Slashdot Mirror
Large Prize Offered For Writing Mac Virus
Mordant writes "Some experienced Mac developers are offering a $25K prize to the first person to successfully infect two 'naked' Internet-connected Macs running stock Apple software. The best part is that if any Symantec employee succeeds in infecting the Macs, the prize goes up to $50K (Symantec has been fanning the flames of totally bogus "Macs aren't more secure, it's just that Windows is a bigger target" technical-equivalence propaganda)!" Update: 03/26 20:24 GMT by Z : Well, that was quick. Jack Campbell has cancelled the contest, after he "...was contacted by a large number of Mac users, and Mac software professionals who shared their thinking with me about the contest."
This has got to be one of the stupidest contests of this type I've heard about.
1) If a virus has spread over every Mac on the Internet, then it's harmful.
2) Many people would say that ANY virus is harmful, just by virtue of it being a virus (spreading, infecting.)
3) I'm so sure it's worth $50,000 for Symantec to finally put that "Antivirus companies don't write viruses" myth to bed.
4) We're going to use antivirus software to determine if we've been infected... which will only catch previously known viruses.
5) Hey you guy that wrote the virus that spread to every Mac on the Internet: just identify yourself afterwards, and we'll pay you.
This is the notorious Jack Campbell, one of the shadiest characters around. It's undoubtedly a publicity stunt for his business. What a jerk.
Something tells me it's unlikely you'd ever see the cash, even if you were to succeed.
Google for Jack Campbell and MacTable for more info on this guy's shady past.
Would you accept the word of a locksmith telling you that your current locks aren't sufficient and that you should give him lots more money to put new locks on your house if he cannot SHOW you how easy it is for him to pick your current locks?
It's time for Symantec to put up or shut up. Either Macs do need their software AND they can prove it or they're just pushing their software with lies.That's an awful big "if".That's a real problem. Either the virus writer has to modify an existing virus so that its signature is picked up, or send the virus software companies a copy of his virus so they can update their signature files.That's about how it will go.
Either someone has to show how it can be done, or Symantec needs to shutup about how vulnerable Macs are.
Personally, I don't see much of a problem there.
Worms attack through ports.
Viruses load themselves into memory and infect other files.
Trojans only run when you launch them.
From the article, it looks as if they're hunting for worms or exploitable holes in apps. But the most common Windows-side issues now are trojans emailing themselves to everyone.
Jack Campbell, who is behind this, has been behind a number of rather dubious projects. There's a page about him at Macintouch http://www.macintouch.com/mactable.html.
If you contract and pay someone to kill someone else, you are held liable in their murder. I'd assume if you contract and pay someone to write a virus, you're liable for whatever computer crimes are broken as well.
If you offer a $25,000 prize to someone who writes a virus, you are contracting someone to write a virus, and I would very much expect you are liable to be charged with computer crimes even if the person who writes the virus is never caught.
If you look at the link, these people have cancelled their contest. But the offer was still made. I am not sure canceling the contest is enough to get them out of legal liability of having offered cash to break the law. If someone attempts a mac virus in the next month, or some other timeframe that would make it likely to be a response to this "contest", I wonder what will happen to them.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Being based on BSD has nothing to do with anything,
Are you serious? It's a significant swath of the OS that you don't have to worry about!
the userland/desktop space is where most exploits have been in recent years
Wrong. Most 'theoretical' exploits have been in the BSD/OSS side of OS X. Absolutely none of those 'theoretical' exploits have been known to have been actually 'exploited' (all you've had was a 'click this to test' proof-of-concept).
the Aqua shell is no more free from exploits than Explorer is.
That's absurd. Aqua isn't what you use every day to visit untrusted sites with, while Explorer is. That makes it harder to exploit, which makes it inherently more secure.
I think (hope) they fixed that but it was still several months until all the holes and variants of this technique were "fixed" (really just hacked around).
The 'hack' fixes came out the same day, Apple's fix was about two weeks later, primarily because it wasn't a 'patch', it was a change in the policy for running apps from Safari.
Essentially, Apple haven't proven themselves any more skilled at designing secure desktops than Microsoft have.
Except for the fact that there have been *zero* malicious exploits for OS X.
Zero, none, el zip-o, a big goose egg (like the one on your face).