Microsoft Brings Security Holes to the Mac

eMilkshake writes "There is an MS security bulletin that reads, in part, 'A security vulnerability exists ... because of the method by which Virtual PC for Mac creates a temporary file when you run Virtual PC for Mac. An attacker could exploit this vulnerability by inserting malicious code into the file which could cause the code to be run with system privileges. This could give the attacker complete control over the system.' Guess VirtualPC really brings the Windows experience to the Mac!" An update is available from the Microsoft site. On the flip side: sking writes "Australian IT reports on Microsoft's continuing development for the Mac: 'I just want to thank Apple for providing all those great innovative technologies that let us do what we love best: creating great applications,' gushed head of Microsoft's Macintosh Business Unit Roz Ho."

Unit Roz Ho?

Unit Roz Ho? What is this, Frank Zappa's lost daughter?

Only a matter of time

[AtariAmarok]

Only a matter of time before the Mac virus checker software flags and removes Virtual PC as a trojan.

Re:Only a matter of time

[NatasRevol]

There's a Mac virus checker?

Why?

Ohhhh, Microsoft products. Right, gotcha.

Re:Only a matter of time

[Go+Aptran]

Probably to prevent a Mac user from passing along a Windows virus to a friend who owns PC, by forwarding an infected email.

Re:Only a matter of time

[Go+Aptran]

Ah...but in a business setting, you don't want to have Macs that are capable of passing along a virus or worm to your clients who might be running a PC. It looks very unprofessional.

Additionally, it might be easier to make the case for getting a Mac into a Windows office if you can point at the existence of current Anti-Virus software... at it makes the suits less nervous.

Its about time

[MarkGriz]

I, for one, welcome our malicious code inserting overlords.

Whoever picked that title is a horse's ass.

[Elwood+P+Dowd]

What Microsoft did was bring their huge audience to a security update for Connectix's tiny little program, VirtualPC. How much input do we really think that Microsoft had on this latest release of VirtualPC? Don't you really think that it was probably horked by the same programmers that would have horked it at the previous developer?

So, someone found the hole. Microsoft released the patch information to every person subscribed to their security lists. That's a lot of weenies. For all we know, if VPC hadn't become an MS product, the vulnerability would still be there, and *no* *one* would have heard about it, including the developers.

Re:Whoever picked that title is a horse's ass.

[MoneyT]

Actualy thete's a very good chance the security hole would have been found because according to the tech document, the hole wasn't found by MS, it was found by one of the guys at @stake.

Risks from Autolauching Emulators

[G4from128k]

I've had a couple of occassions where Soft Windows decided it needed to launch in response to some web feature or a PC file. I've never had an infection via this route, but it seems that it is possible that double-clicking on a malware .exe file on a Macintosh could lead the Mac to attempt to invoke a Windows emulator and thus infect the emulator. Perhaps this is the Mac's way of corrupting and killing the Window's emulator ;)

Re:Mac virus checker?

[hawaiian717]

Norton AntiVirus is still around on the Mac, it is currently at version 9. Network Associates/McAfee also puts out Virex. Apple actually includes Virex as part of a .Mac subscription.

Looking at the virus definitions, it looks like most of the signatures are for Windows viruses. There are the old Mac and HyperCard viruses that it keeps a look out for as well.

VPC Vunerabilities Aren't New

[Spencerian]

Virtual PC emulates the hardware of an actual PC, complete with a video card, Ethernet NIC, a P2 processor, sound card, COM ports, and USB. This allows VPC to run practically any OS (except the old BeOS).

Because of this, folks, VPC has always been subceptible to malware attacks, particularly in Windows. If you can infect a real PC running Windows, then VPC running the same OS configurution is just as vunerable. Running Linux? Yep, you can get rooted if you don't configure it as you would any other box.

This new security update isn't very special in itself--it's perhaps that MS detected the vunerability better because it has access to the VPC source since they own the product now. A good question is whether the vunerability is in the virtual machine code or something that makes VPC more vunerable only in an environment running Windows.

The good news is that infections will only compromise the PC environment(s) in use. The Mac that is running VPC cannot be touched as it is effectively an invisible party to the VPC environments, nor can the Mac be used as a carrier as you can with some e-mail worms.

Not to say that someone might not try to exploit VPC's ability to use USB devices or its networking processes it shares with a Mac, or options such as shared folders (where a Mac folder is shared to Windows as if it were a networked folder).

Re:VPC Vunerabilities Aren't New

[kinnell]

The good news is that infections will only compromise the PC environment(s) in use. The Mac that is running VPC cannot be touched as it is effectively an invisible party to the VPC environments

Are you sure? The alert seems to imply that it can gain root access to the underlying system, not just the VPC environment.

Re:VPC Vunerabilities Aren't New

[am+2k]

VPC runs partly as root, for the virtual switch feature. It actually asks for the administrator password on first launch.

Re:VPC Vunerabilities Aren't New

[vmunix1]

Well, VPC actually needs to run as root so it can alter firewall rules for networking in the Guest OS.

Although its a file permission issue and most users run vpc on standalone systems. It does allow priv escalation to root. I think the biggest danger would be in a lab environment where VPC has been installed...

-1, Wrong

[BandwidthHog]

The hole exists in previous versions of VPC. MS is, somewhat unsuprisingly, only releasing a patch for recent versions.

Connectix released versions 6.0, 6.0.1 and 6.0.2, and I believe the first MS release was 6.1. Yesterday's MS patches are from 6.0 forward.

Balmer: EmulationEmulationEmulationEmulation!!

[MasonMcD]

Emulated OS on emulated hardware gets emulated virus. Emulated virus-checker emulates removal.

Users emulate customer satisfaction - give emulated kudos to emulated customer-centric software company.

Re:If the OS was secure,

[JMZorko]

There are APIs (in *nix and Win32) that allow a program to run as any user, but the user's information must be known to do this i.e. username, password, etc. Anyone can write a third-party app to do this, and it doesn't mean the OS is insecure.

What we mean by "insecurity" here is being able to run code as a particular user _without_ having to know that user's info i.e. stack trashing, buffer overruns, or taking advantage of an error in another program (i.e. VPC) to do your nasty stuff.

Another case in point -- running a dictionary attack against a host to find out names / passwords does not mean the OS the host is running is insecure, even if the attack succeeds. It means the _host_ is not secure. If I use standard dictionary words for username and password of my root (or any other) account on my Linux box, and someone does a dictionary attack and finds them out, it's not Linux's fault -- it's mine.

Regards,

John

It really is about time

[commodoresloat]

All kidding aside, insecurity is the one feature of Windows where the MacOS lags significantly.