Slashdot Mirror
Microsoft Brings Security Holes to the Mac
eMilkshake writes "There is an MS security bulletin that reads, in part, 'A security vulnerability exists ... because of the method by which Virtual PC for Mac creates a temporary file when you run Virtual PC for Mac. An attacker could exploit this vulnerability by inserting malicious code into the file which could cause the code to be run with system privileges. This could give the attacker complete control over the system.' Guess VirtualPC really brings the Windows experience to the Mac!" An update is available from the Microsoft site.
On the flip side: sking writes "Australian IT reports on Microsoft's continuing development for the Mac: 'I just want to thank Apple for providing all those great innovative technologies that let us do what we love best: creating great applications,' gushed head of Microsoft's Macintosh Business Unit Roz Ho."
I've had a couple of occassions where Soft Windows decided it needed to launch in response to some web feature or a PC file. I've never had an infection via this route, but it seems that it is possible that double-clicking on a malware .exe file on a Macintosh could lead the Mac to attempt to invoke a Windows emulator and thus infect the emulator. Perhaps this is the Mac's way of corrupting and killing the Window's emulator ;)
Two wrongs don't make a right, but three lefts do.
A Google search on
virus checker apple macintosh
produced a few results. The first one of any meaning was a mention of Norton Anti Virus for Apple Macintosh.
I'm pretty sure there has not even been such a product for quite some time. They call their products Symantec now.
Don't blame Durga. I voted for Centauri.
And that was not one of those times, agreed.
However, you do deserve to get modded down three times as "Offtopic" for posting a whine about moderation while using you +1 bonus.
Yes, this security problem gives escalated privileges to the user of VPC. But, in general, you can use VPC as a great test for virus infections, security holes, etc. You can save and duplicate a clean setup, beat up on the dupe and replace it with a new dupe. Very handy for testing.
You're just jealous because the voices only talk to me.
While MS might say so, I wonder a single UNIX application such as VPC could cause such a compromise to OS X. The only way I could think of a vunerability being effective is if VPC could relay instructions to OS X, and if OS X has an administrator account running, where a chance exists that root could be activated.
I think MS wants to be overreactive to the possibilities, rather than underestimate the potential, low as they may be.
Vos teneo officium eram periculosus ut vos recipero is.
Well, VPC actually needs to run as root so it can alter firewall rules for networking in the Guest OS.
Although its a file permission issue and most users run vpc on standalone systems. It does allow priv escalation to root. I think the biggest danger would be in a lab environment where VPC has been installed...
Because Apple licensed .NET and VBScript for compatibility with said viruses and worms, of course.
It really shows how well Microsoft's focus on security is working. I guess if they really cared they would have done a security audit on any acquired products before releasing a new verison under their name.
mbbac