Slashdot Mirror
Fake Codec is Mac OS X Trojan
Kenny A. writes "Multiple news organisations are reporting on an in-the-wild Mac OS X malware attack that uses porn lures to plant phishing Trojans on Mac machines. The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec that's required for viewing the video. If the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed, it has full control of the machine."
Am I the only one to think 'finally'?
In my Macintosh? It's more likely than you think.
Comment removed based on user account deletion
If you're stupid enough to go through all of those steps, you deserve to be infected.
The only cure to stupidity is intelligence.
If someone is stupid enough to download something, run it and give it the admin password, it will obviously be able to take control of the machine. No operating system or security software will stop that.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
Um they do. But if you decide to install malicious software on your system as the owner what can we do? What can anybody do? Seriously this is not a virus it is a human (id10T) user weakness...seen on ALL systems regardless of OS.
. I love the sound of burning women and screaming rubber....
I don't know anything about the Mac OS X but is all the extra steps the article points out. Are they normally needed to install lets say a normal codec? Vista reminds me of the same thing that while it may actually be more secure then previous versions users are still going to think that after seeing these screen after many times while trying to install other "normal" programs they will not take it as a caution any more but just enter in their information as soon as the login screen pop-up.
Where is the "haha" tag for this post? WHERE?!
The summary is misleading, it does not give full control of the computer to the attacker, but changes the DNS server for phishing.
It could just as easily install a VNC server I suppose.
It seems that the installation of the trojan requires that the users type in their password. Then, the Macs are supposed to do what their users ask for, even if it's the installation of a Trojan.
Full control of DNS, yes. As far as I've seen, it's not a remote root exploit or anything. It just installs global DNS servers that cannot be easily removed or even noticed.
Jory
That's like saying that Troy had to put their enemies in the horse, then drag it up to the gate, drag it through and then offer a soft cushy landing spot for warriors coming out of the horse.
"Why you think the net was born?" _________________
Five points for finishing the line, an extra 10 for naming the reference (and no, a certain MMORPG does NOT count).
"So after all this, you make my case for me. To end this stalemate, you must die..."
I saw this posted on security focus like hours ago..
Name an operating system that can't be infected when a user gives an admin password.
To get infected, you have to:
.DMG file. .DMG
1) Go to a porn site
2) Download a plugin from the porn site
3) Click "OK" that you are downloading a
4) Mount the
5) Go back to the Finder
6) Double-click the installer
7) Type in your account password
8) Click next a few times
Calling this, "In the Wild," is laughable. How did the porn site "get infected"? I'll bet anything that the porn site(s) in question know exactly what they are doing...
The Right Reverend K. Reid Wightman,
If Apple really wants to continue to provide users with the "Open Safe Files" option in Safari, it would make a whole lot of sense to associate that feature with a white list of approved domain names like apple.com, adobe.com, etc.
Part of the hardcore faithful who believed in Apple long before it was cool again to do so
Ultracodec1000 > all your base.
-Matthew Riley "TofuMatt" MacPherson
I have a website
Comment removed based on user account deletion
Your subject seems to suggest that you believe that now that there's actual a piece of Mac malware in the wild, things with snowball, and there will be more and more. Is there any logical reason to believe that this is the case? In the latter days of pre-X Mac OS, there was some malware program or other released every year or three, but the rate never seemed to climb.
Any Mac haters gleefully hoping that this is the start of a Mac threat environment similar to the Windows threat environment is probably going to be quite disappointed.
This space unintentionally left unblank.
This is neither a virus or a worm; it's a trojan. A trojan is a program that does or claims to do something useful, which gets you to install it. Once installed, it does something else in addition to or instead of what you installed it for.
No OS is foolproof, and even Mac and Linux users can be fools. Mac and Linux machines can be broken into, can get trojans, theur users can be tricked into giving out passwords, but there are no Mac or Linux viruses in the wold.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Avenue Q
What do I win? Do you really have to ask?
More Twoson than Cupertino
"Sure, Russian porn site offering me 'free' videos ripped from US porn producers ... I trust you to give me software to install in order to watch your video. Wait, I'm using a Mac - which ships with nearly every conceivable video codec I'd ever need to produce and edit professional video because It Just Works. What are the chances that Russian Mafia are one-up on Apple for a video codec I'd need?"
Malware does not equal virus, iit does not "break" into a machine through security holes, it hacks the wetware between the monitor and the seat, convincing them to consent to the install.
It's impossible to make a machine fully idiot proof, but in the past couple versions apple has added 3 new "nag" boxes to safari in attempts to warn people.
Anyone who goes through that many screens deserves to have it installed.
I don't install any media player or codec if it asks for root permission.
even flip4mac doesn't require full permissions.
you drop the free component into your home's library folder and it runs in user space when websites call for wmv decoding.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Actually, the only people claiming that Macs are immune to malware, are people like you claiming others are doing so specifically so you can say these mythical people are wrong. This is a case of a program not being what it claims to be, and using social engineering to get someone to install something, make it executable, authenticate as root, and run it. No different than a year or three ago when someone came out with a fake Office for OSX package they shared on the P2P networks which was really a shell script that removed files. Not a virus - this doesn't install itself.
A "virus" with an install procedure which includes "and then become root and run it" isn't going to have legs.
15 points... duh.
please me, have no regrets.
Right now you have to convince people to install the trojan.
... I don't see the growth rate being above the disinfection rate.
Okay, that will give you X% of all the Mac users out there.
Then what? How do you increase X?
With Windows, the trojans scan the hard drive for email addresses and send out links to every address it can find. That depends upon unpatched exploits in IE or you having friends who are as dumb as you.
If the same happens here
that this will move from the pr0n sites into the mainstream video sites?
We're simply talking about social engineering. Windows, OS X, *BSD, Linux (and probably most other operating systems out there) are all vulnerable to this sort of attack, there's just little in the way of motivation to actually do it.
The part where the dmg is automatically opened is the only thing that even resembles a vulnerability as such, though it should actually be filed under "insecure default settings" rather than a vulnerability per se. This said, both linked articles are quite sparse with information regarding the actual installation. From my experience Safari should say something about the archive/disk image containing an application before actually mounting the dmg, and then prompting for an administrator password for the package to be installed. If either of these steps are compromised, you can call this interesting, because there's an exploit at work. If not, then it's a bog standard social engineering attack, to which every platform is vulnerable. The only news here are that you can't browse the web with your Mac in a completely carefree manner anymore, because there are some Bad Things out there targeting you.
You find this "movie codec thingy" at a shady pr0n website (alarm #1), and it asks you to specifically download a .dmg file (alarm #2), install it with admin/root permissions (alarm #3) just to play a non-standard codec (alarm #4).
Meanwhile, by comparison, there are a whole host of Windows nasties you can get just by, say, visiting a website with a rigged IFRAME in the page.
QED: It's not a question of fanboys pooh-poohing something because it's their pet OS - it's a question of simple fucking logic.
Come back and tell us about it when OSX (eventually) has an attack vector that doesn't require the user to be a complete and utter dumbass, please.
Quo usque tandem abutere, Nimbus, patientia nostra?
I've seen this story on several Apple/Mac related news sites yet, and the majority of the comments consisted of Apple apologists telling each other "nothing to worry about, because you still have to enter your admin password".
The type of people who will be infected by this will be similar to the types that get caught up in the 419 scam.
The only real reason this is news is because it's the first occurrence of an OSX trojan in the wild. Much like Crispus Attucks, it's only getting exposure because it's the first.
This really isn't any different than someone creating an applescript called FreePr0n.app that erases a user's harddrive, and as other commentors have pointed out, it requires a bit of user interaction to actually get itself installed. Although I'm sure people who jumped ship to OSX thinking that the mac is virusproof are going to run anything and everything they come across on the internet thinking their safe.
Good thing Leopard adds an extra layer of protection.
and why does safari have the Open "safe" files on by default, again? I don't get that.
...spike
Ewwwwww, coconut...
The well-written parent message sums it up.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Oh come on. The only thing worse than the fanboys are the haters that think this is the beginning of Apple becoming like Microsoft in terms of malware and security.
If this was something that could, more or less, install itself purely by going to a website then I'd be worried and wonder what was up with OS X. Seriously though, if I download an rpm or deb in Linux and sudo to install it, there is nothing to stop that program from causing massive havoc if the author was malicious. The only way to secure a machine against this kind of attack is to make sure that you can't install software. That's it.
You can't secure someone's account who freely gives out his password. At some point in any security system, people can and often are the point of failure.
No machine and no OS is immune to someone with admin or root privileges installing bad software. Not Linux and not OpenBSD.
And frankly, anyone who installs any kind of executable from a porn site deserves whatever they get. If you decide to take off your condom and have unprotected sex with someone KNOWN to have herpes and you get herpes... whose fault is it? The condom's? Gimme a break.
there is a distinct difference between Apples administrator authorization, and Vista's prompt. Vista has a habit of prompting for even innocent non-vital changes that could in no way damage the system, while Apple's prompts only when something that is trying to access the System library directory.
"Slashdot, where telling the truth is overrated but lying is insightful."
If it's possible for a Mac to get infected without the user's knowledge, then that qualifies as "in the wild".
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
malware does not equal virus.
virii exploit security holes to install themselves forcibly and covertly.
malware exploits the gullibility of users to gain access to a machine.
virii hack the software or firmware of a given machine
malware hacks the wetware between the monitor and the seat.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
One thing I noticed was that the more times a user has to enter their security password the more likely they become complacent and assume that any install is going to require it and any install that occurs is going to be safe.
Basically what sunk later attempts by Microsoft to patch security. As soon as they added "warnings" (aka popups) people got into the habit of clicking yes and thereby undoing any chance the programmers had at protecting users from being stupid. You can even blame this behavior on EULA's which require click through - people do this automatically.
As the Mac gains in popularity the numbers of careless people will go up and infections like this will occur more often. The key is finding a way to train the user that its WRONG. That or finding a way to have the OS run objects installed in some form of "safe mode" for a time without letting the user in on it.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
- This is an *insecure* default setting. I don't care if it asks you for an admin password, automatically running things downloaded from the internet shouldn't ever be a "default".
- This is not a NEW "exploit", I remember hearing about this same exploit in a different form at least a year and a half ago. Apple had plenty of time to disable this feature (or at least turn it off so people would HAVE to do the "dumb" thing and re-enable it) and they have not.
- The asshats who write these trojans cost EVERYBODY time, money, and effort. If it were limited in effect to the dumb user, a la "oops, I deleted some files I didn't want to delete!", it would be *slightly* better. But identity theft, break-ins, DDoS attacks, spam, etc. are all costly effects of these "dumb" users "getting what they deserve."
I'm an apple user. I own several of their systems, and find them -- on the whole -- to be incredibly fun and easy to use. But Apple shouldn't get a free pass on this (nor should Microsoft, nor should Canonical or any other Linux distro). By setting this trivial "convenience" up by default, they've made their system more insecure. Yes, there are still people who will double-goddamn-click on anything and everything, but let's at least make it harder for the simpletons to inconvenience all of us. It would be a fairly simple fix for them to make, and one which they should have made a long time back.If it barely spreads then the security model is relatively successful. If it spreads like wildfire, creating a 50 million machine monster supercomputer at the hands of international criminal cartels, then the security model could be said to have been less than successful.
Deleted
Yes, but hasn't Intego tried to scare Mac users into purchasing their virus protection before? In fact, they've done this quite a bit. Check out their report and pay close attention to the "Means of protection" paragraph at the end of the article.
The news is Intego attempting to scare up business, this is not a Mac virus, especially when you have to do quite a few stupid things along with giving permission to install from an admin. My goodnes...
"The greatest obstacle to discovery is not ignorance - it is the illusion of knowledge." - Daniel Boorstin
The "Target" here must be a user with administrative rights to the console. No admin rights, no install.
So Windows fan-bois, ask yourself the question: Would Mac-users now want to switch with you when it comes to malware? 1 troyan versus tons of bad stuff? That is a no-brainer except for no-brainers. But is this troyan a problem for Mac-usin', Porn-surfin' slashdotters (now you know why Apple promotes big 30" screens, right? Never seen an add that bigger is better?)? No. When surfing for those pictures that sneakily attempt to promote that breast-milk is best, Safari's Private browsing setting can be used. No stuff is downloaded to the hard disk. That includes no malware.
Bert
Nice Try tho...
Fiat Homos et Pereat Theos
Unfortunately with the rise in popularity of Macs, more naive users are adopting the platform. Three friends who used to get a virus weekly, by trying to look at "photos" people had emailed them are now on Macs. They won't give it a second thought, they could probably be conned into putting in their credit card number, social security number and sign over their firstborn, if the sketchy web site told them to.
Granted an OS can only do so much to protect such users, but people don't blame themselves when they do stupid things on computers they blame the computers.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Trojan, that requires the admin password.
There are two types of people in the world: Those who crave closure
The Windows way. None of this download, mount, open, click, password, click, click nonsense.
Who says Macs "just work"? Obviously they don't for trojans!
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
But if you think what you are installing is legit software, most of the "stupid/gulible" users out there are going to type in the admin password. Social engineering is just as important as the trojan itself.
Insert funny smart-ass comment here.
Yes, but hasn't Intego tried to scare Mac users into purchasing their virus protection before? In fact, they've done this quite a bit. Check out their report and pay close attention to the "Means of protection" paragraph at the end of the article.
The news is Intego attempting to scare up business, this is not a Mac virus, especially when you have to do quite a few stupid things along with giving permission to install from an admin. My goodnes...
"The greatest obstacle to discovery is not ignorance - it is the illusion of knowledge." - Daniel Boorstin
I created a virus for linux its gonna be on slashdot next week. (run as root please) #!/bin/sh sudo rm -r /
But easy to remove.
What dumbass can't spell "wild"?
;)
Oh hell I guess it's me...
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
No more shall we endure your taunts of being too obscure a minority to content with! Even the Russian Mafia thinks we're worth taking notice of now.
...Now we too shall now the bane of being pestered by colleagues and neighbours to help them score pirate software and to undo the embarrassing things they do their machines.
These stories are free but worth money.
The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec
.damage file. They should have never named it .dmg, it just begs to be used to .damage something!
.dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed
.damaged Trojan, or you may become infected.
I always knew there was something phishy about a
the
Lesson learned - NEVER mount a
He who knows best knows how little he knows. - Thomas Jefferson
Fix your website... it keeps giving me the default Apache test page for some reason.
(kidding!)
Quo usque tandem abutere, Nimbus, patientia nostra?
Your argument isn't as original as you'd like. It's also flawed. Just compare Apache to IIS. Apache has much greater market share, but IIS get exploited like Swiss cheese. How do you explain that?
Another counter argument: Although Linux has a much smaller installed base than Windows, a cracker could stand to gain much more by exploiting Linux. Imagine the wealth of sensitive data hosted on Linux servers.
Raj Against the Machine! http://social-butterfly.appspot.com/
The effectiveness of this trojan is going to be how similar the above steps are to what you'd be asked if you were installing a legitimate codec.
If you thought you'd downloaded a codec and those are the steps required to install a codec, then people will do precisely that.
Not that I'm picking on Apple here, it's exactly the same on Vista. If you present some malicious code as something that requires root access to install, then people will blindy install it. Not quite sure what the solution is to this problem, apart from maybe an extension of the authorization process. Maybe instead of just asking for admin, it should ask "It looks like you're trying to install something to do with Networking -> DNS"... actually the more I read that I get vision of Clippy.
Yeah, I agree with most posters. It doesn't really count if the user has to run it manually, and run as root to get it to work. It's a problem with the user, not the OS - any OS is vulnerable when the user is not privy to this kind of attack.
Shameless plug alert: Game server control panel
As a mac user user you normally end up downloading a load of shareware as there isn't much proper software out there. Certainly some of it require admin privileges to install and run. That dialog box asking for the admin password is NOT the same as a warning saying "do not install this". It just means you have to enter the password to continue. I can't remember, does Flip4Mac require a password to install? That is a codec and a good comparison.
I have excellent Karma and I am not afraid to Troll it.
Everything on the internet can be found for free somewhere / somehow but some people like to pay for convience, quality, or to support the "artists". Just providing the other point of view. Its pretty arrogent for you to sit there and think you know better than everyone else, and everyone who disagree's is wrong, what about people who have interests that can't be filled with WoW on entsity.net? :P
http://www.apple.com/getamac/viruses.html
And i quote "850 new threats were detected against Windows. Zero for Mac."
Yes, it admits it's possible, it doesn't however, admit there are any.
If your Windows machine is unpatched, yep you can probably get hit with something via IFRAME. Up-to-date machines aren't quite that easy to hit with malware though. Most modern day Windows malware happens via trojans, just like this Mac trojan.
The steps are pretty much the same as the ones you gave above, except maybe #3. To be fair though, Vista tried to add #3 and its pretty much universally panned as being "stupid" despite being pretty much the same damn thing. Oh, and when its Windows, its never the user's fault; only Window's.
And yes, it was my personal experience that, as far back as 2003, most infected users explicitly installed the software that infected them. Cursor packs and custom themes, Kazaa, random P2P applications, wierd codecs, etc.
So basically, if people are whining, I'd imagine its because of the perceived double standard, wherein "Windows user does something stupid -> OMG WINDOWS SUCKS," but "OSX user does something stupid -> OSX is perfect, the user is just stupid."
I know it's been said before, but it bears saying again: this is considered "in-the-wild"?
When a virus has to ask a user to install it, it becomes purely a social engineering attack. In my opinion, if anything this says something positive about the security of OS X itself, in that is apparent weakest link occurs between the chair and the keyboard.
IMHO, that's the best way anyway.. "Once windows is busted, it can't be trusted".. I've cleaned my fair share of infected pc's, but they always get reinfected. So then the question becomes "did I miss something, or did the knucklehead just do it again?".. and of course there is no way to answer the question, but I'm sure there are cases of both.
I did not say that they did. I said that the trojan scanned the hard drive of the infected computer to find anything that looked like an email address so it could send links to those addresses.
If someone clicked on one of those links AND had a version of IE that was exploitable, then they were infected.
That is how X increases in the Windows segment.
Yes they can. But they still depend upon a browser vulnerability in that scenario. Microsoft's decisions with IE (ActiveX, "integrating" it into the OS) means that the exploits are worse with IE than with, say, Firefox.
Targeting it does not matter. What matters is how to increase X%.
If the infection rate is below the disinfection rate, the trojan dies "in the wild".
Yeah. You go with that.
Actually, it appears that your argument is the one that is empty.
Getting ONE person to infect his Mac is not much of an achievement. With enough users, eventually you'll find one dumb enough for fall for any scam.
What matters is how fast it will spread.
So far, this trojan has demonstrated that Mac's are extremely secure. The trojan is not spreading.
Compare that with the Storm Worm.
And who is saying that 100% security is needed?
Security is a PROCESS. Not an end-item.
All that is needed is for Mac's to have an infection rate that is BELOW the disinfection rate. The the viruses and trojans and worms will all die "in the wild".
No need to make any claims about "100% secure" or not. It's the infection rate that matters. Does it spread faster than it is removed? If it does not, then it is not a threat. If it is not a threat, then the Mac is still considered "secure" by its user.
I don't know about you, but if grandmagoldenshowers.com recommends that I download software, I do. If my operating system give me a detailed warning about the software that I downloaded from the porn site, I disregard it. And if I'm forced to authenticate the installation, I do.
Porn sites have given me hours of free orgasms at my desk, why wouldn't I blindly trust them?
Oh and I also always give my credit card and social security number to Ebay when they're having problems with my account and they direct me to www.secureauthenticate.ebay.com.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
And there still aren't any viruses on the Mac, in the wild.
So the page is still correct, even today.
There are two types of people in the world: Those who crave closure
and why does safari have the Open "safe" files on by default, again? I don't get that.
Why is there even such a setting for anything in the context of a web page? "safe" web files?
Btw, what would happen if the setting were not set that way? Would they be prompted to save it and presumably suffer the same consequences if they run it by hand?
I hate this ignorant attitude that unless something happens automatically it won't happen. Sorry, but most trojans go in the front door, not the back one (hence the name "trojan"). Better than 90% of the infected computers I encounter are infected with something the user had to take an active hand in installing.
One of my all time favourites was an e-mail virus. This happened after we installed our spam filter, which is also a virus scanner, so it was a surprise to us since installing it had dropped the occurrence to zero prior to this (no matter how many times we harp on them, many people refuse to run virus scanners). At any rate the way this file got around the virus scanner was by sticking itself in an encrypted zip file. It would then put the password to decrypt in the e-mail message.
So what a user had to do was get the e-mail, save the attachment, try to open it, look in the e-mail for the password, enter the password, get the exe, ignore everything we told them about not running exes and then run the exe. Quite complicated yet a number of people (4 if I remember correctly) did it. They assumed it HAD to be legit.
Well, same shit here. This is just proof that no, requiring an admin password doesn't make your system magically secure if the admin is willing to give it up. All they did is present the user with a mildly plausible scenario (that you need a new video codec) and bait that the users wanted (a porn video) and there you go.
This is simply proof of what many of us have been saying for a long time: Things like needing to enter an admin password are just hoops for a normal user to jump through. They do nothing to enhance security if there isn't a skilled operator. It isn't some magic security shield that will protect you from evil stuff. The power to install software implies the power to install bad software. The power to control a system implies the power to damage the system, and so on.
There's been a lot of make-believe going on that MacOS is immune to spyware/trojans because of its design, specifically the privilege escalation thing. This is proof that's not the case. You can put as many hoops up as you want, if the users want what's at the other end bad enough, they'll jump through them without looking to see if they are on fire.
Okay, how about I do. iPhone runs MacOSX, right? Well, it does have a vulnerability that lets a malicious website or email content take complete control of the device. It's been there for a couple of weeks, is highly publicized and Apple has yet to fix it.
Nothing like having a website able to dial 911 for you, eh?
http://secunia.com/advisories/27213/
Sir, you may well be the Richard M Stallman of Pr0n.
Rich And Stupid is not so bad as Working For Rich And Stupid.
Actually, it sounds like the user is prompted to install it. There's no local priv escalation vulnerability, unless you count the local user installing the plugin a privilege escalation vulnerability (which, in essence, they are).
It's amusing, because installing a codec for some bizarre video format is something that people would do. Soon, there'll be a "Flesh Player8.0" that you'll need to install, made by "Micromedia"!
To be fair, once any OS has been compromised, its pretty hard to fully trust it again. I find that reinfection is mostly caused by users doing the same stuff over and over again. I always try to educate people when I fix their machines, and set up auto-patching, etc. Of course, most people want their computer to be an appliance, not a general purpose machine.
just enable the root account and type that into the terminal.
-- Boycott Shell
hmmm... in which year are you lving? IIS 7 and 8 are reported with 0 critical vulnerabilities and have not been seriously threatened. Now if you tell me II4, then... that was another five cents.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
porn looks better on Windows, geeky on Linux, and totally gay on Apple!
I wouldn't say free, because your paying for it by looking at the ads on the side of the screen, but two that come to mind are www.newbienudes.com and www.postyourgirls.com
int main() {while 1;}
My new blog
well, it would be less automatic.
I feel that a non-technical user would be less inclined to actually go through such a process if it required actually mounting the DMG and doubleclicking.
If the installer window simply pops up after they click the link, it may appear that it's coming more from the browser and less from the actual computer's system.
In my experience with non-technical users, there's no difference between the computer and the operating system and the GUI... However, the webbrowser is "the internet" and what happens in a browser isn't part of their computer.
and I agree with you about this "safe" web file thing. When I first saw that, I bitched about it and I really didn't imagine it surviving this long... what, has it been like 3 major revisions to the OS since it first reared its ugly head? I think it's been around since the original betas of Safari. sheesh.
...spike
Ewwwwww, coconut...
1) give money to Apple
2) cluelessly download a new codec
3) ????
4) get pwned
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
"Porn, Porn, Porn!"
Trekkie Monster, Avenue Q
However, for the MMORPG ref, the World of Warcraft video made from this song is also quite amusing.
Welcome to the Panopticon. Used to be a prison, now it's your home.
oh, and to add to that...
I'd bet that if you created a site that would detect the OS of the user and present them with a file for that system claiming "This website uses new features of Web 2.0. Please run the attached update to get the full experience," that you would get a pretty decent number of people running that application.
Especially if you tailored the message for them a la "Firefox 2.0.8 running in Windows Vista does not support..."
never underestimate the security people feel when their browser automatically does things as opposed to them actually having to manually run things.
...spike
Ewwwwww, coconut...
VMS. When's the last time you saw a torjan for that??! HUH?!?!
What if it is just turtles all the way down?
the xbox 360? : )
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
You can't take the sky from me...
Well, if the Internets are going to replace people in relationships, then those without relationships have to go SOMEwhere. Maybe they will find their wet, queasy feeling moments after DOWNloading the softwear onto their hardware.
Now, what WOULD be scary is if the REALDOLL came, err, umm, ARRived with trojans and malewear, umm, malware. "Excuse, me, butt, I need your assword and for you to turn over for my social reengineering progam to bootstrap you."
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
You can't take the sky from me...
"The target must click through a series of screens"
And engage in a specific pattern of toe-tapping and handwaving.
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
Yeah but if it's successful in duping the user into doing that it's stupid to herald the admin password as some sort of panacea for all security problems.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
I thought that, given their hip status, that they'd be having sex instead of watching porn. Does this make them as pathetic as Windows users, yet?
What you describe is more like a year or two ago, now anyone who wants Divx or other odd formats just installs Perion and they are done. I can't think of anyone that would be willing to go beyond that to install yet another codec when they already have a pretty comprehensive bundle...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This is an *insecure* default setting.
What is? BY DEFAULT Safari prompts you to allow downloading things like disk images from a remote website. Then BY DEFAULT it asks you if you trust an application from wherever it came from - even allowing you at any time to revisit the web page it was downloaded from! Then after all than, if you choose to run the file in the disk image you are further prompted BY DEFAULT for an admin password.
What exactly is the DEFAULT behavior that is wrong here? Should all ability for the user to download and install applications be removed?
This is not a NEW "exploit", I remember hearing about this same exploit in a different form at least a year and a half ago. Apple had plenty of time to disable this feature
What, the ability to download an run applications?
I don't see what your complaint is on this one. Apple has made the system as secure as they can make it, at some point the rest has to be left to the user.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
And i quote "850 new threats were detected against Windows. Zero for Mac."
Yes, it admits it's possible, it doesn't however, admit there are any.
Wow, that's an astonishingly blatant use of creative quoting without context. Lets read the whole paragraph, unedited, shall we?
By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, 850 new threats were detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious.
A bit different than your out of context snippet this way, isn't it.
How do the facts then agree with your claim that "it doesn't however, admit there are any."? Says right there "While no computer connected to the Internet will ever be 100% immune from attack,". Sheesh. It's almost like you figured nobody would check your claim to see how blantantly you misrepresented it.
and why does safari have the Open "safe" files on by default, again? I don't get that.
Actually it used to be worse. Safari used to have a hidden pref that allowed you to open any file you downloaded, not just "safe" ones. All it took was editing some XML prefs to add file types you wanted to auto open when downloaded. I used this to write a file browser that let me open various files after I downloaded them (like PSD's in Photoshop, basically stuff I actually found useful). A few years ago Apple cut that part out and restricted it to only files they deem as safe, which is a pretty small subset of file types.
That said, I don't mind the option (rather like it actually) but it should be turned off by default.
Actually, Vista prompts for any action which could pen an attack vector, somewhat similarly to a *nix based system. UAC will prompt when attempting open any install file, any window where system files can be accessed and/or changes. and any interface that allows a user to modify their system (ie Device manager). It also prompts any time a file tries to run outside of userspace. to me, this appears to be sound reasoning, but then again, i've never had a virus because im not stupid either.
I've found a great way of getting free pr0n and warez on Mac OSX. Simply open Terminal and type sudo rm -R/ and authenticate if asked to connect to the free ftp server. Works like a charm for me.
There, can someone write a story about this now.
spoonerize "magic trackpad"
Let's put it another way. If Windows controls 90-ish% of all computers, then it would make sense that somewhere about 90-95% of the viruses would be Windows targets. Yet there are still ZERO serious OS X infections since the early 2000s. There are 100million + macs in use right now and 2 million macs sold last quarter, most of them being more vulnerable laptop versions used in public wifi spots a lot. Why haven't any of these suckers being brought down?
An embedded OS on a system with the OS, all applications and all executable code segments in ROM. For example, some dumb cell phone and embedded DSP operating systems. Infection is still possible, but requires physical access, a screwdriver, and maybe some SMT soldering equipment.
Which OS's will boot and run from a write-protected HD partition (assuming some other HDs are partitioned for swap/log/tmp/user space, etc.)? Are there any HD's that come with a physical write-protect jumper? All those OS's might then qualify.
Why do you think it's called a ... trojan?
http://www.bash.org/?5489
Is the kind of video I would need a special codec to view? Gimme a link and I'll install it.
Shop as usual. And avoid panic buying.
I download stuff for my Mac, sometimes it needs administrator authentication and sometimes it doesn't. Does a codec need to authenticate to install? Plausible, OK. How do I know why it needs to be Administrator? I was a computer science major and I write software for a living, and I don't flipping know.
This is only the formative phase of malware for Apple computers. Next, trojan'ed copies of popular software are going to get uploaded to download.com. Then, you are going to see silly-ass toolbars and weatherbug and bonzi buddy, which may or may not even need administrator rights to do their damage. And then the Mac users populating the Internet that constantly parrot "Macs have no viruses!!!" will go away, because the statement will continue to be true but have been proven to be utterly MEANINGLESS.
Egocentrism is a bitch, especially for switchers to the Mac. It's a Mac, not a PC. As soon as you figure that out, the faster you can enjoy your new Mac. m.
The catch is that windows users don't have to do something stupid to get infected. I'm pretty savvy about windows, having used the OS for most of my life before turning to Linux flavors 3-4 years ago. I'm always pretty cautious, keep those installs up to date, and always install AV (AVG lately) and Firefox as the first two things on a newly formatted system.
With that said, I still managed to get a recent install trojaned all to hell. My crime? Before the first reboot, I had installed motherboard drivers and video drivers. After the reboot, as I was downloading round #2 of patches, I decided to see if the onboard sound worked. Plugged in speakers, fired up WMP (since I was lacking any other media player, of course) and realized that I had no audio easily accessible since it couldn't see the ext3/reiserfs drives. So, I did what in hindsight was a stupid thing, and clicked "recommended internet radio stations" and clicked on the first one in the list. And was instantly hit with 3-4 different trojans.
Now to be fair, I wasn't using a fully patched system at that point. But the fact that firing up an internet radio link through the default media player loaded me with trojans, AFTER the first round of patches, is complete and utter rubbish. I can understand the stupidity of having to download crap from shady sites, and being asked to click to install sketchy things. I can't understand how such a limited action could totally hose a system. That blows my mind. To make matters worse, it was from the pre-installed favorites called something like "Recommended Internet Radio". Exactly who recommended that?
There are stupid users on both systems, and both deserve to be ridiculed (and then educated). But on the windows side, it doesn't take much in the way of stupid to get a box fairly well loaded with trojans and spyware. There are major design flaws which allow it to happen.
Velociraptor = Distiraptor / Timeraptor
"If the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched."
"...the installer is launched."
The use of passive voice makes this sentence incorrect. The user must click on the installer icon to launch the installer; the bad program will not install itself without user interaction.
Did you have SP2 installed? One of the dirty secrets of XP is that if you don't have SP2 installed, then you're likely to get nailed before you can even download the first service patch, automatically with >no user intervention. Sadly, theres not much you can do about this but pre-download SP2, install it without network connectivity, and then install. Luckily, most Windows users buy pre-built systems, so they come with SP2 already installed. They still get infected way too easily though.
What? The OP said "infected".
I'll give you a little bit of credit and say that you were trying to make a fork-bomb there, maybe in C. That would look more like this: int main() { while (1) fork(); }. Of course we all know such things are trivially defeated by a few seconds with our good friend, ulimit, but still such a thing wouldn't constitute "infection" in any meaningful sense. It's a DOS, which admittedly sucks, but in the very worst case (you don't have any ulimit set, etc.), all you have to do is reboot the machine and it's gone. I think for something to constitute "infection", it should at least survive a reboot.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
Apparently it doesn't have to be unpatched (or even a shady website...)
(long URL ab't a recent ad server compromise that utilizes IFRAME-launched vulns) Apparently, the attackers used an embedded IFRAME to shift browsers to a sniffing website, where it could look for a nice bucket of 0-day exploits (e.g. the recent RealPlayer one).
The steps are pretty much the same as the ones you gave above, except maybe #3. To be fair though, Vista tried to add #3 and its pretty much universally panned as being "stupid" despite being pretty much the same damn thing.Not exactly - in OSX, you only see that when you actually install a binary that requires full-on root or sudo privileges. UAC in Vista apparently did it all the time (hence jokes such as "your mouse cursor is trying to move. Cancel or Allow?")
Oh, and when its Windows, its never the user's fault; only Window's.In some cases, it is, albeit subtly. UAC for example... the most popular subject concerning it is (to paraphrase) "how do I disable the fscking thing!?" Granted, MSFT (I think?) tweaked it to not cry wolf so much, but it's still a PITA judging by most reports.
Now I'm not discounting the fact that the most common attack vector does rely on social engineering - but there's a vast difference between opening what your OS thinks to be a media file (and ending up with a nasty case of crap via some app or OS vulnerability), and explicitly opening a disk image file (.dmg), and going through the motions of typing an admin password to get the thing installed.
Quo usque tandem abutere, Nimbus, patientia nostra?
(I know nothing about kernel programming, please don't lynch me)
My new blog
Sorry. I was talking about THIS MACARENA virus. Oh, and here we have one more: The Leap virus. Nah...it's an illusion... NOT. But because the critical mass of MakOs is so little that if the virus spreads on the internet the pprobability of it landing on one of the 5 MakOS users in the worls is... lets see... almost zero, cero, null, noll, nil.... Easy like that.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
This is a very good argument for making all software free. Whilst Windows has been insecure by design, where just browsing around can cause system compromise, the one universal method to compromise a system is to install software which has been altered. About half of the people I know own and use macs. They paid extra to get one, but most of them didn't buy their photoshop suite, their office suite, etc etc., because they are ordinary home users, they have limited funds and the temptation of saving hundreds of dollars is too much. They don't have a cleanly licensed system anymore. They will always say yes to more pirated software. They are sitters for trojans.
Then my 'linux' friends. Do they need to buy a photoshop suite? No. Do they need to buy an office suite? No, they all came with the system. Do they need to buy games? Who cares, they had extra $$$ left over because they bought a whitebox and now they have an Xbox or some other thing. As for solitaire and sudoku and other coffee-break games, they can find it in their package manager.
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
So basically it redirects your browser to a page that hopes your system isn't patched?
Not exactly - in OSX, you only see that when you actually install a binary that requires full-on root or sudo privileges. UAC in Vista apparently did it all the time (hence jokes such as "your mouse cursor is trying to move. Cancel or Allow?")I've used Vista. UAC works pretty much the same way as the Mac system does. UAC runs if you're installing something, or you're running a program that requires admin privileges. Problem is that a ton of software out there requires admin privileges.
In my personal case, after I had my software installed, I saw maybe one or two prompts a week. Nowhere near the amount that some people like to joke about. People saw the UAC thing in beta while they were still tweaking thing, grossly exaggerated, and then started posting on the internet. Its an internet meme, not necessarily grounded in reality.
Honestly, if you're seeing a lot of UAC prompts, its probably because your permissions somewhere are screwy, or because someone installed software that wants to be admin all the time. Neither of those are Vista's fault.
My practical experience is that UAC in Vista was no more and no less annoying than sudo in Ubuntu. As it should be, because its pretty much the same friggen thing.
...a virus. It is also not a vulnerability in the OS.
Karma Schmarma
*Take in any context you like.
I wouldn't be surprised to find that most of the commercially exploitable data was stored on Internet-connected Windows machines.
The people using Linux will usually be smart enough to store the data in a database, behind the firewall separating the "green" network from the DMZ. In fact, a large proportion of those will only have the HTTP concentrator/reverse proxy sitting on a world-visible address with the rest of the operation hidden on private networks or on the other side of data diodes.
By their technical nature, the Linux users will understand what is meant by, "security is like an onion." The Windows users will be the ones asking, "oh? it stinks?"
unless you are wearing a full body condom, you can get herpes while wearing a regular condom.
Except that, by last count, 98.5% or so of Windows users stick with IE. So your "point" is meaningless.
Get out of your bubble. It'd be nice if people ran Firefox, maybe (it's a piece too, just in different ways), but in the large scheme of things almost nobody does.
"What's the sound of a thousand eyes rolling?"
:(
Jeez, I don't know, but it probably sounds pretty damn disgusting. Gross!
This basic "social engineering"-based trojan is old news.
I remember back when I ran a Hotline server (with fully legal files of course) from around 1997-2001, and people would try to "hack" my server by uploading these well-disguised "utilities" that were actually AppleScript applets that, when executed, would secretely add a maximum-priveleged admin account to the HL server. Someone would upload one of those and go "Hey dude check out this sweet [game/app/whatever], it's pretty cool!"... Of course, I always highly scrutinized user uploads and managed to catch them every time (fortunately), but the trojans were pretty damn convincing in terms of seeming genuine. Legit-looking application icon and detailed info with copyright etc. for whatever program the applet was masquerading as.
I'm sure a lot of other former Hotline server admins will remember the exact same thing, and I'm sure a lot of people unsuspectingly ran these malicious apps back in the day, not realizing how easy it was to disguise an app and conceal its actual purpose.
Anyway, needless to say, this type of trojan is old news. The only good thing about all the "OMFG" news-reporting is that users will be a little more vigilant about what they download and run, hopefully. Besides that, it's a complete non-item.
here, I'll say it. my Mac is IMMUNE. :-)
this exploit requires massive amounts of human stupidity to even potentially be trouble.
oh, and people that are this stupid are still using windows
IMMUNE LINE 1-800-GET-AMAC
hey virus....bite me!
I-M-M-U-N-E
(this posting was typed real slow to assist the those reading this with IE)
Just wondering...does Symantec has any antivirus software for Mac ?
Default your Oracle EBS with success !
This virus works on the honor system:
If you're running a variant of unix or linux, please forward this message to everyone you know and delete a bunch of your files at random.
I am pleased to see these nonsense osx malware stories have at least decreased in regularity.
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
Most citizens seem to think it is much better to just buy the tank and drool as you drive. It's for the children and all. Bleh.
Blar.
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
Really...
.dmg.
I'd sooner lay down and spread my ass cheeks in an AIDS ward than I install a strange
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Dammit, they found my one weakness.....
Be gone from my sight or prepare to feel my flaming wraith!
Modern Macs may have few viruses, trojans, etc. (a 68000 based Mac is where I first saw a virus myself, but I know OS/X is much better.)
However, I have also never seen a unicorn with rabies.
A Mac virus won't spread via the 'net because the odds of a random connection leading to another Mac is much smaller than hitting a PC.
What I would find interesting is a multi-platform worm/virus (which would be easier with newer Macs being x86 based (are there 64 bit Macs? what's their RAM limit?)) Not something high level, like a Word-macro or Java virus, but something that when executing on a PC, keeps it's Mac payload as data, and vice-versa, maybe even using 'boot-camp' machines to cross bounderies.
I think IPv6 may do a lot to reduce internet worms; first, by eliminating non-compatible worms, secondly, by making scanning the global IP address space take about 79228162514264337593543950336 times as many probes. But address books and such will still be sources of targets.
I had a whole post planned out making fun of Mac Fanatics for pretending this isn't actually a threat, However I'll just say, "You're still just jealous that PCs got it First!"
So basically you don't understand what a 0-day exploit is? You'd better patch your system so you don't get that 0-day exploit! Quick now!
Put identity in the browser.
Bottom line -- unless the Linux ecosystem becomes much more homogenized, the ELF format is too brittle to support a virus or worm which doesn't download source and compile itself.
Put identity in the browser.
So true.
At least on the Mac you don't get (full) admin rights by just logging in as your user. There are some permissions set on users who you tag as admins so they have some level of access to things without the admin password. Dragging an application bundle to the system-wide Applications folder is one thing they can do without being prompted for a password. I believe (Though I haven't checked it lately) they you can overwrite some of the system libraries too so long as they're not being used at the time.
A certain other OS makes the first user on the machine the full and powerful admin by default so they are extremely vulnerable to any form of exploit.
Most Linux distros take the other tact and there is no admin ability at all without confirming it by a password. Worst you can lose if you're sensible is your user files.
I drink to make other people interesting!
That said, I don't mind the option (rather like it actually) but it should be turned off by default.
It should either be off by default, or be more than one option. In fact, it would be nice if they had an advanced pane for that that let you configure the filetypes that you could have it auto-open. I wouldn't mind it having auto-open for things like graphics files, torrents and sourcecode, although I'd really prefer fine-grained control over things like that.
For me personally, I'd rather not have it auto unzip (or unstuff) or auto-mount a disk image, though. Or, if it does that, it should at least present a dialog box with a warning and information about where the file came from and stuff like that.
The security method for the auto-open is wayyy too simple for what could potentially be done.
...spike
Ewwwwww, coconut...
Actually, the only people claiming that Macs are immune to malware, are people like you claiming others are doing so specifically so you can say these mythical people are wrong.
No actually I've seen comments here to that effect, and have argued with the posters from time to time. Not many people claim that Macs or Linux boxes are immune, but they do exist.
Not a virus - this doesn't install itself.
Viruses don't install themselves either, they need to be run by the user. Worms are the autonomous ones.
It's official. Most of you are morons.
Riiiiiight. In what world is this definition relevant?
word games and bullshit aside, the fact remains that this thing needs several steps of human interaction and cooperation to get going, and Windows has hundreds of self-installing problems per month. Call 'em whatever you want but this ain't what the windows people have to deal with. It's a program that claims to be one thing and is something else that you have to download from a porn site and run as root.
of an uptake up apple systems, is the increase of viruses and spyware on the platform. Viruses can only exist if there's a certain density of compatible systems on the network.
Maybe you should check out "your OS" that you're so proud of with consistently open holes in their "data center" server. http://secunia.com/product/1174/?task=statistics Yes, I too once was a MS developer, blah, blah, blah. 20 years working with that crap.
I say things which affects my Karma negatively. (and I don't care) For instance; All religion is false.
OSX is vulnerable to viruses. The oldschool ones that come attached to a program and spread to every program installed on the machine each time an infected program is run. That's because /Applications is modifiable without any user intervention required.
Isn't this essentially equivalent to having .exe's listed as "Safe" files on a Windows machine?
Am I the only one that thinks it's strange that enabling auto-opening of "safe" files will cause it to automatically mount and execute an installer? Does this happen if it's not a user-initiated download? Is "the Installer" a piece of Apple software (package management type thing) or is this more like Autorun in Windows?
Is the default setting for Safari to open Safe files automatically after download, or does the user have to enable this option?
This is a really interesting situation. There has always been smugness with the Mac community about OS X and getting pwn3d. The guys at Apple are mostly to blame for this. Instead of Apple telling it's minions that yes in fact there is a threat to users of the Mac OS X system (as in every operating system) so you should add layers of security to protect yourself. I have to admit the Mac OS X system seems to be one of the more secure platforms and that is great. But Apple is setting it's users up for failure.
I work in an office that handles computer security for a large network and have noticed that users tend to not install Anti-Virus software on their Mac systems. Apple has made them think they are superman or something. This will end up being a big mistake. Social engineering is one of the biggest attack vectors right now for malware so this new Trojan falls right into a nice comfy spot. And since Apple is making their users think they are made of Kryptonite it is likely that social engineering will work better on Mac users. As more evil doers create more variants of this type of Trojan they will use different methods to get users to open the file and install it. If you don't have AV installed how are you supposed to know that something evil is on your system? Your average Mac user won't have a clue.
This could in fact be a turning point if more malware is written for the Mac. Right now the biggest target is Windows and it is social engineering (not vulnerabilities) that is the most successful. It would be 'due diligence' to install Anti Virus!
crap, as usual, and slow to get into /. the trojan messes with the proxy settings and keeps you pointed at porn sites, it does NOT have FULL control over your machine.
There was an unknown error in the submission.
How is it a bluff, when you claim it will "soon be called". That means, in the meantime, it hasn't happened yet. No viruses yet != bluffing. No viruses yet = reality. Sure, it'll change, and then if your Mac friends keep clamoring "Mac's don't get viruses", then you can call their bluff.
This think has it all except the Terms and Conditions agreement during the install.. $5 says that the removal tool is sponsored by the same website... -Z
yess www.yessmoney.com
If you're not in the 5% of dumbest people on earth, you can do that.
And everyone realizes that you can do that. When people speak of viruses, they do not speak of applications the user has to download and launch. When Mac users say "there are no viruses on the Mac," they do not mean to say that you can't create a script which deletes your stuff and has a name that does not say "delete my stuff."
So yeah, Mac users - and certainly those modding on
True. However, I would argue that not requiring Admin access for /Applications is a good thing. People should not get used to entering their password for simple application installs.
Using the story of troy to define a trojan virus? Brilliant!
That's interesting, because that's exactly how Steve is selling his warez.
That's interesting, because on Apple's very own site, it says "no computer connected to the Internet will ever be 100% immune from attack."
http://www.apple.com/getamac/viruses.html
So who is these Steve you're talking about, and how is he relevant to Apple?
Hmm. I'm nearly positive my 16-word sentence didn't say anything about Safari.
Though, now that you mention it, while it has its own infuriating bugs it's the only one I can trust to (mostly) reliably render html and css according to spec, so I do use it for development reference.
Anyone who thinks Firefox is the answer to all the world's problems is a silly twit. It manages to have almost as many bugs in Mozilla in a codebase the fraction of the size. Hilarious! Again: The only good thing about it, is that it's *not IE*.
mean, you can install a Trojan like that any Unix-like OS (other than OS X) if you follow ALL the necessary steps to install it. The problem is not whether it's possible to install a Trojan on certain operating systems; the problem is the easiness of how it can be done. In Mac OS X you have to click through several screens to "get infected" while on Windows you're only one click away of getting infected. That's the difference.
Insanity: doing the same thing over and over again and expecting different results.
Why do you expect the /. crowd to be dumber than a bunch of, as you call them "Apple apologists"? Oh, or are you trying to say that this is something to worry about???
Apparently no one's installed it that anyone can detect.
So Mac users, who let's face it, a self-selected group, are smarter than the default-installed Windows crowd. And the few who are dumb enough to install the virus don't know how to do it. Built-in protection.
What, seven years, no viruses? Come on, give up. Macs won. Windows lost. Game over. Nuke Windows from orbit. Even if ten thousand viruses arrived tomorrow, it'd be a miniscule fraction of the blasted battlefield that Windows live on. There is no comparison. Windows admins like Windows because -- well really, you know this is true -- fixing broken Windows and cleaning up the mess afterwards is their livelihood. Macs would cause a massive wave of unemployment in the admin community if businesses woke up and converted. And under the bravado and anti-Mac fulminating, they know that.
I would call it a classice, "User IQ error".
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Couple problems with your post. First, can you provide any examples of this having happened, ever? Because the theory and reality are two different things. Second - in any Unix system, files and directories have permissions for owner, group, and world. Read, write, and execute for each of these. System stuff, you have to be root to write. That's the fundamental difference that Windows is finally now trying to implement properly and Unix has had all along. The user shouldn't be _allowed_ to muck around in system internals. Installing software into an area which is protected requires you to authenticate as root do to it. But just installing it in your user space, well, you own that directory, go for it. It's an important role distinction because, letting users write over system files is exactly the design flaw that has caused Windows to be the virus-laden mess that it is.
Your hypothetical vulnerabilities because
Back to the original topic, the "virus" in this example is just a script that breaks things, that if you allow yourself to run as root, will break things that root is allowed to break. That's a meatware vulnerability; has nothing to do with the OS. And meatware is much harder to patch.
The guys at Apple are mostly to blame for this. Instead of Apple telling it's minions that yes in fact there is a threat to users of the Mac OS X system (as in every operating system) so you should add layers of security to protect yourself. I have to admit the Mac OS X system seems to be one of the more secure platforms and that is great. But Apple is setting it's users up for failure.
There is a threat, and it comes from Apple, but it's got nothing to do with adding layers of security or not adding layers of security. It has to do with Apple borrowing a bad security model from Windows... the idea that warning dialogs are an alternative to inherently secure design. I've been predicting that the vulnerability that this program used to launch the installer would be used in an attack on OS X since 2004. Instead of fixing the vulnerability (even in part, by eliminating 'Open "Safe" files after downloading') Apple has decided to add warning dialogs when the computer wants to do something that might have been requested as a result of this vulnerability.
http://www.scarydevil.com/~peter/io/osx-security.html and following articles.
What differentiates this social engineering attack from others (like the AIM worm) is that it's initiated without any explicit user action. The user is faced with a decision, and has been trained to make the wrong decision in this situation. This is the Windows model. The Mac model, traditionally, has been to do what the user requests when the user requests it, and if it seems like a dialog might be needed, look for a way to avoid it... for example, Macs don't ask before moving files to the trash, or before emptying the trash, because these operations are separate and both have to be performed before there is data loss. In this situation, the solution is to download the file to a standard location, but let the user request that it be opened as a separate operation.
In the browser I normally use on OSX, Camino, this is how it normally works... and the option to behave like Safari has a warning that this is dangerous.
Luckily, Apple seems to have decided to back away from the dangerous operation, making it off by default. The preference is apparently not universal... I've had Dashboard widgets installed even when it was off... and, unfortunately, all the stupid security dialogs they added while they were trying to avoid making that decision are still there. But it's a start.
Antivirus software is not useful in this situation. Antivirus software is not a useful tool at all until after there is a population of viruses for it to test for, and it's a bad idea to even consider deploying it before then because false positives and bugs in the antivirus are more likely to cause problems than accidentally getting a virus. I would recommend against using antivirus software on the Mac at the current time.
First of all you are absolutely incorrect by saying there are no Mac OS X viruses out there.
There are no viruses for OS X propogating in the wild.
Secondly there are a lot of tools that get planted on ALL systems that Anti-Virus can detect.
You don't need anti-virus software to detect rootkit tools. If you are concerned about them, it is far safer to install a rootkit detector, which doesn't patch the system to override system and library calls (and we just had a vivid blue demonstration of how good an idea that is) and run continuously in the background chewing up CPU time.
Mac OS X is susceptible to attack and ignoring that isn't going to help your security posture.
You don't make a system secure by "testing in" security after the fact. You do it with secure design. The security hole involved here is an obvious bad design that I've been blogging about since June 2004. Luckily, unlike the same hole that exists in Windows, you can turn it off in OS X and it's now off by default.
Multiple layers of protection, yes, but make sure they're appropriate ones. It's as bad an idea to install antivirus to look for rootkits as to take antibiotics for the flu.
i think it's funny how apple users assume all apple users know about all the good software that covers "everything".
Of course they dont. But anyone who needs more codecs (and lets face it, this means bittorrent users) quickly discover codec packs like Perion because they are widely discussed - or the install Flip4Mac and Divx and are done with it.
And you have to think more than twice, you have to agree to go to a web page and then download the "codec" and then agree to open that DMG and then seek to run the installer and then agree to admin. It's a lot of steps and it makes you think. And I don't think any of the users it's aimed at (porn browsers) are actually going to fall for it or at best a very, very small percentage.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Blah, blah, blah (Oh, yeah, please enter your administrator password here:__________________, and your Windows XP Key here:_____ _______ _______ ________ _______, then copy this line to an email and send it to me. After verifying your entry, I will send you free naked pix of Brittany and Paris*)
Much silly discussion of the difference between a trojan and a virus, and comparisons of stupidity between Mac, Windows and Linux users. Yawn. Worthless, under the circumstances.
Here's the most important thing. How hard is it to remove from the machine? Will the OS require wiping to remove it? Will expensive software have to be purchased to clean it off?
No. A bit of Terminal work will suffice. http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php. The guy who wrote this deliberately infected his machine and then cleaned it off.
The biggest problem with Windows Malware isn't just that there is so much of it--it's that it is such a PITA to remove once somebody screws up and gets their machine infected. Well, actually, that may not be such a problem. I get a lot of business cleaning off malware on Windows machines.
*The naked pix will be of the designated geographical regions of France, using Google Earth--what were you thinking I was going to send?
Fundamentalism is a crime against humanity
The solution to this problem is simple:
Now that the porn market has "penetrated" the Mac's operating system. What else can't it do? It popularized the internet, destroyed BetaMax... If the porn industry wanted to participate in Google's Lunar Landing contest i'm sure they'd have a shot at winning, though their ship would probably look suspiciously phallic...