Slashdot Mirror
Ready For the Big Mac Virus?
An anonymous reader writes "The IT security manager of the University of Otago, New Zealand, has been educating his OS X users in security best-practices. According to Mark Borrie, many Mac users believe they were immune to security problems -- a trap many Mac fans seem to have fallen into. He said around 40 percent of the computers at the uni are Macs. "On the security side of things I reckon the Mac community has yet to wake up to security. They think they are immune and typically have this idea that they can do whatever they want on their Macintosh and run what they like," said Borrie. "If I can get our Mac users up to speed and say 'you are not immune' -- so when [the malware] hits, hopefully we will be pretty safe," he said. "We want to be ready for the first big Macintosh virus -- because it will come. Some day, somebody will say 'I am going to create a headline and write a virus for Mac'," said Borrie."
The monitor on the original IBM PC was borrowed from the IBM Displaywriter, which wasn't user-programmable. The PC's display card allowed setting the horizontal and vertical sync rates in software, not so you could change the resolution but just because the hardware was built that way. The monitor turned on when it got vertical sync. The horizontal sync, in typical TV style, was used to generate the input waveform for the high voltage supply for the CRT.
So if you set the vertical sync to normal and the horizontal sync to zero, the flyback transformer saw DC. With no inductive reactance to block the current, the flyback transformer would burn out. This would produce smoke. And there were viiri that did this.
But that's ancient history. Modern hardware-damaging viruses attack boot programs, firmware, and the keys in "trusted computing" systems. The effect can be a dead PC that cannot be restarted.
At that point, it would do its virus things inside that emulation layer, probably corrupting some aspect of the environment. When you close the environment (just like any other application), the virus's activity would cease. The fix would be simply "reinstall the environment."
So if you needed to use the "Classic" environment for an old application, and you for whatever reason decided to install the virus or place a disk with a virus on it in your computer and run it in the Classic environment, yes, you could give yourself that virus. But that's hardly that much different than the numerous "Proof that you can intentionally break your system" scripts and applications that are around for every operating system.
In my experience, all of the old viruses that Macs got were Macro viruses from old versions of Word. They have no way of propagating without writing to new documents, but the newer versions of word are pretty innoculated against Macro viruses IIRC.
The short answer to "What happens" is "not much if anything."
Exploiting flaws in networked services
This is how Zotob got around. Microsoft shipped Windows with (I think) seven open ports by default. This colossal mistake ensured those too clueless or lazy to turn off unnecessary services would be the most vulnerable.
Microsoft finally fixed this with SP2, I believe, but the repercussions of all those insecure installs (and continuing insecure installs for non-SP2 Windows CDs) will take years to play out. That's why a worm like Zotob is still possible.
Needless to say, OS X has always shipped with zero ports open by default. (OS X does have mDNSResponder, which launches whenever you use Rendezvous, but that's all).
E-mail worms
ILOVEYOU spread by tricking users into launching a program. Outlook for a while didn't do a sufficient job of warning users that they were opening a potentially malicious applications. Mail, as of Tiger, warns about executable programs before it lets you open them, making it more difficult to trick users.
It's not entirely rosy for Mac users. I don't think OS X has any particular protection against Word macro viruses (e.g. Melissa). But overall, it seems to me that OS X does a better job protecting against the two main vectors that viruses use to infect Windows.
BSE is a prion disease, not a virus.
Ah, that's a key point - ease-of-use and productivity are quite often intrinsically linked. I predominantly use a mac for music work, though I also have a PC which I have for some PC-only music apps. When I'm working on a session, I want the computer (and especially the OS) to be as transparent as possible - I don't want it to inhibit the music-making process at all. On the mac, everything is streamlined - for example, Core Audio means that anytime I need to switch audio settings globally (i.e. from an external interface to built-in audio, which I do often on my laptop) the process is ridiculously more simple than it is on a PC (among many other niceties). Keyboard shortcuts have always been more abundant and simpler (just having the apple modifier key makes things much more standardized), and I find that they speed up my work significantly.
At any rate, I agree with you that Apple computers fare better with ease-of-use and productivity, and my point is that the two are not at all unrelated. Having an easy-to-use computer isn't just nice for grandmothers - it can be nice for advanced users as well.
P.
free music
And also keep in mind that Safari gives that annoying "this file contains an application" warning whenever you download an executable, so it would take even more social engineering to actually run any code.
omnia tua castra sunt nobis
Not even close. Prions are non-functional isomers of protiens that can catalyse their functional form of the same protein into the prion form.
Viruses are packets of genetic material and enzymes that instruct the host cell's mechanisms to replicate the virus.
Prions are so much simpler than viruses that there's probably no link. Remember, Michael Crichton is a fiction author.
Actually, most "old" Mac viruses stopped working with the introduction of System 7, early 1991.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Microsoft is always *very* anxious for people not to look at the theoretical, but to evalute things like 'True Cost of Ownership', or 'Performance under real-world situations'.
/.
Microsofties (MS-fanbois) always like to ask "If OS X (or Linux) are superior, then why aren't they dominant?"
Fact: There isn't a SINGLE OS X worm or virus out there that isn't an equivalent of rm -rf
While theoretical vulnerabilities may exist, the fact of the matter is that you could buy a mac mini, turn off the firewall, plug it directly into a cable modem, and it WON'T get owned. Not within 5 minutes, not within 20 minutes, not within 6 months.
Obviously, good security practices will protect you in the future. Obviously, its a good idea to monitor which services you are running, and to run a firewall.
You always here Microsofties say things like "Windows is better because of install base. Greater software avaliability trumps superior architecture"
Or the $ per 'unit of performance' metric--- At any given price, a Windows prebuilt box will end up being cheaper, even though a Linux or Mac prebuilt box could theoretically perform better.
Well, you CAN'T have it both ways: At any given deployment level, an OS X box will not get owned. Period.
Eat it.
I'm tired of all this FUD. To idiots like the article author, and the guy quoted: Feel free to discuss how the *nix sky is falling (in terms of security) when we get daily exploits, and large corporation are shutdown because their *nix servers/workstations are passing e-mail viruses or tcp/ip worms back and forth.
Until then, SHUT-UP. Much like Duke Nukem Forever, the Phantom console, and economically viable Fusion, I'll believe it when I see. Keep repeating to yourself: There are NO Mac OS X viruses. Not one. Not 1/2 of one. Not a shadow of one.
End of story.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Microsoft discovers political contributions in 1998
My amazing wife - Artist, Author, Philosopher - Laurie M
Below are some excerpts from a US Department of Justice report. Read them, and then decide if you want to face the facts or if you prefer continue to hide your head in the sand. The facts are: our government can be (and was, and is) bought and sold like a cheap whore. Just because you think the claims sound outrageous doesn't mean they aren't true.
Between 1995 and 2000, Microsoft donated more than $3.5 million to federal candidates and to the national parties, about two-thirds of which was contributed during the 2000 election cycle alone.6 Including company and employee donations to political parties, candidates and PACs in the 2000 election cycle, Microsoft's giving (that of the company, its PAC and its employees) amounted to more than $6.1 million, far more than has been previously reported. 7 Nearly $1 million came in the 40 days immediately before the November 7th election. As most political operatives know, these late contributions often are made by donors who don't want their participation known until after the election, when financial reports for the final days of a campaign are due, and public and news media attention are no longer focused upon the election. The effect of delaying contributions until very near the election is to thwart efforts by the news media and the political opposition to make disclosures meaningful to voters before they vote.
Comprising the majority of Microsoft's campaign contributions was soft money.8 Like their overall presence in Washington, Microsoft's soft money donations grew substantially since the beginning of the antitrust trial. In fact, in the seven days preceding Judge Thomas Penfield Jackson's ruling against Microsoft, the company donated more in soft money to the national political parties than it gave to federal candidates and political parties between 1989 and 1996.
23. During the 1999-2000 election cycle, Microsoft and its executives accounted for some $2,298,551 in "soft money" contributions, according to FEC records. For context, consider that this was two-thirds more than the $1,546,055 in soft money contributed by the now-bankrupt Enron and its executives during the same period.
As one business commentator put it: "there's something quite disturbing about watching the world's richest man trying to buy his way out of trouble with Uncle Sam Gates's actions undermine the legal system itself."
25. While Microsoft has donated to both national political parties, the company has tended to favor Republicans, who have been more vocal in their defense of the company. Between 1995 and 1998, 72% of Microsoft's contributions went to Republicans, while the GOP received only 55% of the company's donations during the 2000 election cycle.11 Republicans received a total of $3.2 million, about half of which $1.69 million went to the national Republican Party.
37. While Microsoft contributed $100,000 to the Bush/Cheney Inaugural Committee in January 2001, virtually all contributions to presidential campaigns were made prior to July 31st , with the exception of contributions to Libertarian Party candidate Harry Browne's campaign. (This is presumably because, to be eligible for federal matching funds for the primaries and federal funding for the general election, major party candidates receiving are not allowed to solicit or receive campaign contributions after they are nominated at their conventions.) Only four primary presidential candidates received contributions greater than $10,000: Bill Bradley, $33,400; George Bush, $57,300; Al Gore, $28,000, John McCain $39,448.
I don't care if it's 90,000 hectares. That lake was not my doing.
No,
... so no point in disableing it :D I don't need super user/root access to send email in your name to all your friends from your adress book.
... you likely do so! Because you think "you are save". But you aren't.
both of you are completely wrong, and the "The IT security manager of the University of Otago, New Zealand" is very right.
You both give false evidence why a Mac is more secure, and you think your evidence is right.
E.G. ever heared about AppleScript? What you think how difficult it is to write an AppleScript that traverses the Adress Book and sends an email to every one in it with Mail.app?
No SMTP needed
Same for attachments. They are not "executeable" by double click, but when you get a mail from a "friend" telling you to save the script and launch it
A script/virus send to a Mac user has all rights the user has, besides exploites aiming to more rights. So the script/virus can do everything, the user can do: like searching the hard drive and mailing the last presentation, Excel file or Word file to a given adress.
With the architecture of the OS writing basic virus programs is even far more easy than on windows, only the automated execution and exploit traversal via the Internet Explorer/Outlook/IIS and the gaining of root access is harder.
angel'o'sphere
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Except any more, the Mac user is greeted with a little dialog box that says (paraphrasing), "Unrecognized Application "RootKit" has never been run on this computer before. Would you like to {Abort} {Run Once} {Run it and don't ask me about that one again}. "
Now if you thought you just opened a jpg file, this should give you a little something to think about. Considering that a first-run for a program happens reletively rarely for most users, it isn't too distracting, but adds quite a bit of security.
An applescript that does something malicious is really no different than tricking a coworker or friend into typing "sudo rm -rf" at /, true?
However, I can tell you that Applescript is fine for individual use, or when rolled out across a controlled network, but scales poorly across different versions of applications. We use applescripts for numerous tasks at my workplace, and we need to get in there and tweak the source every time we update the OS or the applications.
Still, I don't see how "malicious script that triggers when clicked" is equivalent to a self-propagating virus.
I DO know exactly how easy it is to willfully destroy an OS X system, even on Tiger. I've taken the OS X 'help desk' class where the last test is where you run an applescript that destroys the system. It freezes the boot process, causes the loginwindow system to kick the user out after 30 seconds, changes all the user passwords, and more, and the "test" is to fix it all. Like most viruses, it is fixable with the proper knowledge, but it's truly a pain in the butt.
But, as I said above, convincing a user to run a malicious script just doesn't seem like a virus to me. In fact, it's not: In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents (for a complete definition: see below). I don't see how that makes us "very wrong." Nothing that you say has anything to do with a virus. Just malicious scripting. Yes, a virus could trigger a malicious script, but those are two separate actions -- the virus that infects and propagates and delivers the payload. The payload is the script, which runs and corrupts the system.