Slashdot Mirror
Apple Quietly Goes After Mac Trojan With Update
Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
Trojan for Mac had to appear some day.
Well, I would bet this isn't the first one but anyways..
Hackers and what not typically target Windows.
They could probably benefit from the skills they have acquired in targeting Mac to target Linux as well.
Everything I write is lies, read between the lines.
Apple gets malwareses? That's unpossible!
Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?
I'm not sure this is really comparable to Microsoft's recent stealth security patches as it does not appear to be a fix for flaw in the OS. It's more akin to regular anti-virus definition updates. It should still be mentioned in the README and that would be good for Apple's image ("updated anti-malware protection").
There's no wondering involved. They had a commercial that blatantly said that Macs don't get viruses. Liars.
Macs are secure, zero viruses, etc etc!
Why wouldn't this attitude go all the way to the top?
We PCs like to hear about updates about malware, trjoans or some new exploit in the system was found, and when a fix is available, because then we are then warned about the dangers of it, and ways to avoid it until we get the fix.
With Macs, it seems they aren't getting a warning at all, and thus, could get into trouble before a fix arrives.
It's good to be a PC.
This is a good opportunity for the world to rethink its perception of what viruses, trojans and the like are. Due to the vast and never ending list of problems and software defects that plague the dominating platform (i.e., microsoft windows) since it's inception and continue to affect it up to this day, the world has been conditioned to think that having a base system with so many profoundly serious defects is somehow acceptable. I mean, these bugs are so serious that they even let other people take over your system, a system that you've paid with your hard-earned money to be able to use as you use fit. Why exactly should this be normal, let alone acceptable?
In this instance we have a very rare glimpse of what the issue of software vulnerabilities is and how it should be handled. A very serious software bug could be exploited by malicious people to be able to gain control of the system and that problem was fixed by fixing the software bug. That is exactly how it should be. Yet, what Microsoft forced us to believe it is the right way of handling this thing is let that security hole stay wide open. What Microsoft forced the world to believe is that you solve the problems arising from any security bug by paying some third-party vendor for a piece of software that monitors your system for a hand full of instances of malicious code that made it's way into your system through those security holes. And this has become acceptable why? It's as you've bought a house with so many holes that could be used by malicious people to enter your house as they see fit and take over it. The problem lies in those holes being there and the problem doesn't go away if you employ security guards instead of plugging those damn holes your incompetent builder left there.
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
There's been malware out for mac for well over a year. The big one I run into is a self-decoding shell script that installs a root cronjob to redirect your dns servers. The machines get brought into me because their web browsing has gotten slower, due to the malware dns server the machine is now using being a lot slower than their ISP's.
I've actually ran into ONE example of a mac that was back-door'd, but thought it was an isolated targeted attack. (the victim was "high profile") But maybe it was just an early version of what's discussed in this thread.
BUT, tossing my hat into the ring as to whether or not Apple should be "hiding" the fix... check out the latest security update from Apple. HUGE list of security patches. (over 40?) All with accreditation to the people that brought the issues to Apple. It's not like they don't have issues, and it's not like they systematically hide them. They just tend to fix them very quickly, and have very few (relatively speaking) to fix in the first place. Apple is well-known to include security updates and fixes in their OS updates, they don't all land in security updates. That's all this one was. It's very likely there were a dozen other security-related fixes made in the 10.6.4 update. This one they just happened to notice. Apple just doesn't usually put a security-fix accreditation readme in with their OS updates. Is that the real issue here I wonder?
I work for the Department of Redundancy Department.
Many Mac users don't mind being back doored.
I hate story blurbs that suggest the sinister ('one has to wonder!') when the only news is that apple added yet another trojan to it's list of other trojans. If you wanted to say something intelligent you might instead say something like "is apple the only OS that, at the OS level, has explicit trojan filters?" then you could remark about Linux distro's or various editions of Windows or maybe even Baracudda routers or something. But there is nothing sinister here, it's all good. Reminds me of Aharon AppleMcHater over at TGdaily. always the negative spin!
Some drink at the fountain of knowledge. Others just gargle.
Nothing is a 100% secure. I own both Macs and PCs and neither is a 100% secure but the Macs probably after five years of owning them along side PCs, I've used PCs for 23 years, I'd say the Macs have 5% of the security issues the PCs do. Windows 2000 was worse yet although it wasn't a bad OS to use. I did recently get some malware that was slowing down a Snow Leopard Mac. The one cool thing is I redid the OS quick and painless and just dragged my software back into the folder from a backup drive, no installing needed. I was back up and running in two hours where as to do the same with a PC would have cost me a day or two.
Being open about one's shortcomings is a prerequisite for trust.
I'd rather drive a car that underwent several public recalls instead of a car with defects that the manufacturer kept silent about.
remember that one Dr Who episode?
"If I told you everything you wouldn't need to trust me"
I use apple's software update server to distribute patches and updates at my company. I never understood why apple gives us a mechanism to centrally control and distribute patches, but no way to automatically install them.
This is one thing that Microsoft got right. Centrally distributing and installing patches is stupidly easy in the windows world. It pains me to say this, but the lack of automatic patching will bite apple and their users one day.
While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
How exactly are these two objectives different from each other?
Well, assuming your claim is true, you wrote malware which included trojan and virus features. There are tens of thousands of those on Windows. They can replicate through a variety of mechanisms which don't require users to provide special authorization, or even take any action (viruses), propagate to other systems via network accessible security holes (worms) or trick the user into clicking something (trojans). Perhaps you have an english-as-a-second-language issue, but trojans are still not viruses, even when you link them into the same binary. You might want to rethink that last statement you just made.
If you mod me down, I shall become more powerful than you could possibly imagine.
...because it was mentioned in a blog.
The pursuit of absolute tolerance leads to the most rigorous and ludicrous intolerance. - REX MURPHY
Not looking for trouble, but really what was the last virus to hit the windows world? Trojans yes by the bucketload that then download all sorts of malware, but since XP SP2 wnet mainstream viruses as such seem dead. OK a piece of social engineering like the "I love you" will still get people but users are users. All you can do is make them non admins but crudware can still destroy their data and I don't see how other OS's can stop that, the machine might be OK but that user's data is toast and that's generally where most people value things. "The machine is fine, the only thing I couldn't recover is that special photo of your dead Gran" is not what folks want to hear.
I don't get it. Why would anyone pirate iPhoto? It comes with every Mac sold, already installed.
planet texture maps and more
My experience doing on-site service for years, plus working in I.T. in both a support and management role, tells me that Windows users are NOT "safer because they know there is malware for Windows". Not by a long shot....
The anecdote about having to clean a few Macs with DNSChanger on them really is the exception. It's actually an interesting little story for those of us who use Macs regularly, because it's a pretty uncommon find. If you said the same thing about Windows, that "You had to clean a few Windows PCs the other day because they had such-and-such malware on them.", people would laugh at you for bothering to post it, most likely!
As soon as a Windows PC is connected to the Internet, it's basically under attack. If you ever try doing a full system recovery on some of the older PCs out there using their included "recovery disc" - you actually have to apply the service packs for the OS *before* you connect it to the Internet. Otherwise, it's quite possible it will get infected with trojans within under 10 minutes, while you're trying to download the automatic updates to secure it! (A good firewall in front of it does help, mind you -- but there are still a lot of people out there simply connecting a single PC to their cable modem or DSL modem directly, and relying solely on the software firewalls built into the OS.)
It's never really been true to say "Macs can't get infected!" ... but they're a lot closer to Linux or BSD in this regard than Windows. On the whole, the user just trying to use the Internet in a normal manner (reading legitimate news web sites, doing web-based email, reading a few web-based message forums perhaps, and doing some online shopping) has a VERY low risk of getting infected on a Mac. At the very least, the sites that try to trick a user into installing an executable will usually fail with Mac users because they keep trying to download them an .EXE file, which OS X can't even run!
Trojans work because of faults in the human operator, not because of faults in the OS.
It's not a Mac fault, and to carry your allegory forward, it'd be like if car companies recalled cars because it was possible to get in a wreck if you drive them into a wall.
http://lkml.org/lkml/2005/8/20/95
Not really; after paying so much for that Apple logo they have nothing left.
On one hand, Apple could have very well done the same with other parts of the software, providing fix without disclosure. This goes on to say that vulnerability disclosure is a very poor indicator of software quality. However, in this case, it could have said something as trivial as "updated malware signature database." It's not fixing a vulnerability.
On the other hand, this article highlights the very interesting fact that there *is* a market for anti-virus software, even when the base OS is robust and secure. The base OS could be immune to virus and malware attack when there is no user action involved. However, the user could become the weak link to compromise their own system. Anti-virus software prevents high-risk users from being affected by their reckless action.
It's just like how only certain people need to be HIV tested regularly. You only need to worry about HIV infection if you received blood transfusion, or if you engaged in promiscuous sexual act (willfully or as a rape victim). If you did neither, then you don't need to be tested, hence you don't need to spend money on the pharmaceutical products for the HIV test. You should definitely be tested regularly if you know what you do carries a high risk of contracting HIV.
You may still need anti-virus software, depending on if what you do online carries a high risk of contracting malware. It has less to do with whether your operating system is secure.
I once had a signature.
Being open about one's shortcomings is a prerequisite for trust.
So every Linux distro update should come with the message: "Linux is still lacking a rudimentary file that contains elementary signatures of a handful of Linux threats"
That if any Apple user would have heard anything about it, they would have preferred to keep the Trojan installed, so they could use it to sneak out of the walled garden once in a while. ;) ;)
Also, fanbois wouldn’t be able to parrot how their system has no known viruses at all. And we all know that Apple relies nearly completely on...ehrm... viral marketing.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
The malware blacklist has existed since Mac OS v10.6.0, and has always had 2 Trojans on it. Now Apple added a 3rd because there is a new one. That's how it's supposed to work. If this is news, it says really good things about Apple because it's man bites dog. New malware on Windows is dog bites man.
The Mac is not invulnerable to malware. No system is. That would be like saying a building is invulnerable to graffiti. However, if you paint over graffiti the instant it appears, you remove the entire incentive. Apple's Software Update patches 75% of the community within a week or so, and the rest within a month or so. There's just not much to be gained with Mac malware. Whatever you exploit will be replaced almost immediately by Apple. Snow Leopard is not one version of an OS, it's 10 discrete versions. There were 11 versions of Leopard. Each lasts only 2-3 months. A typical Windows version lasts 2-3 years or more. It's a very different situation.
Another thing to understand is that Sophos and other companies who make their living solely because Windows is mismanaged always want to expand into the Mac market and so they like to pretend that it's not a question of platform management but rather that malware is a fact of life and their services and scanners are necessary. No. The 10-20 built-in security systems of Mac OS are superior to anything you can bolt on to Windows.
Mac users are very fond of pointing out this distinction, leaving out that trojans and malware, and social engineering, these days are the overwhelming majority of Windows issues as well.
Yes. Yes they are.
Now please list the count of Windows trojans vs. mac trojans. I'll get you started with the Mac count:
1 (or is this trojan actually in the wild yet?)
After all, we are talking about active trojans in the wild...
Do you not think that a system with a few orders of magnitude fewer active security threats might not, in fact, be more secure for the average user.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Uh, so Sophos' hard drive encryption software is because Windows is mismanaged? Huh?
It's not that MacOS has better built-in security, it's simply that you cut your profits by a factor of 10 if you target MacOS than if you target PC. Your "security" is "obscurity". Simple as that. Malware is a profit-driven industry, and there's never been any reason to target anything but windows. If I develop a mac exploit and/or malware, I'm only targeting 10% at the most -- that's going to pay far worse, so why do it? A good windows exploit only goes for 10k on the black market these days (or so we're told). What do you think a MacOS exploit is worth? If you have the skills to find exploits, which OS are you going to spend your time on? It's not hard to see why MacOS gets a free pass.
If anything, Microsoft has put far more into securing it's OS simply because they've had to. Apple has not because they have not had to. Weekly updates, a malware removal tool that's updated weekly automatically (as opposed to "monthly"), anti-virus and firewall built in. Hell, Microsoft even turned all their systems into a botnet so they could use idle cycles to "fuzz" Office and find new exploits/bugs before anyone else found them. Fuzzing is how the guy who beat all the Mac systems at the last pwn2own found all his exploits -- it was apparently quite easy for him to find exploits for Safari/MacOS, he just needed the financial motivation that doesn't exist without pwn2own.
The day MacOS gets 50% marketshare is the day they suddenly have a *huge* security problem. They will be Microsoft 10 years ago -- caught completely unaware and unprepared.
HAHAHAHAHA you really funny and original
System per OS X eg.7-8-9 had a very small user base but had lots of malware - no free pass for older Macs.
A *huge* security problem is hard to graft onto the back of Unix.
Microsoft was never caught completely unaware and unprepared, they just spent time, cash and upgrade cycles on usability and networking vs any security.
Great for building market share and entering new markets, not so good for your data.
MS now puts a lot of effort in selling you the idea of security, beyond Win 7 is the real test.
Also recall the 'fuzzing" effort was used by an ex NSA worker, ie it should be quite easy.
If it where easy we would see sites like this listing many many active Mac virus like threats. The count now is 0, just lots of user installed malware and a few per OS X efforts.
http://www.iantivirus.com/threats/
Domestic spying is now "Benign Information Gathering"
doh.. year typo, 1996->2006, 1997->2007
Snow Leopard is not one version of an OS, it's 10 discrete versions. There were 11 versions of Leopard. Each lasts only 2-3 months. A typical Windows version lasts 2-3 years or more. It's a very different situation.
That is a lot of nonsense. You are either deeply ignorant or trolling. A tiny revision of the version number just means some stuff was changed. Windows updates are more numerous than Mac updates, you can take that to mean either that Microsoft cares more about timely updates or that they are more incompetent and thus need more updates, it's a whole separate argument. Either way, the version numbers don't mean much. Service packs increment Windows' build ID but that isn't very interesting, and neither is a tiny version number increase in OSX. In either case, a lot of stuff changes, and a lot of stuff doesn't change.
Another thing to understand is that Sophos and other companies who make their living solely because Windows is mismanaged always want to expand into the Mac market and so they like to pretend that it's not a question of platform management but rather that malware is a fact of life and their services and scanners are necessary. No. The 10-20 built-in security systems of Mac OS are superior to anything you can bolt on to Windows.
10-20 built-in security systems of Mac OS? Snicker snort. I really hope you're a troll because nobody could be this dumb. OSX is FreeBSD using Mach as a HAL and with operating system components and user applications various frameworks in multiple languages. It is not fundamentally different from a conceptual basis from Windows with its HAL also written in multiple languages. Nor is Linux/Unix/whatever. In fact, at least one of the "security systems" in OSX is known to be inferior to Windows and Linux's implementations, namely ASLR, which is totally useless on OSX, more or less works on Linux, and is amazingly good on Windows. Of course, this doesn't stop Windows from being the security equivalent of mesh pantyhose, but fishnets have their place.
OSX is just another Unix. It has some different frameworks than other systems, and some that are the same. It also contains some spectacular failures.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
"...we have received no reports of infections from customers."
So, anti-virus company warns us to be on the lookout for trojan that they have yet to see in the wild?
News at 11!
Insanity is the last line of defence for the master diplomat. But you have to lay the groundwork early.
http://it.slashdot.org/comments.pl?sid=1687452&cid=32632240
and before that also, same results (Kalriath shot down in flames yet again), here also (along with his fellow "naysayer", named "Your Master" (who was only obviously Kalriath's "alternate registered user logon" no doubt)):
http://it.slashdot.org/comments.pl?sid=1687452&cid=32589278
(Kalriath: You're an AUSTRALIAN, correct (not sure of this, but thought I'd ask is all)? Well, then you must LOVE "AC/DC" then, especially the early Bonn Scott material, & specifically the tune called "SHOT DOWN IN FLAMES", lol...)
APK
P.S.=> "too, Too, TOO EASY" (Man - Just TOO easy! Especially how Kalriath avoids disproving points in BOTH post URL's above, when he was requested to do so, and to answer questions in them (especially the first URL @ its termination))... apk
Thanks guys for an interesting and education exchange! Here is the only bit I could verify myself:
http://www.google.com/search?q=qbox+exploit+UPnP
I paid the going retail price for a Windows screen reader and got a free Unix computer!
Apple is a company that touts itself as being malware-free (at least they imply as much). That they would do this so that they could keep touting themselves as such is basically the same as Microsoft's whole "It's not a bug, it's a feature" campaign, and if you'll recall, Slashdot wasn't a huge fan of that campaign either.
Just because they're not the only ones who do it, doesn't make them right. I mean, if all the Big Oil companies started going around having shoddy rigs and started causing massive spills, would it be excusable because BP did it already?
Malware: any form of software that serves to compromise your computer for purposes other than intended by the user, IE Viruses, Trojans, Spyware, Adware, Worms.
Virus: A subset of malware that specifically latches onto executable software installed on your computer and propagates using said software.
TBH, Antivirus does remarkably little other than cleanup of known viruses. I remember hearing about a talk at CanSecWest a couple years back that basically was: this is how you make a virus that will get past any antivirus.
The real trick to keeping your computer safe is proper firewall protection (hardware + software), safe browsing habits, keeping privileges set to an as-needed basis, keeping systems updated with current security updates, and being cognizant of social engineering techniques (IE how to make it so someone can't figure out your passwords). Obviously this doesn't make your computer 100% secure, but in reality nothing will do this. Think of it like cancer: You can stop smoking, you can wear sunscreen, you can get your prostate or breasts examined every year, but you can still get it.
... but I needed to post this as near to the top as possible so that kdawson can see it.
Hey kdawson! Look at this:
"You have to wonder," writes Cluley, "whether their keeping quiet about
That's supposed to be "they're", not "their". If you are quoting an actual article, stick a "[sic]" after the "their" if you're not going to change the spelling. Failing to correct the error, or at least "[sic]" the error, makes you look like a moron.
If it where easy we would see sites like this listing many many active Mac virus like threats. The count now is 0, just lots of user installed malware and a few per OS X efforts.
Again, this is where you go wrong.
There was a time when Malware was written by people just for fun. There were premade software kits from which you could very easily and with little technical skill build your own. All you had to do was name it "Cute Kittens.exe" and email it to 50 random people and you all set.
Those days are gone -- now it's a business. If you're in the business, you do it for money. Maybe you're stealing WoW accounts and selling the gold, maybe you're creating a botnet and sending out spam, maybe you're just making it and selling it to someone else and letting them decide what to do it with it. Either way, its about money.
To make this money you have to spend a lot of time and effort honing a very particular set of skills -- possessing vast quantities of otherwise highly esoteric knowledge. Low level system calls, APIs, assembly, whatever. To get that acquainted with MacOS, spend the time necessary to find exploits and write the malware, only to see 1/10th of the return on your investment? That would be madness. There's 0 reason to waste time finding MacOs exploits except when there's prize money involved -- but when there is, people find them every year. That should tell you all you need to know.
The economics of malware gives MacOS absolute protection -- it's never been about how the operating system is built or the coders who wrote it. It's economics and nothing more.