken over."

 

[John McGhie [MVP - Word and Word Macintosh]]

Hi Kurt:

I've still never heard of a Mac "being taken over."

Yeah, they demonstrated injecting a RootKit at one of the Security
Conferences last year, via a Wireless driver that has since been patched by
Apple.

Of course, once you get a root kit in there, you're running above the System
privileges and can do anything you want, including disable the keyboard.
The only defence is to turn the power off

Cheers

--

Please reply to the newsgroup to maintain the thread. Please do not email
me unless I ask you to.

John McGhie <[email protected]>
Microsoft MVP, Word and Word for Macintosh. Business Analyst, Consultant
Technical Writer.
Sydney, Australia +61 (0) 4 1209 1410

 

[Barry Wainwright [MVP]]

The expanding Mac user base -- That's the whole point, isn't it. I don't
know at what point it becomes material either.

There's an element of "critical mass" involved. I don't pretend to know
what the number is at which it becomes worth the bad guy's time to put some
effort into ripping us off. But I suspect it's below 30 per cent.

Perhaps the point that really matters is "How many UNPROTECTED machines of
xx type are out there?"

If macs have 10% of the installed base, but 90% are unprotected, while
windows machines have 90% of the installed base with only 10% unprotected,
then we're an equally tempting target to the malware writers...