Slashdot Mirror
Large Prize Offered For Writing Mac Virus
Mordant writes "Some experienced Mac developers are offering a $25K prize to the first person to successfully infect two 'naked' Internet-connected Macs running stock Apple software. The best part is that if any Symantec employee succeeds in infecting the Macs, the prize goes up to $50K (Symantec has been fanning the flames of totally bogus "Macs aren't more secure, it's just that Windows is a bigger target" technical-equivalence propaganda)!" Update: 03/26 20:24 GMT by Z : Well, that was quick. Jack Campbell has cancelled the contest, after he "...was contacted by a large number of Mac users, and Mac software professionals who shared their thinking with me about the contest."
This has got to be one of the stupidest contests of this type I've heard about.
1) If a virus has spread over every Mac on the Internet, then it's harmful.
2) Many people would say that ANY virus is harmful, just by virtue of it being a virus (spreading, infecting.)
3) I'm so sure it's worth $50,000 for Symantec to finally put that "Antivirus companies don't write viruses" myth to bed.
4) We're going to use antivirus software to determine if we've been infected... which will only catch previously known viruses.
5) Hey you guy that wrote the virus that spread to every Mac on the Internet: just identify yourself afterwards, and we'll pay you.
Couldn't this shake their credibility, though, if someone does succeed? Seems like a bit of a gamble to me. But it would be cool if no one succeeded.
Everything I need to know about copyrights I learned from Slashdot.
I think there should be a lot more contests like this out there...Don't you?
and how long untill a mac virus pisses off the wrong person and they get done for giving money to "cyber-terrorists"?
I like muppets.
They always claim they don't hire hackers but really it is how they make money.
for days when someone suceeds at this. Never dare someone to do stuff like this, it is just too tempting of a target.
Does this not constitute either entrapment or solicitation of a crime?
Nice balanced submission you got there. As far as I'm aware there is no conclusive evidence that shows Macs are inherently more secure and would not suffer the virus problem that Windows does if it had Windows' market share. Note that a lot of the virus problem comes from users showing bad practice (clicking 'Yes' to install things they really shouldn't, opening attachments they really shouldn't). I wouldn't be suprised if Mac users were on average more savy, and this could contribute.
I would like to personally congradulate the winner of this contest. They can meet me in the woods behind my house.
At what point does a virus become hamless and benign, i'm interested in what the /. community think so fthat statement.
This is the notorious Jack Campbell, one of the shadiest characters around. It's undoubtedly a publicity stunt for his business. What a jerk.
Even a virus would be more useful.
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
1. symantec employee writes mac virus. ..or maybe not :)
2. fine print in employment contract says that virus effectively belongs to symantec.
3. symantec keeps the money and comes out in the black on mac antivir software for once!
They aren't asking for source code to the virus, or the virus to be sent to them (and only to them) in a polite form, they're leaving two Macs exposed to the net and expecting to pick a winner by what their virus scanning software finds. You claim the money by sending them a 32 character string that appears in the virus.
If you got a virus to them this way, I think the $25k would only begin to cover your legal bills.
A computer is only as secure as its user. Are they going to man these two naked Macs with total noobs, to make it a fair contest?
will pay 100k for somebody to infect a linux box, to prove linux is less secure than windows.
Something tells me it's unlikely you'd ever see the cash, even if you were to succeed.
Google for Jack Campbell and MacTable for more info on this guy's shady past.
Since the majority of viruses, spyware, and other crap are due to user inaction, this isn't really a fair metric about the overall security. However, it is good to compare against the Windows survival time which is measured in minutes. This does show that Apple has its default security setup as "paranoid with multiple tin foil hats) compared to Windows XP's default setup. A more interesting test would compare how hard it is to get spyware onto a user's computer via the default webbrowser since that seems to be the primary vector these days. However, this is problematic since it's heavily dependent on user stupidity.
--
Want a free iPod?
Or try a free Nintendo DS, GC, PS2, Xbox. (you only need 4 referrals)
Wired article as proof
"Macs aren't more secure, it's just that Windows is a bigger target"
While this statement may SOUND true, it's a fact, MAC OS X was built with more security in mind than Windows. Security was built into the OS from the ground up. That can't be said of Windows.
While making a statement such as "Macs can't have a virus" is false, I would say it would be more difficult to make one, than creating one for a Windows box, which seems like an Joe Shmoe can do.
It sound like the only way to infect the machince is to find hole in the e-mail client. Something like that isn't even possible anymore on a fully patched Windows XP or above Machince. It may be connected to the internet but we don't even know it's IP address. How exactly do you hack it?
"for days when someone suceeds at this. Never dare someone to do stuff like this, it is just too tempting of a target."
Apparently Windows doesn't need encouragment.
They double the reward from $25,000 to $50,000 if a Symantec employee writes the virus? Most companies that run these kinds of events prohibit employees from entering because the risk of cheating is too great. Who is to say some employee from Symantec gets a hold of an entry, and changes it slightly and then submits the entry as his own? Wasn't Mcdonalds involved in an insider game scam? http://archives.cnn.com/2001/LAW/08/21/monopoly.ar rests/
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Why don't the folks offering the $25K just go out and buy a sports car? That's a more sensible way to prove they have a short penis, and will double as transporation.
Why do people feel a need to create challenges like that? Frankly I'd rather see programmers spend their time programming, and not encouraging others to expend so much T&E to find exploits. That's how DRM and other ilk were conceived.
If you think about it carefully, any such virus will be wasting bandwidth and processing time.
Worse, they aren't just proposing attacks on the specific machines, but rather that you have to put your virus into the wild. That way, it will waste EVERYONE's bandwidth and processing time while it spreads enough to infect those needles in the haystack that is the internet-at-large.
Just brilliant.
picpix image polls. create - share - vote. fun!
Be careful what you wish for...
Since -when- is it totally bogus to say that 1. Windows machines are bigger targets (there are vastly more of them, and more of them run by people who are less than technically inclined) and that 2. Macs are NOT inherently more secure?
Yes, Sym & co are definitly slanted... but your post is even more so.
I, for one, welcome our OSX-virus-writing overlords.
From TFA: Email attachments will not be opened.
Aren't most Windows viruses spread through attachments/downloads? Sure, there have been many worms spread through open Windows services (that have been patched), but the ongoing threat of viruses is from running/opening documents that are downloaded by the user. Is there any way to stop the same thing on OS X or even Linux?
To make it clear, I don't consider IE as part of Windows (it's just an application), I've been running Windows without IE for years without any problems.
Err, how did you manage to do that? I got a machine, installed XP SP2 with no updates (plain SP2), turned off the firewall and connected it to the net to autoupdate. It's been running ever since, flawlessly.
Send email from the afterlife! Write your e-will at Dead Man's Switch.
..of doing this?
Since they pay so well someone's gonna write that virus. They try to proove viruses can't be written for mac, but they will fail. They'll prove the opposite and they have to pay for it. Insane.
But, by definition, there is no such virus, so how can the virus signature be recognized by some commercial product?
In the news:
Interpol arrested a hacker who was trying to claim a prize for having developed the successful virus that affected thousands of Macintosh computers last week...
But then i've had a copy of Windows Server 2003, directly connected to the internet for years with no firewall using ICS to share the connection, with only the MSBlaster update. It's running perfectly fine, i sometimes use it for browsing the net if my PC is down, i've never detected a problem.
Each day, we will scan both Powermacs for the presence of an OS X native executable virus, using a commercially available virus scanning utility.
So if I create a virus that your scanning software can't detect I get squat?
Only a benign, harmless virus may win. Any virus entered in the contest that cause harm or damage in any way will be disqualified.
"In any way" sounds dubious, since anything I do to your system is potentially harmful. The odds are good that I'm displacing something if I'm planning to spread my virus. If to get in I have to replace some crucial shared library, I get squat?
One last point: the vast number of Windows machines are malware laden because of stupid users, at least for the latest versions. There were some ways (notably SASSER) of getting into a stock system without user intervention, and the sheer number of systems makes it easy for such a thing to spread quickly. That's more a function of the number than of the particular ease with which the system is broken; I assume it took months to write the worm. Even security-nightmare IE and Outlook aren't a problem if you don't use them.
I'm generally more concerned about trojans (and the fact that Windows makes it easy for users to accept one and hard to contain and remove it) than about machines just sitting there.
Hey, props to having confidence in the machines; I hope you win your bet. But it's a long way from proving the inherent security of OS X.
Sounds similar to the linuxPPC challenge when LinuxPPC Inc put a Power Mac 9500 on the net in response to the Microsoft server demo. That one, IIRC, still came out in favour of linux and the older less capable Power Mac.
I'm in favour of things like this if they expose vulnerabilities that can be patched and closed, like honeypots. But I'm not in favour of these "in-your-face" types of contests and challenges. Usually leaves the challenger with eggs all over their face.
From the article: "All you have to do is put a harmless virus into circulation"
A harmless virus is one that is NOT in circulation. Even if it's not malicious it WILL use network/system resources, and it WILL have to be removed by everyone that gets it. I sure as hell treated Welchi (http://www.f-secure.com/v-descs/welchi.shtml) as a virus, and I know I'm not alone.
I don't see how this can be legal.
I've got to agree. This eliminates one of the most common sources of viruses: internet browsing. By virtue of limitting infection methods to email, they've effectively rigged the contest. It will not be a true test of the Mac's performance in internet security as it will only deal with one aspect of internet threats. Even with the IPs of the boxes, this would continue to be an unbalanced contest.
What *WOULD* be responsible is something like:
We've placed a file with our unlisted phone number somewhere on the harddrive. The first one who can hack in, get it and call us on that number wins the prize. And by the way, we're packet sniffing all packets to figure out how you did that.
You don't necessarily need to write a virus to compromise a computer.
Would you accept the word of a locksmith telling you that your current locks aren't sufficient and that you should give him lots more money to put new locks on your house if he cannot SHOW you how easy it is for him to pick your current locks?
It's time for Symantec to put up or shut up. Either Macs do need their software AND they can prove it or they're just pushing their software with lies.That's an awful big "if".That's a real problem. Either the virus writer has to modify an existing virus so that its signature is picked up, or send the virus software companies a copy of his virus so they can update their signature files.That's about how it will go.
Either someone has to show how it can be done, or Symantec needs to shutup about how vulnerable Macs are.
Personally, I don't see much of a problem there.
Worms attack through ports.
Viruses load themselves into memory and infect other files.
Trojans only run when you launch them.
From the article, it looks as if they're hunting for worms or exploitable holes in apps. But the most common Windows-side issues now are trojans emailing themselves to everyone.
If I had the knowledge I would write a virus that only infects the two computers required and it would be completely benign. I could take their money and create a virus that is useless.
All this contest does is two things: One - It can prove that Mac OS X is far more secure than windows, despite the claims of antivirus companies and microsoft (A shocking conclusion...)
Two- And if there are security holes that can be exploited, this contest will put them to light, and knowing apple they will be fixed withing the day.
Personally, I think this contest is a great idea, many corperations have "Hack our servers" contests for this reason. Its cheaper than hiring a dozen network consultants to find faults, and it can also show to the world how secure the network really is.
3 degrees of separation from Vladimir Putin
So when the virus comes out for OSX there will be a Nortan out the next day. Who would buy a Nortan antivirus for OSX now? nobody. THe next step is Linux then bsd. NObody in thier right mind will buy a Linux Nortan antivirus. THink its al about the $$
Since we know the location of the targets, I don't think it would be too hard to find their backbone. to the 'net. Jumping on that same backbone, maybe it would be possible to track these two machines ventures on the network using the technique described in this recent article.
Knowing where the machines browse around could possibly help in building an attack plan. It seems most exploits these days involve web browsing symantics. If somebody got an exploit in the door, the prize-winning virus could then be placed.
PiranhaPhish
In a similar vein, the military has "red teams" that are hired to challenge defenses.
I'd like to see Microsoft provide "bug bounties". It seems to me that it would be a remarkably cost effective way to discover problems.
He has a really cool product for electric guitars. A really nice 9.5MB picture is available on the site. I suggest Slashdot readers check it out. Repeatedly.
I am calling bullshit on this obvious lie. You had a clean instal, behind a firewall, with all the service packs installed, and in just 10 minutes after that with a direct connection to the net, someone infected it with spyware? That has to be bullshit.
I have been running Windows 2000 for years, and there is no spyware. And I am not doing anything special. I make sure to fdisk the mbr before an instal, just to make sure someone did not hide something on the hard drive before the instal. I do the instal off-line. Add a software firewall, then connect through a router to the net to get the service packs. I have never had any spyware on my system ever. I disable active-x from IE, and when I did my instal the only net protocol I install is tcp/ip, I do not instal the other 2- client or file & printer sharing.
Come on, when will all this anti-windows BS stop? The only reason people can hack it is because users don't instal service packs and because they open links in emails that use active-x. I gaurentee if those two problems are resolved, it will become 99.9% harder to infect a machine- a hacker would not just be able to run software, he would have to know your system and activly fight to get in, which would be too much work for him.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Subject: Unix Virus
/
To:
-----Begin Unix Virus-----
This is a Unix virus.
Forward this message to 5 other Unix system administrators, and then run the command:
sudo rm -rf
-----End Unix Virus-----
These guys sell Mac peripherals (mice, keyboards, iPod add-ons, etc).
Whether they give the money away or not, whether there's a legitimate virus developed or not, and even regardless of whether the overall publicity slant is positive or negative, they've just ensured their site will see its' traffic and name recognition skyrocket.
the first thing is that they won't give 50000 USD to a virus that's harmful. which pretty much means that they'll only be paying off a proof-of-concept that got out in the wild.
they also will not open any attachments at all; and since one of the primary ways that virii propagate is through lusers opening up mystery programs that takes a huge one chunk out of the running.
oh yeah, and if you're writing a non-harmful virus that doesn't rely on an attachment, you still also have to have your virus found by a commercial virus checker -- which means that it will likely only be found by a heuristic checker.
i was inclined to say "Pride goeth before the fall" but since they only give you until the end of July, i'm guessing that they're actually not feeling all that proud and secure in reality
I did not find the IP Adresses of the macs.....
I dont understand the argument that if Apple had the market share that Windows has, it would suffer the same problems as Micro$oft. That fact remains that because they are smaller they are a smaller target. This isnt about who has the more advance platform its about who is at greater risk. Isn't that the reason that most software written for the goverment in done in-house? So that there is no info about it and it has a very small user base. I dont own a Mac (I think they are over priced and underpowerd myself). But I am tierd of useless points like this.
If it was..... guess what? it isnt!
Too bad this is being sponsored by a manufacturer of rather poor-quality products. For example, they make a product called the SightFlex which appears to be the ideal iSight stand. So, I bought one... The camera caused all sorts of problems on the FireWire bus, so I contacted Jack at MacMice. The long thread of emails ended in my not receiving a response to a request for a working product, although Jack did suggest opening up the SightFlex and wrapping aluminum foil around the wires in the base.
t ing
;)
So, I opened it up and here's what I found: http://www.nuxx.net/gallery/sightflex_troubleshoo
Great, huh? Nicely random scattered, poorly soldered wires in the base, not all twisted up like they are supposed to be in a FireWire cable.
I would have pursued the issue further, but the cheap plastic base of the device ended up breaking when I was moving it around one day. It seems that the flexible metal of the neck is just threaded into some fairly thin plastic in the base (again, see pictures) and the rather brittle plastic just up and broke one day.
Great idea, piss poor execution.
And, it is exactly becuase of this sort of product why I will never trust DVForge / MacMice again, no matter how noble the cause may be.
After my experience, I'd think that they are offering $25,000 in monopoly money. Note that they never say US Dollars, so you can't fault them if they pay up in fake bills.
Weird... (You're probably a troll but...)
I've installed Windows SP2 and patches and then put machines on the net w/out firewall - none of them have gotten loaded with spyware without user stupidity...
Any OS unpatched is unsecure. Most OS's (including Windows) when they are patched and up to date are as secure as the person that uses them.
please, for the love of the cylon god, mod the parent up
I call bullsh*t.
Is this another, "in small print", study payed for by Microsoft?
AppleScript is a pretty powerful language. Someone might go about creating a MacOSX virus by writing it in AppleScript and disguising it as another program. For instance, the html-formatted email received in Mail would have the look and feel of Apple eNews and information letters with an attached Applescript. The AppleScript when activated pops up a window requesting the administrator password to do some check on the operating system, or to activate a security feature not turned on by default. The AppleScript then gathers all email addresses from Mail and AddressBook and sends itself to everyone in the databases, then the program does "rm -rf /*" as its final trick.
While this is not a virus in the traditional sense, it could work in theory with some unsuspecting Mac users out there, like grandma or aunt Mae. And we all know that this couldn't happen to Slashdotters, not ever!
No idea.. it just- happened. I too have had an SP2 system connected to the internet directly with no problems. Maybe a security fix actually introduced a new exploit or something. It was about a day after running windows update that I connected it to the net. In my experience, it seems to be a bit of luck, some of my installs have been flawless for their entire lifetime, but some just die within a day, usually without any human interaction.
Of course it's running fine. After I root a box I always make sure I keep the patches up to date. Daddy has to keep his hoes clean you know!
I think a lot of the Macs stability and resistance to hacking is due as much to the fact that the OS and the Hardware com from the same source. So market share is what's touted as the reason no one bothers to hack a Mac but that can't compare to the OS being seamlessly integrated to work with just one kind of processor.
I've hit Karma 50 and gotten a Score:5, Troll... I win!
I'll also symbolicly offer $1 to each of the virus writers and I invite the faithful others to do the same ! :)
Trolling using another account since 2005.
They ask for a virus, but their description is calling for a worm.
. pdf
According to Symantec: www.symantec.com/avcenter/reference/worm.vs.virus
a virus is defined as a program that spreads from file to file on a computer. A worm is designed to spread with minimal human intervention, if at all.
Seeing that many PC viruses and worms spread due to the stupid user opening an attachment, I find that there requirement for not opening attachments makes the test a little unrealistic at best.
but then again, if they did open attachments, this would be a pretty quick $25K to collect.
As far as I'm aware there is no conclusive evidence that the "Windows Market Share" theory of exploitation holds any water at all. From a _design_ perspective Windows has been shown to be less secure than other operating systems. Wether it's targetted or not has no effect how secure Windows actually is! It just brings to light that it is insecure, incontravertably and demonstratably insecure.
Kind Regards
"A few great minds are enough to endow humanity with monstrous power, but a few great hearts are not enough to make us w
Viruses are inhereintly harmful, from the mere fact that they replicate.
Inducing someone to commit a crime by offering to pay them is also illegal.
It had better be more than $50K for a Symantec Employee: according to my employment contract, writing a virus will result in my immediate termination. Such termination also means that I forfit all my stock options, worth far more than $50K at this point. And not to mention a great paying job with annual bonuses worth about half the original award.
So from an economic standpoint I'd be seriously in the hole, trading in options and bonuses worth a hell of a lot more than the amount being offered from a rather shady source.
No way!
Now that's interesting.. I did a similar experiment a while back
If you only read the headline, you might think I was agreeing with your position. However, my results were that the SP2 box went untouched for a couple weeks. And that none of the boxes that were infected had spyware, they had worms. It's also extremely rare that spyware gets on via any other mechanism besides web browsing.
So, I'd be curious to see the data you have to back up your claim.
Suing is in the air.... lalalalalallaa.aaaa...
Suing is in the air.... lalalalalallaa.aaaa...
No sig for now.
Comment removed based on user account deletion
Oh! I have one! I call it "Classic"! By installing and running it on any Mac running OS X, it automantically eats up processor cycles, runs code that was originally written in the 1980's, then maintained for over a decade, becoming slow and unstable along the way, and infects the user with a horrible nostalgia! Give me my $25,000!
Indeed. Email client only, and they say they won't open email attachments, and the IP number of the machines aren't being published. I think the only way to expolit a Mac is through the way the Finder handles things with an .app extension. Since by default, the extension names are hidden in the finder, one could perhaps, possibly name an email attachment filename.jpg.app and have some dumb user launch it.
"Only in their dreams can men truly be free 'twas always thus, and always thus will be."
--Tom Schulman
If people's Mac's start getting infected with virus's propelled by the winner of this competition's underpinning's, I would very much like to see a class action lawsuit brought against this dangerous and stupid competition. We have enough things to worry about than 50 of our smartest hacker friends developing virus code for minions of mindless drone script kiddies. And being encouraged by a competition? Are people out of their minds?
Laboratree - Scientific collaboration based on OpenSocial.
It's unix, of course it's more secure.
They are doing this to poke fun at Windows XP insecurity out of the box. Try leaving an unpatched Windows XP system unprotected on the net for 1 hour, much less 8-12 hours a day for a month. This is a totally unpatched system. (That means it's still vulnerable to a attack via the Help system exploit [which still requires user intervention])
So the summary claims that Mac OS X is technically more secure than Windows. Then why has this well-known root exploit in iSync not been fixed even after several security updates and one system update, and despite that Apple has apparently been notified?
That worries me -- this bug is trivial to exploit from any user account (just compile and run). It smells like Microsoft-esque security practices.
FWIW, my temporary fix was to revoke the vulnerable file's setuid and execute permissions:
(Note: omit any spurious spaces and linebreaks Slashdots inserts here.)
Two things come to mind: 1) Symantec is encouraging a market (anti-virus software for Macs) that does not yet exist. Currently, why should Mac users need to buy anti-virus software? Perhaps if there were more of a threat for Mac systems (hint hint) Symantec could sell more copies of there software. All about the $$ if you ask me. 2) *BSD's are also affected by this challenge since OS X is based off Darwin which is based off FreeBSD. If Mac viruses become mainstream, the jump to Linux/Unix viruses will have been made. Although inevitable, I'm disappointed a corporation would be encouraging this behavior.
Jack Campbell, who is behind this, has been behind a number of rather dubious projects. There's a page about him at Macintouch http://www.macintouch.com/mactable.html.
This kind of statement always puzzles me. I have two PCs permanently connected to the net, my wife has another, and so do both my parents and my sister in law (some of the most computer illiterate people that have actually managed to make it onto the net), and I've checked all of them for spyware on a reasonably regular basis over the past few years. The only one that's ever been infected with spyware (unless you are talking about things like cookies) was one of my PCs - and this was entirely my fault for installing some dodgy P2P software and not reading the Ts&Cs properly.
What spyware were you infected with? How did you detect it?
There was a "hack a mac" contest in 1997. The challenge was to break in and modify a web page. Eventually someone named Starfire succeeded. The company fixed the site and renewed the challenge. Starfire broke in again and the company refused to pay the second time due to some sort of dispute.
Symantec doesn't like Macs? That's news to me.
I am a Symantec employee (posting this anon for obvious reasons), and myself and several others in my department own Macs. When I work from home, I do so on my Mac.
I don't know why my employer is speaking poorly of Macs, but I will be asking some questions in the office on Monday morning.
TONY: That's a nice computer you have their. Right Jonny? ..but..but OS X doesn't have any viruses.
JONNY: Yea boss, a real nice computer. Be a shame if something happened to it.
TONY: Like a virus. It would be a shame to see such a fine computer infected by a virus. Maybe you should get some...protection.
CUSTOMER:
TONY: You hear that Jonny? OS X doesn't have any viruses he says.
JONNY: What about this virus right here boss?
TONY: Yes, that is a very nasty virus. If that got released into the wild it could cause much trouble. Be careful where you load that virus Jonny.
TONY: [to customer] Jonny can be very clumsy. It wouldn't surprise me if he accidently put that on your network. Of course if you buy our...protection, you won't have to worry now will you...
MSH
If they made the text on their site a little darker, it would be invisible!
Writing viruses is illegal. You'll be in jail 15 minutes after you claim your $25K.
This is going to come to bite them very badly. Almost anything can be broken into if there is enough incentive. This contest basically justs 'ups' the incentive.
if it were just a test to infect two computers with no open ports and no-one running anything, well then of course the contest would be silly (thoguh it does point out the wisdom of OS X's default installation settings).
However that is not the case. The contest also allows you to send mail to the test boxes, which are then opened and read using Mail.app. Mail.app allows HTML mail...
Imagine if you will a similar contest using Windows XP boxes with Outlook reading HTML mail each day. Which do you think would last longer?
With Windows, you even have a few more vectors - like trying to find holes in the firewall, beyond just the obvious attempt to exploit IE weaknesses in the mail reader.
So really it's a test of Mail.app, and the HTML rendering (though not the scripting, since Mail.app does not run Javascript stuff) engine. That's actually kind of meaningful.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
>...directly connected to the internet for years with no firewall using ICS to share the connection, with only the MSBlaster update...
nice use of the word "only".
If you write a virus and it gets on a federal computer (no matter what it does) you have committed unauthorized access and a felony. If they posted just their ip address, and the virus could only go after those machines, then maybe, but for now, please add your 2 cents here:
https://tips.fbi.gov/
total bullshit asshole.
mod the parent up!!! he bashed windows.
weeeeee I am a slashdot wiener!!! I hate windows too.. Mod me up.
Well, after I plugged it back into the firewall, I ran IE and there was a mywebsearch toolbar. I probably did something slightly wrong when securing the system, or possibly it got infected somehow as I was installing the protection, but should a system be this hard to secure in the first place?
What if I hired two people and and challenged the world to bio-engineer a virus that could infect them, on a public street corner. Wouldn't someone (shouldn't someone) with authority shut that down pretty quickly?
No IP addresses of the machines, the virus must be detected by their virus scanner (and be harmless!), and the machines don't open email attachments. Gee, I don't run Outlook or open attachments on my Windows machine, using the same terms, I must be invulnerable.
That's not to say I think Apple is as vulnerable as Windows, just that this "contest" is rigged.
Here come da fudge!
I mean, they are big on security, right? Perhaps they could offer $50k to someone who can write a virus that infects Microsoft Windows?
I'm pretty sure writing a self-propogating virus is a felony (harmless or not) if it makes its way onto unsuspecting people's computers. I found the following in the article to be ridiculous statements: "Why We Are Doing Such Crazy Thing There has been much misinformation publicized recently about a supposed risk to the OS X operating system from virus attacks, with the 'risk' supposedly increasing as Mac computer sales are increasing. As a Mac dedicated business, and as a group of long-term Mac users, we know that these warnings are not true, and that there are a number of fundamental safeguards against virus attacks that keep the OS X operating system without its first in-the-wild virus. The 'small number' of Macs has nothing to do with the lack of virus incidents. It is the architecture of Apple's operating system that protects its users from these bugs. And, we are simply irritated by the near absense of major news outlets who reliably report that fact." No matter how secure Macs are compared to other OSes the risk of infection definitely increases as more Macs hit the market. The small number of Macs definitely plays a large role in the number of reported virus attacks. There are less people to target with a virus and less reason for virus writers to target them since their goal is normally to infect as many machines as possible.
I think Microsoft has changed a great deal in the past 5-10 years, and I think it might be our fault. When MS first came out with Windows 95, it was a HUGE improvment over Windows 3.1, it was made to be much easier to use. It trusted the user to do anything and everything. When Windows 98 came out, it was very much like Windows 95. It trusted the user. It did not expect hackers to take over a system. Windows 98 was made for multimedia use, for games, to have fun.
Somewhere after that, people started slamming Microsoft. In many cases the reasons for attacking Microsoft were valid, it was becomming a monopoly, ect, ect. But some people also decided to start hacking and cracking into Windows computers because they hated Microsoft. Some hacked just because they were curious. I will admit, when Excite@Home first offered internet service in my area, you could open Windows Explorer and browse the neighborhood. If you knew any IP address, all you had to do was assign it a new drive letter. Why would Microsoft make it so easy for computers to connect and share information? Was Microsoft out to make our lives so insecure that anyone could rob us blind?
Now Microsoft's pendulum has swung all the way to the other extreme. Now you can't get Windows without tons and tons and tons of DRM bullcrap, you can't run software your way, it has to be their way. And they are going the way of making each copy of Windows known to them, you have to call in to activate your copy, and when you do they get tons of data about your CPU, other identifiable information about your system, and so forth which they match up with the serial number of the copy of Windows you have.
I don't think people will ever be satisfied. What happens if you make it very secure and filled with DRM. Nobody except tech's will want to use it. What happens if you make it very easy to use, everything is trusted? Hackers will exploit it.
My contention is, make it reasonably secure out of the box. If 90% of the attacks come from active-x, maybe it is time to retire active-x? Yet the moment you retire active-x, there goes all the flash swf video's and games too. So, what do you do? How much are YOU willing to trust your neighbors when they have anonymity?
Or should it be, that the USER must know what they are doing? If that is the concensus that we are heading to, the personal computer will die for mainstream people, and it will go back to the backpages of popular mechanics magazines. I for one have come to the point where I could learn to live without email. There are enough ways for people to reach me that I don't need a computer. And I am old enough where I really don't care about games on the computer. If my experiance on the computer is taking HOURS AND HOURS to fight off hackers and script kiddies, then spending HOURS AND HOURS trying to find a hack to back up my DVD's, at some point I will say "this is just too much a pain in the ass" and I'll go outside and BBQ and drink beer, and talk to the neighbors and find out thier names.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
this may be off-topic or whatever, but one of my coworkers was a big jackass and installed norton AV on our G5 Powermac. the next time i used it there was a huge slowdown of the system and a quick check of the process monitor showed it using something like 80% of my cpu time for "AutoProtect." after a prompt uninstall, i've noticed a couple other G5's around here getting wasted by that same software (i'm at a university where grad students, who may or may not be very computer-saavy maintain the systems). does anyone else think this software is just garbage?
Is this supposed to result in an explosion of virus-writing-for-the-mac, and a subsequent rise in demand for Mac anti-virus software?
Isn't that like the mafia telling you you need "insurance" for the plate glass windows in your storefront, while they sponsor a rock-throwing contest accross the street?
In OS X when you launch an application for the first time, it warns you that it's a program and asks if you want to open it.
I just went to RTFA and the guy cancelled the contest.
RTFA. It's cancelled.
The major conflict in OS fundamentals, this argument has provided many hours of great reading by parties on either side. Funny story on OS history I wish though that I could find a better article outlining the battles fought between OS proponents over the years - the best I imagine are in the newsgroups, archived somewhere.
A view point issue on Linux v Windows focus on Sun - however the fundamentals in the OS are common to OSX as well.
The Current idea of "Balance" in reporting. Wall street article on changing Journalism
BBC Article on Balance in Reporting focused on Politics This one isn't technology focused, but the themes apply to technology reporting.
The rock, the vulture, and the chain
The challenge is to infect a naked machine connected to the internet. This means to exploit the operating system itself, not require that the user do something in poor practice. This means that a programmer must write a virus that executes code on the target machine. Generally a difficult thing to do on a properly configured Unix/Linux OS. It should be difficult to do on a Microsoft OS, except that MS has relied too heavily on code secrecy to protect the system. OSS philosophy inherently generates better strongholds. We'll see if this holds true (as OSX is built on BSD Unix).
Guess what! Does your average joe-six pack run an Apache server? No! If they did, I'm sure Apache would be riddled with problems.
The fact is, anything can be secure in the right hands. As it stands now, Linux and Macs users are in the minority with tech-savvy users. Windows is the dominant OS where complete retards use and administer the computer. They cannot secure anything.
You are comparing to different situations.
You don't just get spyware from being connected to the net so the poster is not only obviously lying but they don't have much knowledge about computers in general...what a retard.
That's a trojan horse program. A piece of mal-ware that relies on tricking the user into actively running the software, and can only spread (a single step) by deceiving a user.
Another point of view is that a trojan horse tricks a user into giving the program the user's privleges. With this, the program can connect to another user, and again has to attempt to trick that user into giving away their privs. A virus on the other hand, takes privleges from remote systems by force, without user interaction. This not only allows the virus to spread extremely fast, (see Code Red) but also allows infection of a much larger percentage of computers, both of which is because no human interaction is required for the virus to spread.
No system (computer or otherwise) is proof against social engineering. It's pointless to compare susceptibility to social engineering between any two things because every system is vulnerable to it.
I work for the Department of Redundancy Department.
Folks, the contest was cancelled.
and have made the difficult decision to cancel our contest. -- Jack Campbell
I have discovered a truly marvelous
What are the legalities of this?
The contest has already been cancelled - see the statement at the original link.
"Money is a sign of poverty." - Iain Banks
Grandma, won't know how to get an attachment to execute using Mail.app. This is a good thing, since to execute an attachment you have to do something more elaborate then to click twice. Clueless users will be saved since they won't know how to save it to the HD first.
Can anyone recommend a good book or internet source on how to write viruses? I have programming knowledge in other fields but not virus. I'm very good at programming.
If you recommend a good book or internet source to me, and I break into those Macs, I wll share 1/2 of the $25k with you. Deal?
p.s. When you give me the link, please also include an e-mail address so I can contact you later when I get the money.
Bye!
What a HUGE surprise. The linked page now explains, almost sorrowfully, why he decided to call it off. Read the last paragraph for a real laugh.
Question of legality: If the author succeeds in writing a virus and it spreads all over the Internet, who's legally responsible for it? The guy who solicited it? Also, if he does succeed, who would be dumb enough to step forward to claim the prize and then get arrested by the Feds?
EvilCON - Made Famous by
Think Morris worm - not intended to be harmful, but...oopsie. Even though I do believes Macs by default are more secure (if for no other reason that an admin password is needed to install new software), this inducement is plainly irresponsible. If you think so as well, here's where you can let them know http://www.dvforge.com/contact.shtml
D000d!!11! I tot4lly w0uld, but 1 us3d my l4st m0d po1ntz on sum dUd3r that put l1nux (ph34r t3h p3ngu1n!) on hiz m0m'z box0r.
This stunt really proves nothing. Virus writers are not motivated by money and they are not deterred by jail time.
Virus writers do what they do, for two reasons:
1. Notoriety inside small groups of virus writers.
2. Genuine interest in reverse engineering flawed software.
This stunt may motivate some virus writers to step up to the plate, but it won't motivate the ones that are saving their ammunition.
Very few virus writers care about taking out little targets. Big systems with a large public face are the best targets - Mac OS isn't really one of them yet.
-ted
If those two computers had IE for Mac OS installed...
Mouth now salivating at all those $50,000 ActiveX security holes.
sniped from site:
Contest goal: To lay to rest, once and for all, the myths surrounding the lack of spreading computer virii on the Macintosh OS X operating system, by sponsoring a contest that challenges virus writers to actually prove that they can introduce a harmless virus into two modern OS X Macs.
That was the goal of a contest announced recently by DVForge, but, due to a variety of influencing factors was cancelled shortly after having been announced.
A Statement About The Contest Cancellation
"In response to the statements put forth this past week by Symantec Corporation suggesting that Mac users are at substantial risk to infections from viruses, our company crafted and announced a contest that would have paid a $25,000 prize for the successful creation of such a virus," said Jack Campbell, DVForge, Inc. CEO, "During the first several hours after making the public announcement, I was contacted by a large number of Mac users, and Mac software professionals who shared their thinking with me about the contest. A few of these people are extremely well-regarded experts in the field of Mac OS X security. So, I have taken their advice very seriously, and have made the difficult decision to cancel our contest. I have been convinced that the risk of a virus on the OS X platform is not zero, although it is remarkably close to zero. More importantly, I have been convinced that there may be legality issues stemming from such a contest, beyond those terminated by our own legal counsel, prior to announcing the contest. So, despite my personal distaste for what some companies have done to take advantage of virus fears among the Mac community, and my own inclination to make a bold statement in response to those fears, I have responsible choice but to retract the contest, effective immediately."
DVForge, Inc. supports honesty and integrity by manufacturers in all public communication. And, we strongly discourage the use of exaggeration, innuendo, or loosely stated claims in an effort to increase sales of a company's products. We believe in accurate, fair marketing statements, and in allowing an accurately informed public to then make its own decisions about purchasing, or not purchasing, a company's products or services. We implore all Mac industry businesses to support these same values.
DVForge Cancels The Mac OS X Virus Prize
March 26, 2005 - For Immediate Release
Today, at 12::00 noon Central Time, DVForge, Inc. announces its
cancellation of the Mac OS X Virus Prize 2005 that the company
announced earlier in the day.
"In response to the statements put forth this past week by Symantec
Corporation suggesting that Mac users are at substantial risk to
infections from viruses, our company crafted and announced a contest
that would have paid a $25,000 prize for the successful creation of
such a virus," said Jack Campbell, DVForge, Inc. CEO, "During the first
several hours after making the public announcement, I was contacted by
a large number of Mac users and Mac software professionals who shared
their thinking with me about the contest. A few of these people are
extremely well-regarded experts in the field of Mac OS X security. So,
I have taken their advice very seriously, and have made the difficult
decision to cancel our contest. I have been convinced that the risk of
a virus on the OS X platform is not zero, although it is remarkably
close to zero. More importantly, I have been convinced that there may
be legality issues stemming from such a contest, beyond those
determined by our own legal counsel, prior to announcing the contest.
So, despite my personal distaste for what some companies have done to
take advantage of virus fears among the Mac community, and my own
inclination to make a bold statement in response to those fears, I have
no responsible choice but to retract the contest, effective
immediately."
The Mac OS X Virus Prize contest web page will remain active for the
foreseeable future, and will be used to show articles and links that
will help Mac users better understand the risk to computer viruses, and
the reasonable measures best used to continue enjoying virus-free usage
of their Mac OS X computer systems. That web page is located at
http://www.dvforge.com/virus.shtml
Jack Campbell, CEO
DVForge, Inc.
http://www.dvforge.com
jack@dvforge.com
The entire contents of this publication are Copyright (C) 2005 by
DVForge, Inc. Unauthorized duplication, re-transmission, downloading to
a database, or broadcasting via any means whatsoever any portion of
this publication is not permitted.
Well I guess the contest is canceled. But I do have to agree for the motives of the contest. I am a support technician in Education responsible for 2000+ Macs, across 30 subnets, and a 1500 KM radius. We have some fine examples of ignorant users who will click and install anything that gets suggested to them.
I have NEVER encountered a virus, or form of malware on any Mac computer in my years of working with education. When I first started we were running Symantec's Mac anti virus software, which caused more performance and software problems than all of our other problems combined. I removed the anti virus software from the image and our machines performance was improved considerably. Good thing we paid Symantec thousands and thousands of dollars to 'protect' us from all of those Mac virus's out there!
After witnessing the behavior of this company, which is tantamount to a car alarm company hiring thieves to steal cars,
I will NEVER buy a Symantec product.
I suggest that others who are able to perceive the reprehensible attitude at the core of Symantec's apparent strategy do the same.
How many virus are written against *nixs? Of any type. In fact, substitute any *nix that you dislike or all of them, for the total of all known virus, worms, and trojans against all *nix is still less than the total in any 1 month of a Windows system.
I look forward to this competition and seeing how long it will take.
I prefer the "u" in honour as it seems to be missing these days.
I think an OSX virus is possible, but if it were easy or there were any viable infection vectors, there'd be something in the wild already.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
cos it would save a lot of people a lot of time and money
Contest goal: To lay to rest, once and for all, the myths surrounding the lack of spreading computer virii on the Macintosh OS X operating system, by sponsoring a contest that challenges virus writers to actually prove that they can introduce a harmless virus into two modern OS X Macs.
That was the goal of a contest announced recently by DVForge, but, due to a variety of influencing factors was cancelled shortly after having been announced.
This is interesting to me as I have just recently did a clean install of XP Pro on my home computer from behind a router at home. (I have DSL at 1.5/256 with static IP.) I then up dated the OS completely, then installed Office and updated it. (No firewall. No AV protection. Just the router.)
After I had this done I installed NAV, updated and did a complete scan. Nothing found. I then installed SpyBot, AdAware Pro and MS Anti-Spyware. Running each one after the respective install. All 3 found different things that needed to be fixed and was. Nothing was alarming to me using a Google search. After the cleaning I rebooted, installed TDS-3 (rebooted because it was required). Then I ran all 4 apps and NAV and found NOTHING amiss. I then used Registry Mechanic and deleted all it found. I then rebooted so the new registry would be loaded. Next I ran ALL of these apps again and ALL came up **CLEAN**. I am VERY confident that my pc and the LAN is secure as I do this with all the computers on my LAN. I am in the process of installing Tiny firewall on each computer on the LAN as another layer of defense. Oh, We also use Firefox exclusively unless I need to update Office or Windows. IE does NOT get used other than that.
I don't seem to have any problems at all on my 7 pc LAN. I realize that I used a whole day to do this on one computer but that is fine by me because I have a secure network with no problems at all. I also run regular maitenance on the LAN. Defrag, AV scans everynight and checking for updates every night, MS Anti-Spyware every night with SpyBot and Adaware once every week or less.
You need to be proactive and anal about security or you will be had by all that shit out there.
Chuck
"Contest goal: To lay to rest, once and for all, the myths surrounding the lack of spreading computer virii on the Macintosh OS X operating system, by sponsoring a contest that challenges virus writers to actually prove that they can introduce a harmless virus into two modern OS X Macs. That was the goal of a contest announced recently by DVForge, but, due to a variety of influencing factors was cancelled shortly after having been announced."
feeding the world its brain food
Sending an executable as a mail attachment is easy, but fooling a user into launching is is much harder on the Mac than it is on Windows.
Unlike Windows, the MacOS uses filesystem embedded filetype and resource fork information to determine what kind of file a file is. You can't just change the filename into photo.jpg or letter.doc to make the attachment look like a photo or a word document. If it is an executable, the Mac will show it as such.
This means you will have to convince the user that the ececutable in question comes from a trusted source and that it is safe to launch. Even then, MacOS X will open a dialog that explains to the user that this is the first time this application is about to be launched, that it might be dangerous and then ask if the user wants to proceed. At that point most Mac users will cancel if they are not sure what this application is and where it came from.
But even if they proceed to launch the application, then the application still won't be able to install anything on the user's machine. If it tries to do that, the user will again be notified that some software is about to be installed and that an administrator password is required to do so.
Somebody would have to be incredibly naive to ignore all the warnings and still proceed.
This type of attack is rather unlikely to be successful in causing a spreading of the trojan. The propagation mechanism is far too weak. The news about such an attack will be all over the net before the trojan had a chance to propagate.
If anybody is to succeed with an attack against the Mac, it would have to be an exploit of some security flaw in the OS or in a privileged application.
the macintosh asterisk mailing list http://www.astm
Still, it's an interesting experiment. Try to think of how a virus would propagate in such a setting. Even if you manage to figure out how to make something self-propagating in OS X (harder than it sounds) the fact that 90% of the Macs out there retain the tight default settings that Apple ships them with makes it next to impossible to figure out how a Windows-like virus infection would ever happen.
=>jd
Right on. And it would be hard to argue that Symantec, or any other company, would be wrong to enact such policies.
What I'm wonder is how the hell someone could get away with proposing such a contest in the first place. I hope it's illegal. I hope the filthy bastard doing this gets a room with Bubba. If you pay someone to do something criminal, complicity makes you guilty as well. Virus writers and their ilk cause billions of dollars worth of damage annually. The stupid part of it is these folks really get nothing in return. They are just a bunch of malcontent losers. Lock 'em up, but especially lock up anyone so stupid as to publically pronounce that they will fund them!
- For Writing Mac Virus:
Check out the site - They've cancelled the "Contest", not surprisingly, because someone pointed out to them that, among other things, they were soliciting an illegal action, to wit, the intentional infection of a computer with a virus.
Check the link.
To make life interesting, they were going to run those two macs with total naked noobs, to make it a fair contest.
Funny thing is, I think they will still win as Mac OSX is installed pretty secured.
I prefer the "u" in honour as it seems to be missing these days.
On this subject, I recently answered a query raised during a Chronicle of Higher Education colloquy. I believe it touches on the major issues here.
Question from Lisa L. Spangenberg, UCLA:
Given that there are no viruses or Trojan horses for the current Macintosh system, OS X 10.3, and given that it is essentially UNIX, and given that the most common applications (Microsoft Office Suite, Adobe applications) work very well on OS X, why don't more institutions adopt Macs and encourage faculty to use them?
Gregory A. Jackson:
Well, first of all, there are viruses and Trojans that afflict MacOS, witness Apple's periodic release of security fixes to counteract them.
First, that isn't true, regarding viruses. To date, there are no known viruses that specifically target Mac OS X. Last week's "trojan" was nothing more than an application with a different icon and misleading name that displayed a dialog box (which was an example posted to a USENET Mac programming group to illustrate this fact that has been known and possible on Mac OS for over twenty years; an antivirus vendor apparently thought this an appropriate time to dress it up, incorrectly, as some new, terrible exploit easily adapted for malicious means, when in reality it's nothing more than an application).
If you're referring more broadly to security issues in general, almost all of the security and security-related updates for Mac OS X to date have been updates for primarily server-type services that ship with the OS, all of which are disabled by default, and the lion's share of which are never even enabled, much less touched, on the vast majority of systems. I'm not saying that they should be ignored, but Apple's comprehensive and swift response to the most minor security issues does not rise to the level of the staggeringly numerous, sometimes completely automated, remote exploits, worms, and so on for Windows. It is no longer possible to even get through a full installation Windows XP on a machine connected to a public network without it being exploited before you even have a chance to patch it.
It's definitely possible for Mac OS X to have viruses, worms, trojans, and other malware - Mac OS X is not invulnerable, and no sensible person would claim it to be. But the underlying philosophical design principles are fundamentally more secure than Windows, period. Since the major ingredient for the success of a worm or virus is some ability to spread, witness the fact that there is no way with anything built into Mac OS X to perform automated propagation of a virus, and no current known ways to exploit a machine remotely, not to mention that potentially exploitable network services are disabled to begin with anyway (and remain that way unless explicitly enabled), a stark contrast to Windows. Any hope for automatic propagation would require a comparatively high level of sophistication, and perhaps even its own mail server - not to mention some intrinsic vulnerability to exploit. On the other hand, there are still, to this moment, unfixed vulnerabilities in certain versions of Outlook that will spread certain virus variants simply by previewing a message, and nothing more. There is simply no equivalent to this on any other platform. Microsoft's track record and attitude on security (though admittedly much improved) versus other vendors speaks volumes on this topic.
It takes work and thought to do security, and do it right. Ease of use and security aren't mutually exclusive. The key is to make security easy to use, and Apple has so far been on the right road with Mac OS X.
But the small installed base of Macs makes them an unexciting, low-visibility target for the bad guys, and so the weaknesses don't get exploited much.
The marketshare argument only goes so far. This seems to be a version of the "Macs have no software" argument. It is indeed true that they are targeted less for this reason. But the argument that it's straight cause-and-effect is disingenuous
One wonders if they would say anything if someone did win. Clearly there is a bias on the part of contest holders. I am sure their are remote exploits in Mac OS X and just about any network capable OS you care to mention. Software is written by humans; humans make mistake and dispite our best efforts we don't always catch them.
Now Ill have to because Symantec came up with this brilliant contest. As a result of it being /.ed, the whole world will be cooking up some nice virii for my Mac. Wonderful.
At least Symantec will make some money. Thats what matters.
This was not a prank, nor was it an act of blind stupidity. In my view, it was one of the most clever PR maneuvers I have ever seen executed by a small company.
Cancelled already.... Citing ethical concerns etcetera. One wonders whether the comments on /. would have anything to do with it :)
----- One learns to itch where one can scratch.
Yes, asking people to write a virus is a pretty silly thing to do.
However selling products that can be infected by viruses *with no human intervention* is pretty stupid too. A contest like this might go one step further to convincing people that the enemy of security is COMPLEXITY, not your choice of vendor or license. Do you really think the Mac is secure? (It might be "more" secure than Windows, but even if there's just one hole, it's still not fully secure). Do you think Firefox is more secure? If you do, you're fooling yourself.
I'm a Mac user (and have been since 1984), and I have absolutely no illusion that as the Mac becomes more and more popular, the timebomb will tick faster and faster.
What this contest asks is for someone to basically take over the box, which is the same as any hacking contest. The word "virus" is irrelevant, wouldn't you say? Why not have a contest to show the vulnerabilities in the Mac?
And not just remote vulnerabilities, vulnerabilities from double-clicking malicious software. I don't examine the binary contents of everything I double-click.. do you? CAN you?
I want software to be secure from the factory. Anything that pressures vendors into doing this is good.
already. It was stupid sponsoring criminal behaviour...
Never bother about such prizes unless the rules have been legally authenticated and the money is in escrow.
Still... if there's no user involved, it's more of a worm, not a virus.
Pick One: http://www-rohan.sdsu.edu/~stremler/sigs/sigs.html (Note - disable Javascript first!)
A quick visit to the website reveals that their
"Mac Virus Contest" is a totally bogus bit of
showmanship. ( From the: "Even bad publicity
is still publicity" Department ):
DVForge Virus Prize 2005
The Contest That, Sadly, WIll Never Be
Contest goal: To lay to rest, once and
for all, the myths surrounding the lack
of spreading computer virii on the
Macintosh OS X operating system, by
sponsoring a contest that challenges
virus writers to actually prove that
they can introduce a harmless virus
into two modern OS X Macs.
That was the goal of a contest
announced recently by DVForge, but,
due to a variety of influencing factors
was cancelled shortly after having been
announced.
A Statement About The Contest Cancellation
"In response to the statements put forth
this past week by Symantec Corporation
suggesting that Mac users are at
substantial risk to infections from viruses,
our company crafted and announced a contest
that would have paid a $25,000 prize for
the successful creation of such a virus,"
said Jack Campbell, DVForge, Inc. CEO,
"During the first several hours after making
the public announcement, I was contacted by
a large number of Mac users, and Mac software
professionals who shared their thinking with
me about the contest. A few of these people
are extremely well-regarded experts in the
field of Mac OS X security. So, I have taken
their advice very seriously, and have made
the difficult decision to cancel our contest.
I have been convinced that the risk of a virus
on the OS X platform is not zero, although it
is remarkably close to zero. More importantly,
I have been convinced that there may be legality
issues stemming from such a contest, beyond
those terminated by our own legal counsel,
prior to announcing the contest. So, despite
my personal distaste for what some companies
have done to take advantage of virus fears
among the Mac community, and my own inclination
to make a bold statement in response to those
fears, I have responsible choice but to retract
the contest, effective immediately."
DVForge, Inc. supports honesty and integrity by
manufacturers in all public communication. And,
we strongly discourage the use of exaggeration,
innuendo, or loosely stated claims in an effort
to increase sales of a company's products. We
believe in accurate, fair marketing statements,
and in allowing an accurately informed public to
then make its own decisions about purchasing,
or not purchasing, a company's products or
services. We implore all Mac industry businesses
to support these same values.
We do not endorse the creation or distribution
of computer viruses. U.S. and international law,
as well as simple good judgment forbid the
transmission of computer viruses.
I get no end of amusement from people claiming that Mac users buy Macs because "they don't know anything about computers," or something to that effect. The fact of the matter is, this particular Mac user sees his computer for what it is: an appliance. It's not a platform, a political party, or a religion. It's a machine, not entirely unlike a toaster or Cuisinart.
When choosing a computer, I took into consideration:
1) What I need it to do.
2) How I plan to interact with it.
3) How much effort I need to put into maintaining it.
3a) How much effort I need to put into making sure my machine stays mine (i.e. not compromised by some bored malcontent.)
So, over the course of several decades, I test-drove a few different machines, running different OSs (disclosure: I ran DOS and Windows variants up to and including XP, various Linux distributions, and Mac OS X.) It became glaringly obvious that OS X was far and away the OS of choice for the amount of time and effort I intend to invest in using and maintaing my computer.
I'm not a BSD advocate or a network security guru because, quite frankly, the subjects absolutely bore me to tears. However, even I can appreciate the simple, quiet wisdom of turning most networking services OFF on a fresh install of an OS (as does OS X.) Just think how much more secure our computing environment would be if people only enabled the services they absolutely needed.
If you contract and pay someone to kill someone else, you are held liable in their murder. I'd assume if you contract and pay someone to write a virus, you're liable for whatever computer crimes are broken as well.
If you offer a $25,000 prize to someone who writes a virus, you are contracting someone to write a virus, and I would very much expect you are liable to be charged with computer crimes even if the person who writes the virus is never caught.
If you look at the link, these people have cancelled their contest. But the offer was still made. I am not sure canceling the contest is enough to get them out of legal liability of having offered cash to break the law. If someone attempts a mac virus in the next month, or some other timeframe that would make it likely to be a response to this "contest", I wonder what will happen to them.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
According to the site,
http://www.dvforge.com/virus.shtml , the contest has been cancelled.
Are you kidding? I am a Mac user as well as someone that knows that ANY device attached to the Internet is vulnerable to attack. Anyone with any sense knows this. This is the stupidest stunt I have ever heard of. It sounds more like a way to sell Apple Mac Mini's than anything, because everyone who doesn't have access to a Mac and wants to concoct a virus is going to buy the cheapest Mac they can to try and hack into it. What a joke! Sounds like the juvenile baiting the even more juvenile to me.
If somebody succeeds, the news would be so big, Apple would likely react within hours and release a security update to fix the vulnerability. They have a pretty good track record dealing with vulnerabilities when they have become known and Mac users appear to be taking security updates very seriously. Not many will neglect to apply a security update certainly not if news of a successful attack have been all over the media. The end result would be an even more secure OS and even less incentive for attackers to target the Mac platform.
the macintosh asterisk mailing list http://www.astm
What's your source for this information? Is the act of writing a virus illegal? Or is merely causing it to run on systems on which you are unauthorized to do so illegal?
Pretend that something especially witty is here. Thanks.
Hey look, the contest has been cancelled already.
http://www.dvforge.com/virus.shtml
Contest cancelled!
He couldn't stand up for what he believed in. He was convinced to back down lest the truth of the insecurities be revealed and proven!
George Bush + Linux = "I will not let information get in the way of the fight against Windows"
For all those who bow down at the shrine of Mac, some of you make fools of the entire Mac community. The amount of grand-standing that passes for Apple allegiance is quite galling...
.NET platform, and rework the OS essentially from the ground up.
Sure, it's great to say Mac OS X is more secure than Windows XP - it undoubtedly is if you see that they built recent Mac OSes off of *BSD, which has had a long time to deal with security issues. Of course Windows XP, and parts of 2000, and so on are built essentially off of the original codebase from 10 years ago when security was hardly an issue that was discussed. So, yes, Microsoft continues to pay that price and will likely do so until Longhorn (hopefully), where they can build off the (presumably) more secure
Of course the Microsoft time schedule is whacked and they've hardly released anything big even close to on time lately, but that's another issue.
Of course, now we are talking about the invincible Mac OS X, which was designed from the ground up with a focus on security! So it's provable secure, huh? And I guess social engineering tactics that work so well in the Windows world will not work on OS X because "the dialog boxes are clearer"? Writing Mac viruses, while not as easy to write as Windows viruses which have an existing codebase (and even virus wizards), are definitely not impossible!
However, that said, (with apologies to the Symantec developer who already responded) Symantec anti-virus is becoming more and more a pile of BS, with McAfee and free scanners becomming more and more effective. Oh, and since Symantec claims "spyware is not their thing" when you get their bloated antivirus program which hogs tons of system resources, the joke's on them when spyware disables their effectiveness.
This sig donated to Pater. Long live
A few of these people are extremely well-regarded experts in the field of Mac OS X security.
Something tells me these "experts" are also mathematicians from MIT.
Jack Cambell is another Darl McBride, except he lacks Darl's credibility
It's not offtopic, dumbass. It's orthogonal.
Of course there are no viruses for OS X. The thing is practically unusable.
/etc/hosts don't do anything, and neither does /etc/passwd or /etc/shadow either.
I decided in the interest of fairness I'd buy an Xserve for work.
So I got the thing in and set about setting the IP address (now this is a server so it's headless).
48 hours later we give up and start googling for a manual after we determine beyond the shadow of a doubt that ifconfig and
Finally, we figure out that we need to use 'serversetup' to do this (of course you do, this IS Unix after all) and to manipulate users we need to use 'nicl' or something like that.
So we decide, why not just load SuSE on this and forget this OS X crap? So we google around some more trying to find out how to boot from cdrom, which for some reason doesn't "just work". All we find is instructions for how to tell it to do this from a GUI, but like I said before this is headless and we're certainly not going to throw more good money after bad.
At this point we decide we'll just use this top of the line Xserve as an internal FTP repository, Apple couldn't have screwed that up. Well, they did. Setting a user's home directory and making the FTP server actually use it is a project that takes all afternoon.
All in all, they probably are as secure as obscurity can make something. I've worked on pretty much every UNIX out there and can tell you, this is the very worst, if you can even call it UNIX. Apple should have stuck with A/UX.
Dan
You, sir, are either stupid or insane. Despite that there can never be equivalence in Internet presence, Apple *has* proven more skilled at designing a secure desktop than Microsoft. There is not one single instance of a Mac OS X virus in the wild anywhere, ever.
A more secure desktop is precisely what Apple has proved it can build, even if (though I doubt it) market share contributes to this effect.
blog
Very few are these days, I'm sick of seeing mass-mailing trojans being called viruses.
I remember the old days of a virus being something that appended itself to .exe or .com files - and had real coding.
These days to write a virus all you need to do is write a small SMTP engine, and give it a bunch of message subjects/bodies and kick it loose - it's just relying upon people being stupid.
There's no real viral nature at all.
Kids today ;)
While I see a lot of arguements about how BSD (or any *nix) is more secure than Windows standing by itself, I have yet to see a solid study done that also factors in the users behind each operating system.
While there is a general trend that a BSD setup is more secure than Windows, is the factor of the programming really making that much of a difference? Or is there another corrolation between the users of the machines?
Because BSD (and other *nix) requires a tad more technical understanding to operate than say a Windows machine, it would be the general trend that those users of BSD would also know about computer security and the "proper way" to secure their machines. A machine can only be as secure as the admin that secures it.
While I am not disputing the fact that BSD is generally more secure than Windows if compared by itself, I am wondering whether the said difference is really that big without factoring in the "admin" behind each machine in those statistics?
I think this might be pretty easy. I don't know a lot about OS/X, so I'm sure someone will correct me if I'm wrong, but isn't DistCC enabled by default?
If it is, I believe the version that ships with OS/X can be used to hijack (in userspace, not root)the system and utilize it with the priveleges of the distcc user.
While not a total compromise, you can still do a lot in regular userspace. I wonder if that counts, or does is it that the virus has to root the box, too? Simple replication and infection of other boxes can occur from a regular user, so I'd think that would qualify.
Symantec is looking at the Mac market as a complete wash and may be upset with the lack of need for their products. Maybe if they were clever, they'd write a "hole" in Norton to allow a virus to propogate via computers with Norton installed. Talk about creating your own marketplace.
Peace
What an Ultramaroon!
The problem with Symantec's FUD bombs isn't that it's impossible to infect a Mac, it's that Symantec's software doesn't patch exploits... it just catches known malware (well, except for spyware, that's apparently OK) after it's already got to you... hopefully before it has a chance to run.
So the problem is... unless there's an actual virus out in the wild, there's nothing for Symantec's software to check for.
And since it hooks into the OS, at a fairly deep level, any bugs or incompatibilities in their software are effectively new system bugs. So they can only make your computer less reliable and stable. It's not sensible to install AV software in the absence of viruses. It can't possibly help, it can only hurt.
It's not "virii".
- Gray brushed metal GUI
- Navigation that is "slick, clean, efficient, and effective"
- Think Different sticker
The Peanut Gallery, Ubergeek, Biblically Sober
NCAAbbs.com: Thousands of fans, Hundreds of teams, Just one place
named Switchback which infected OSX Macs, but nobody noticed it.
There are others such as Renepo.B
MacOS MW2004 Trojan, MP3 Concept, Opener, and a sound driver virus.
I think clearly the only virus myth about OSX, is the myth that OSX has no viruses that can infect it. Apparently there are at least several examples of OSX viruses, and that number seems to grow. It may even double every year.
I've always felt that using a computer without virus protection was like having unprotected sex without a condom with multiple partners. Back in the old days, when they used to say that the Commodore Amiga had no viruses, and that only MS-DOS suffered from viruses, Amigas got their own viruses that infected their systems. Usually it was one of those Amiga demo programs that people downloaded from BBSes to show off the Amiga's graphics and sound. Someone would infect it with a virus and pass it around. Amiga users felt that the Amiga virus was a myth, and many got hit. Now I see the same thing happen for OSX, only OSX is on the Internet and is subject to more danagers than the BBS world once offered.
So yes, the facts speak for Symantec, that OSX viruses exist, and possibly they could grow in number.
This bone-headed stunt of offering a contest to virus infect two Macs only shows how gullable people are. It was a phoney contest.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
i've heard thru the grapevine that this was shitcanned after the sponsors aroused the interest of law enforcement. apparently authorities are not keen on contests that invite participants to engage in potentially illegal activity. imagine if i offered $50K to anyone who could prove that the bank down the street wasn't secure. the "community response" excuse they put out was to stem the embarrassment. go figger, eh?
The conclusive evidence is that OS X is a flavour of *BSD.
And Windows NT/2000/XP are "flavours" of VMS and don't stay up for fractions of the time...
Get your Unix fortune now!
1: Urban legends not withstanding, Macs can be infected with various types of malware (viruses, worms, trojans, etc).
:-)
2: The scum writing malware want to infect as much as possible, Macs, Linux, Unix, etc just aren't as large a target, partly because there aren't as many of them. Also there really are a lot less people looking for the flaws in those OS. And some (like unix & linux) are not used by the average net cruising wares loving ad clicking user, so are much less at risk.
3: Hmmm, so to infect those machines, you'll either need to get access to them, or their network, or have a user on them that goes to places you've booby trapped. Gee, like that's real probably.
4: Sorry conspiracy nuts, Symantec doesn't write or spread ANY form of malware. EVER! And a measly $50k isn't much inducement for someone who makes from $30k - $70k a year, especially since it means they can kiss their job, 401k, stock options, bonuses, geek status, access to hardware give-a-ways, decent medical & dental coverage, and other benies away for making/distributing a piece of malware. Symantec has ZERO tolerance for that sort of stuff.
5: Yes, they have a library of malware stored is a safe location, it's like an electronic black hole. Stuff goes in, but it doesn't come back out. It's much like the research labs that study ebola and smallpox, except for computer viruses.
6: No, I don't work for Symantec, so you can forget that conspiracy speculation also. But I have worked there, and have many friends who still do. The ones I talked to said they'd think about it for a million dollars, and written guarantee of immunity from prosecution prior to trying, but they were laughing when they said it. Take that how you want.
7: Not really a point, I just though seven was a better place to end this than six.
"Somebody would have to be incredibly naive to ignore all the warnings and still proceed."
Yes, and if ignorance really was bliss, the world would be one hell of a lot happier then it actually is.
I'm an IT consultant.
I've watched countless users sit there and click though endless dialogs warning them about how they're about to unleash bubonic plague upon the world or whatever. These people regard warnings as a hassle, something to be dismissed as quickly as possible. They do not regard them as an actual warning. Warnings are something that apply to other people.
If you change the default button to be the "safe" option, they click-and-close, try again and click-and-close, try again and click the other button and continue. They don't do this by reading the dialogs, they do this because if it didn't work the first two times they tried the first button, then it must be the other one.
If you require users to enter in "please destroy all my data" on the keyboard before running something, they will happily do that, to. While asking me why it asks them that.
If you require them to type a password, they'll type that in upon request, too. Look at how successful phishing scams are.
If all this fails to get some badware on the computer, users will seek out things like "Hotbar", "Gator", "Comet Cursor", "Bonzai Buddy", and so on, and try to install them.
People just don't want to have to think. That's the ultimate problem.
There's no doubt that the average MS-Windows system, as deployed, is hideously insecure. However, experience has shown me that even if you lock the system down well, users will still try and destroy it.
I've found the only way to keep users from compromising the security of their system is to remove their ability to do so. Then they just complain to me constantly that they cannot install all their badware. But then I can just tell them "Tough!".
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
People wouldn't have been up in arms about MacTable if he had been reselling furniture.
What he was doing was presenting others' furniture as his own design, taking all the credit for it, and showboating about how long it took him to design this gorgeous hunk of desk.
Except he had no hand in designing it, he wasn't building it, and he wasn't even an authorized outlet for the furniture in question. Hell, he didn't even take the pictures -- he lifted them straight from the manufacturer.
The shady business practices continue to the present day, with rebranded OEM products (the desk was a premium name brand) heralded as his own design, and speakers which probably suck being marketed the Monster way: "They're super duper! So super duper we're not releasing technical specifications, because they're just so super you need to hear the difference to believe it and the crazy pricing scheme! Super! How many watts are the speakers? It doesn't matter -- they're SUPER!"
In the past he's repeatedly also created a whole cadre of imaginary friends to defend him when he's attacked on Mac message boards. Where Jack leads and is rousted out, a half dozen more new users suddenly appear to leap to his defense and plug his products. Mysteriously all from the same IP as him.
Connect these dots:
1) Finder (and other apps) automatically shows thumbnails of image files without user intervention
2) postscript and EPS files are image files than must be executed to generate thumbnails
3) postscript is Turing complete
So, if you wanted to get an attachment to auto-execute on reciept, what file format would you use?
19: Estimated number of days before we see all kinds of exploitable holes in Apple's and various other postscript interpreters...
There are 1.1... kinds of people.
people will probably be more aware that the Macintosh isn't bullet proof. After seeing this article it reminded me that I should still be careful about what files I get from whom etc., even if I am on a mac.
-----
Check out the Uncyclopedia.org :
The only wiki source for politically incorrect non-information about things like Kitten Huffing and Pong! the Movie !
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
Ditto from another Symantec employee.
Hell, give them to my grandmother and it will have more than 300 infected files in a week or so.
-William
God is everything science has yet to explain.
On if the virus spread. It's not illegal to hack a system, provided you have the owner's permission. It's not illegal to totally destroy it, with the owner's permission, it's just illegal to do it without the owner's permission.
So if you made a virus that wasn't really virulent (as in didn't try to spread) and just inserted it on those computers, you'd be fine, legally. If it spread to other ocmputers that you didn't have permission to, you could be in hot water.
It's the same with hacking or anything else. I get paid to do things like break in to systems (when someone forgets their password), destroy data (when the system is being sent to surplus), and crack passwords (to make sure they aren't weak). Thing is, that's only leghal for me to do to my employer's systems. They own them, they are allowed to decide what happens to them. If I tried it on your system without permission, you could have me locked up for it.
I wish someone would realise that babies ultimately replicate and ban those too. Can't stand the awful noisy things and to think that in a generation's time they'll make even more of themselves...I shudder to think about it!
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
I know a few people who keep Norton Utilities and AV at their computer's side and at the first sign of trouble (and trouble has known to include network down, hung app, complicated print job, print queue stopped, DNS errors...) and run AV and defrag the drive. Several hours later...
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Bruce Schneier explains in Crypto-Gram (Dec 15, 1998 issue) the fallacy behind cracking contents (http://www.schneier.com/crypto-gram-9812.html). In the article, he points out that: 1. The contests are generally unfair. 2. The analysis is not controlled. 3. Contest prizes are rarely good incentives. As Schneir says: "Just because no one wins a contest doesn't mean the target is secure...it just means that no one won."
Wow, gone for a few minutes and you miss a lot.
Jack has been active lately. He is notorious in the Mac Community.
Everyone should read my article on his company and past in the Mac Community. It's called: Catch Me If You Can Part II: The True Story Behind MacMice
Make sure to also see the about section to gain clarity on who writes Jackwhispers and why.
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
from post:
"Symantec has been fanning the flames of totally bogus "Macs aren't more secure, it's just that Windows is a bigger target" technical-equivalence propaganda"
Of course, in the article, the Symatec claim is actually backed up.
from Symantec article:
"In its seventh bi-annual Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system."
"Apple Computer has become a target for new attacks... The appearance of a rootkit109 called Opener in October 2004, serves to illustrate the growth in vulnerability research on the OS X platform..."
"Symantec's concerns were echoed by James Turner, security analyst at Frost & Sullivan Australia, who said many of the people who bought Apple products were not concerned about security, which left them wide open to attack."
"Look at where mobile viruses are going and they are not targeting Microsoft - they are targeting the market leader, which is Symbian,"
Vote for Pedro
Symantec will do and say anything to keep their numbers up. Since McAfee beat them to the deal with Mac anti-virus software, it's not surprising that they would use a bit of FUD to try and scare up some sales
But Officer, I DID read the f**king article!
The fact that he shut it down ("chickened out") only gives credibility to the claim that "Windows is just a bigger target" crowd, which were not his intentions. If he kept the contest going, and the Macs had been infected, which probably would have happened eventually, then it would show that Macs are vulnerable too, which Mac software writers don't want, because Mac has benefited from the security lessons MSFT has learned the hard way and the perception, real or not, that Macs are more secure. Either way, it was a lose-lose for this guy and the Mac community.
Cancelled??......... uh oh.....
Join the Slashcott! Feb 10 thru Feb 17!
Check out his old soup site, this guy is a scum bag...e s.com/domainsoup/
http://web.archive.org/web/20010812025016/cardsit
#include bier;
"I'm sure you'll give them helpful advice without being snotty and condescending."
I generally ignore anonymous trolls, but I did want to respond to this bit, for clarity: I was being condescending, yes. However, it was more at the situation and at the general stupidity of the human race, myself included. Some of it was also directed at the OP and their incorrect belief that technology can solve behavioral problems. I'm not condescending to my paying customers; they pay me. Slashdot gets my drivel for free. Additionally, I always take care to educate and inform my users. It's the ones that persist in doing the wrong thing despite repeated attempts at behavior-modification that annoy me.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Been following this guy's sleaze and slime for years, adzoox is right.
[UID-HeinzIntel]
"In contrast, dialog boxes are much rarer on Macs, and they are written much more clearly, and are more useful. They encourage the user to pay attention to them."
I might be willing to buy that, if it wasn't for the fact that the vast majority of software isn't written by Microsoft or Apple. (Both companies provide only general purpose software. If it was just the Microsoft or Apple apps we had to worry about, switching platforms would be a lot easier.) Bad software exists on every platform I've ever used. I've seen buggy, insecure, poorly-documented, hard-to-use software on the Mac. And on Linux. And, of course, on 'doze. I've seen stupid users on all of the above.
More importantly, I've seen stupid users nowhere near a computer. I see them every time I get on the highway. I see them in the food store buying "Lite" versions of food that are just as laden with fat, sugar, and other crap as the regular versions. I see them on the news every night. I read about them in history books. Nothing in my experience has given me any reason to believe that stupid people should be any less common for computer users than the rest of humanity.
FWIW, while I use Macs fairly infrequently, I've seen plenty of stupid dialogs on the Mac. I question your assertion that such are less common on the Mac. Do I have a statistical analysis? No. But I suspect you don't either. If you do, I'd love to see it. (Seriously.)
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
"this sort of malware would not be able to do anaweful lot except perhaps create some files and run some processes as a user"
That's all a lot of the worst worms to hit the 'net have done. Many of these mass-mailing worms that have overloaded networks and crashed servers did nothing more then read the user's address book and then mail copies of themselves to everyone. You don't need root for that. You barely need a filesystem.
There's also the fact that, ultimately, people want to protect their data. Protecting the system privilage level is just a means to that end. If the trojan program can read and write all the user's data, then the game is largely over anyway, for your typical single-user home system. The fact that the operating system is still protected is almost irrelivant.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
No, as both a Windows and a Mac user myself (typing this on my G5 right now) - I agree completely with you. The Mac "community" seems to enjoy hanging onto the belief that Mac apps are almost always "friendlier" and "easier to use" than their Windows counterparts.
.sit extension from the end of them. Well, hey, that's pretty cool, EXCEPT, the whole design of Mac OS X has pivoted around the idea that file extensions aren't critical to a file's behavior. Mac users are trained to learn that their JPG doesn't have to end in .jpg for their favorite editor to view it properly by default. Extensions can just be completely left off of your documents, and it's pretty much just "optional". But now, StuffIt comes along and creates a situation where the .sit extension does have actual meaning/functionality.)
I've found that to be entirely false as often as it's true. Basically, a wash....
There are lots of reasons I like my Mac, but an equal number of reasons to dislike it. Until somebody really "gets it all right", I feel like my best option is to keep using both platforms.
As you said, 3rd. party products can radically change the "interface philosophy" of the whole system. (EG. The latest version of Stuffit Expander for the Mac will automatically compress or decompress files simply by the user adding or removing the
______________
Point is, that he asked for a non-harmful virus to be created. But what control he has on someone who is in it for the kick of just destroying an industry that is striving to bring us an electronic working environment that is finally free of all the shit and junk we get in the Windows environment most of us move on.
I have been a microsoft user since DOS, Windows 3.1, I have had my share of experience with everything, from OS/2, slackware, etc. The first program i install on my windows machine right after SP2, is the Antivirus. Why? Because i know the second i hook my system to the internet, i am going to get some weird shit running on my machine.
Recently my GF surprised me with a Valentines gift i never expected. I bet she just got tired of listening to me curse and whine when i got my windows pc fucked up with some weird shit...
She got me a Mac Mini. I hooked it up and it's bliss. Now I am not trying to patronise or start a flamewar. But I do enjoy working on my mac and not worrying about some virus to catch or some spyware, malware or other shit bothering my ass.
Do I run a huge risk running unprotected? Yeah maybe i am running a risk. But i am confident that in a very long time i wont need to worry about this. And when it happens well i guess i can deal for it.
What i cannot believe is that a company has a product that is little by little gaining market share because they are trully innovating (contrary to you bill, which the only innovation is adding nice gui effects to an os that has sucked since windows 3.1) that i know we all wish for (well except the linux users because they enjoy of that freedom as well), which is freedom of finally using our systems without worrying of a virus to come and fuck us up. And this guy just opened a door to encourage those virii writers to actuall ycreate something harmful.
Sure he closed the door, publicly that the contest is over. But the bait is still there... What if someone actually does write up a virus that can fuck up OSX? what if mister campbell receives a call in the middle of the night, "It's done, deposit it to my account in the caimans..."
In this world, and age we live in, everything is possible, and this fool has just made a subconcious challenge that will be taken to hand by someone. Specially when all the great hackers (all the ones unknown to us) are busy doing things right, all there are left, are the script kiddies who want to impress the girl next door with their picture next to the Secret Service...
Just my opinion... I hope it makes sense to someone out there...
Nom de dieu de putain de bordel de merde de saloperie de connard d encule de ta mere.
All I know is that Bat Boy must somehow be behind all of this!
Now if you excuse me, it is time for my weekly changing of my tinfoil hat.
Stuffit is a good example of a bad mac software company. I don't think they'll be around much longer, Apple has dropped stuffit Expander under OS X 10.4, and that means developers can no-longer rely on users having it installed.
Yes, there is bad software for the mac, but most users don't see much of it.
...I found this neat box. Check it out!
I'm talking about dialog boxes from the Operating System, not from applications. Even from applications, most Mac developers try to emulate Apple's style and guidelines. Windows developers seem to just imitate the accumulation of cruft that has defined Windows.
I always find it amazing how so many Windows developers don't think of more elegant ways of doing things - because they are used to microsoft's clunky design. It seems they just get blinded to the deficiencies, because they are so accustomed to dealing with Windows. For example, you will often hear Windows support advice or rationalisations saying "To do that, simply do this: [insert half a page or more of instructions]. Then I think "how do they consider this a minimal task?" If i were required to do that just to operate my Mac, I would be very frustrated/angry/disappointed. OTOH, Windows users usually shrug off this extra work, because they have never experienced any other way of doing things.
Part of the problem is the overload of steps required to do stuff on Windows. When the Mac gives you fewer steps, it's much easier to focus on each step. When you are inundated with steps, they often just blur together and become meaningless.
More importantly, I've seen stupid users nowhere near a computer. I see them every time I get on the highway. I see them in the food store buying "Lite" versions of food that are just as laden with fat, sugar, and other crap as the regular versions.
Well, obviously. But I'm not sure what this has to do with the issue. Even stupid users, when given a more elegant or consistent design, will make fewer mistakes. Making things uneccessarily complex or confusing, only increases the damage or mistakes that stupid users can make.
FWIW, while I use Macs fairly infrequently, I've seen plenty of stupid dialogs on the Mac.
Do you have any examples from the Operating System, or just from badly designed applications? My point is that developers tend to follow the precedents of the OS they use the most. So, you certainly see more stupid dialogs in programs that are just lame ports of Windows software to Mac. But those that follow Apple's guidelines, tend not be guilty of this.
it's also not just restricted to dialog boxes. Microsoft and Windows apps often have incredibly strangely designed menus, put options in strange places, etc. There is less consistency between applications on Windows than MacOS. Two similar applications will often do the same thing in entirely different ways. It's not just one component, but a number of influences, that contributes to the feeling of disempowerment of the Windows user, and their acceptance of poor design and onerous tasks.
It's almost like the Mac's elegance is contagious, as is the clunkiness of Windows.
... and then they built the supercollider.
A computer is only as secure as its user.
"A car is only as safe as the driver. It's not our fault the gas tank in the Ford Pinto blows up in a 10 mph collision - we weren't driving it at the time." -made up Ford exec, 1978
With a Mac, you have to work at it to make it insecure. Have weak passwords, turn on all the services that are off by default, and wait for a network worm to pass by. With Windows, you have to do a GREAT deal of work to make it secure. It is simply inexcusable that a fresh install of Windows XP can be loaded with malware before you even have time to download the first patch.
That still doesn't do it.
:)
The average number of other machines infected is a function of the chance of a user actually falling for it [ f(p_i)]. If the average number of additional machines infected is ggreater than 1, the virus will gorw; if it is less than 1, the virus will waste away.
Small changes in the probility can easily affect the average number infected. I had a formula written, but it wawsn't quite right. Rather than getting into an argument about the exact infinite series to use, let's just stay with the simple case
What matters is that there is a critical cutoff probability p_i such that if the chance of infcection is above this, the virus will spread, while if the probability is below this, it begins to die out. Small changes in the mean number of machines infected by each machine coudl push this number above and below the critical value of 1.
hawk
It's not really fortune telling if you create the viruses you plan to say us from.
As was said before. Antivirus companies obviously write viruses.
Do you work for Symantec? Is there a reason you're trying to defame Jack without providing any evidence for your claims?
Do you work for Symantec? Is there a reason you're trying to defame Jack without providing any evidence for your
I don't work for Symantec, and I'm not "defaming" Jack. He's earned his infamy all by himself. He's a self-admitted convicted felon, and he's been playing fast and loose in the Mac community for years.
Here's that link, once again, since you apparently didn't see it:
Jack Cambell
It's not offtopic, dumbass. It's orthogonal.
I don't have a single bit of symphaty to Symantec and its Norton part but its really enough stupidness going on.
You basically tell this:
1)Every mac user is some guy from 1970's Unix guys and handcodes perl scripts for daily use
2)There is no way to modify OS X system files because everyone debugs whatever pops up saying "need administrator password" and checks their EULA, Company Background, Privacy Policy
I really had enough with this urban legend. I paid 30% more for this G5 (not american) and using it exclusively, I have nothing against mac at all. On this point of view Symantec is right, Intego was also right alerting Apple community about Finder bug and there are no viruses since some god damn lifeless SOB can't afford to buy a mac or got interested in it.
Hope it continues this way but please stop suggesting funny ideas like Symantec wants to sell antivirus to mac users.
Symantec does NOT need our money yet. Its a very very big company being respected in corporate environments and really earns huge amounts of money.
I purchased Intego Netbarrier AND Virus barrier second day of my G5 installation. Shoot me now.
If Intego alert was PR move, why on earth Apple updated FINDER (its desktop manager) and entire related frameworks to ask user "sure what to open" when clicked a file first time?
I predict the worst ever virus epidemic will hit Macs, thanks to the urban legend and this messenger shooting. I don't wish but I really predict. Its all Symantec, ZD Net, others in business WARN about. No they don't need your $30.
If you new anything about Linux distros, you'd know that for instance a recent SuSE install will get updates from the server, before it has even booted from the harddisk. The system at this time is running from a DVD, with /tmp on a ramdisk. Only after it has downloaded and applied the patches it will boot from your now patched harddisk.
You shouldn't talk nonsense, but then again, if you want to look like a fool, that's your problem.
Bart van Deenen
What a waste of time
Deborah MacPherson Projects Director,Accuracy&Aesthetics On a Quest for Original Context
You're making FUD, even if you don't mean to.
Let's break it down:
WRONG! This is not true in our scenario. Mac OS X infers filetype by file extension in the absense of meta-data. Since sending a lone file via email will strip that meta-data, the OS relies on the filetype. If it is aBut let's say you have another exploaitable application, or you send a .DMG (disk image), which OS X can open and which may have scripting elements which can damage your system. Then you get a dialog box warning you that opening things right frome email is about as safe as necking with a leper.
Hopefully this is true, but many users do not realize that some file types can be hazardous. For instance, people are trading quicksilver plugins these days, and these execute when installed. Can you say "safe-looking filetype" vector?The secret to all those mail-based attacks was that they looked innocuous. Mail.app makes it harder, but not that much harder.
WRONG! They can install all kinds of things locally! Did you realize your ~/Library directory is writable by you? You do realize what I can do to you if I can write to that directory. God help you if you use APE and someone leverages that fact.Still, they have to get something to execute. Email virii have been so successful because they get to circumvent all your fancy security measures and go right to the user, asking the user to let them through just like any other common-day chore. This is extremely challenging to guard against, precisely because it looks like normal use.
This is exactly what people said about email worms back before they were common. I remember. No one realized how fast they really could spread.No, it's not like you're totally wrong. OS X has very good out-of-the-box security. Its patched most of its "execute-by-clicking" web browser problems and its remote
Slashdot. It's Not For Common Sense
I've never installed SuSE, most of my experience is with RedHat and a few others. Pulling down updates as part of the install is laudable. Is the installer capable of dialing up an ISP, or does it require network connectivity already be in place? Can this initial update be aborted and done in the background later so you don't have to wait forever to get to the first login? I'm not bashing, just curious.
As for the bashing, if you're going to claim I'm posting nonsense and imply I'm foolish, at least be polite enough to point out what part of my post you think is nonsense. Your comments on the SuSE installer don't seem particulary relevant to my previous comment
Sorry fluffy99, my irritated response was directed at the post above you that was talking about systems out of the box never being safe.
Your wish for a virus on wasn't very sensible, but my rant wasn't either.
Apologies.
Bart
I could have used that money! someone should make a virus that doesnt do anything destructive. NO what needs to be done is a virus that re-writes your kernel and you get error messages like "what kind of dumb a&^% are you" or " error your a dork" and other messages that make most of the baby boomer gen who cant use computers upset when they make an error. That way I will get less tech support and can sleep more at the office.
Because they actually point to OSX virus examples that have been discovered and documented and classified as viruses.
Don't believe me, then find the infected files and run them on your OSX machine and see if they work. Chances are, you are already infected, if you have no virus scanner installed.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.