Mac Trojan Horse Disguised as Word 2004
Espectr0 writes "Macworld is alerting of a malware program for the Mac. A Macworld reader alerted the magazine to the malware after he downloaded the file from Limewire. The reader told Macworld: 'I downloaded the file in the hope that perhaps Microsoft had released some sort of public beta. The file unzipped, and to my delight the Microsoft icon looked genuine and trustworthy.' However, he added: 'I clicked on the installer file, and to my horror in 10 seconds the attachment had wiped my entire Home folder!'" This sounds similar to the recent trojan horse proof-of-concept. There are many ways to make one file look like another, on any platform. This is 2004, you should know by now not to open a file from an untrusted source.
This is a perfect use for Fast User Switching. Create an account with no perms and no data you care about losing. Test downloads in that account. You can do it without even logging out.
Be careful though of the fact that there's no restriction on network access for a 'no perms' account. (This is a failing of UNIX in general, not MacOS in particular.) This would allow Microsoft/anyone to put out a trojan like this, and send back a 'this IP fell for it' packet, or even run a server on a 'high' port (depending on your firewall configuration).
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
How can such a goal be attained? There are many ways available now. The most obvious one is a VM system with security policies, such as the JVM. That's not the only one, though. Another method is a capabilities-based system, so when a process starts, it has only a defined set of capabilities to work with. OpenBSD has a similar, but more limited system called systrace. The TrustedBSD project and SELinux have similar aims, and SELinux is being integrated into mainstream Linux distros. Another way to run untrusted things is with user-mode Linux, which I believe is integrated with Linux 2.6
The editor is right, though, that on currently-used systems like OSX and MS Windows, you have to be careful what you click on. But the problem is that we have come to accept that as "the way things are", when there is no reason for that to be the case. You should be able to run hostile code, see what it does, laugh at it, and delete it without any harm. The technology to do that exists, and has existed for years, but we have come to accept broken products and systems that don't allow that.
---------
WAP news