Slashdot Mirror
Mac OS Update Detects, Kills MacDefender Scareware
CWmike writes "Apple released an update for Snow Leopard on Tuesday that warns users that they've downloaded fake Mac security software and scrubs already-infected machines. Chet Wisniewski, a security researcher with Sophos, confirmed that the update alerts users when they try to download any of the bogus MacDefender antivirus software. Wisniewski had not yet tested the malware cleaning functionality of the update, but was confident that it would work. 'It's reasonably trivial to remove MacDefender,' said Wisniewski. 'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.' The update, labeled 2011-003, adds a new definition to the rudimentary antivirus detection engine embedded in Mac OS X 10.6, aka Snow Leopard, and also increases the frequency with which the operating system checks for new definitions to daily."
The Nuclear Option
So every virus for Macs will get killed in the next update? Very nice work for Apple if it happens that way.
'It's reasonably trivial to remove MacDefender,' said Wisniewski. 'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.'
Pity it won't always be that way, survival of the fittest applies to viruses too.
the rudimentary antivirus detection engine
Wouldn't we be better off detecting the viruses, not the antivirus?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Microsoft Security Essentials. It is not included in Windows, due to anti-trust restrictions (so that may change with Windows 8 since those restrictions are going away) but it is a free download. Updates itself automatically like all AV scanners, will also update via Windows Update if there's a problem.
'It's not burying itself in the system, not compared to some of some of the crap that we see on Windows.'
at least, we hope not (yet).
*Still* negative function...
Does the concept of "false equivalence" mean anything to you? Yes, macs have had trojans for awhile on pirated copies of software. Yes, this is an evolution of the malware on OS X since it attempts to trick the user into installing the software. Yes, it'll probably get more complicated than this, but come on -- are you really telling me that since OS X has gotten two instances of malware, after being in use for over a decade, is the same as what has happened with windows? Really?!?
Gentlemen! You can't fight in here, this is the war room!
Thanks!
The slow, but inevitable slide to Mac OS X being locked down in the exact same way that iOS is.
First they block apps in the name of protecting users from themselves... Then they just slowly increase the definition of "harmful apps."
If by "first they block apps..." you mean "first they warn you that an app might be harmful, suggesting that you drag it to the trash, and providing a one-click option to do that from the warning dialog...", yeah.
The slow, but inevitable slide to Mac OS X being locked down in the exact same way that iOS is.
Wake me when they actually make it so you cannot execute scripts in OSX. Bonus points if you can explain how you're gonna make Flash movies or do any sort of programming on a Mac with iOS-like restrictions.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
I haven't heard that name since I stopped reading "Hardy Boys" as a kid.
No I'm not. That is not what I said at all. Did you reply to the right comment?!
Userspace malware is nothing different than Purple Gorilla Bonzi-Buddy shit.
There is no OS or kernel patch that protects against stupid.
I can install the SELinux scripts, and there is nothing preventing me from utterly hosing the system as administrator or my own account with my own permissions. You would have to make a read-only system, maintained by someone not-me. This is what corporate IT does.
I see a market for itinerant bonded neighborhood sysadmins should people get over themselves and admit that joe-user can't handle his own computer at home.
--
BMO
explain how you're gonna make Flash movies or do any sort of programming on a Mac with iOS-like restrictions.
That is something that only professionals who are willing to pay a premium for their computers need. All those home users can just get by with applications from the App Store.
The Apple concept of computing is that home users should treat their computers like appliances: plug it in, and never worry about technical details. Sure, professional and "power" users demand more, but they represent a very small fraction of Apple's target market at this point, and Apple can get away with charging them more (they are likely to have paid for a higher end system to begin with). The consumers who just "want a system that works," which is obviously not a "PC" but is a "Mac" (which is not a personal computer and which obviously does not run Windows) will get a locked down system, and Apple is betting (perhaps wisely) that most of them will never even notice the difference.
Palm trees and 8
But it doesn't matter if you just want the piece of malware to do its job: e.g. key-log and scan for personal information
Scanning no, but to intercept keystrokes would require root access.
in addition to keeping a self-updater that may eventually pull an update that does allow for the use of an escalation exploit.
Pretty sure it would need root to install even as a start-up item, and it would be pretty visible if it did so.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Sorry, I guess I read your comment as being more invective than it actually was. The point I was thinking of was that Apple ran the "Macs don't get viruses." add in 2006. That's five years ago, when there really was no widespread malware for OS X. If we're going from no viruses from 2000-2007, to a trojan on pirated software in 2008 and now a social engineering attack three years later in 2011... it's not a pace of development that I'm particularly worried about.
Gentlemen! You can't fight in here, this is the war room!
Bonus points if you can explain how you're gonna make Flash movies or do any sort of programming on a Mac with iOS-like restrictions.
Same way you do programming on the iPhone: pay $100/year for a developer license.
And if you think they aren't going down that road already, remember how developer tools used to come with the Mac OS X DVD?
You can no longer download Xcode for free. It now costs $5 and is only available with an Apple account off the Mac OS X App Store. (Or free from the App Store if you already have a developer license, but you still need to get it through the App Store.)
Apple is already down the path to locking down Mac OS X. This is just another step.
And yet, Apple Desktops and Laptops come with a fairly complete BSD Unix toolset, including several scripting languages (perl, python, ruby, shell, probably some others I don't know about, applescript, automator, a gcc compiler...
How much of that stuff can you get on Windows' default install?
Now, it's apparently true that Xcode is no longer a free download (although I suspect it's still on Snow Leopard install disks...), but let's wait to see what the next version has to offer before we assume they're just taking it all away and locking everyone down to toy computers with no capability for hobbyists and tinkerers.
Can you be Even More Awesome?!
Xcode is most certainly still a free download. Sure you have to register for the Mac Developer program but that's really not that big of a deal. You probably have an Apple ID already so signing up is just a matter of logging into your Apple account.
http://developer.apple.com/xcode/
"Download Xcode 4 for Free. Xcode 4 is a free download for all members of the iOS and Mac Developer Programs. Log in to your account to begin the download."
Now developing anything for iOS is a whole different ball of wax.
There's no complete cure, no; but there's stuff that you can do to make it better. Apple updating the security mechanism to get its malware definitions on a daily basis, instead of as part of the normal Software Update cycle, is a very good move. It won't completely fix things, though, of course. You're absolutely right, you can't stop stupid.
But you can certainly make stupid _worse_: and Safari's "open safe files" feature (especially defaulting to yes), which includes dmgs (think, isos kinda for non-Mac folk) and archives is an especially stupid thing to do and makes the impact of stupid users, worse.
I was kinda hoping they'd at least flip that default when they addressed this issue. But I'll take the daily updates.
Well, keeping in mind that Windows is not actually intended to be compatible with Unix (despite the "better Unix than Unix" remark from Gates), it does ship with at least two scripting languages: JScript and VBScript, and I would not be so quick to deride the power of JScript as a language. Also, to the best of my knowledge recent Windows versions include PowerShell, which I hear is pretty good although I have not tried it myself.
As for Mac OS X shipping with a BSD toolset, this was mainly to allow Apple to market it as a Unix OS and to placate "power users" who like being able to drop into a terminal and write scripts. Apple cannot really ignore power users if they want to compete in the market for expensive desktops and laptops. That being said, Apple's approach to personal computers is still based on those systems being appliances that the user never opens up, and the iPad/iPhone/* line exemplifies that. My prediction is that over the next few years, we are going to see the Mac OS X that retains power user appeal to be pushed into more expensive, high-end lines of computers, with the low and medium range of Apple's offerings being filled with iOS or some sort of iOS/OS X hybrid, and Apple's non-"pro" notebooks will not come with shells or scripting environments.
Palm trees and 8
Slippery slope arguments are boring and stupid. Please work on your shtick.
The Mac Developer program is now $99/year.
I don't agree that Apple is on the way to locking down the Mac like iOS.
But your assertion that it's impossible somehow is just silly. How are apps developed for iOS? Special developer licenses. If Apple wanted to do it, they could. The only thing keeping them from doing it is momentum of public will. Users would revolt if they changed the system now. There was no entrenched freedom when Apple entered the mobile world. Well, except for users of mobile platforms that predate iOS like Windows Mobile, but they represent a VERY small number of people...
Touch everywhere, even when inappropriate.
I hope Apple takes this incident to heart and makes one minor, but very significant, change to how their OS(or more specifically, their OS setup process) works: namely that the default user should not have admin privileges! Currently an out of the box Mac will prompt the user to set up an account, and that account will have admin privileges. To actually set up another account the user has to know enough to go into sy
Hopefully in Lion they will, at the very least, explain to users that they should set up a non-admin account to do their everyday computing and only use the admin account when they need to do admin things.....
Monstar L
Oops, that's right. It's XCode3 you can still download without paying anything. As others have pointed out they're still shipping XCode 3 on the install disks.
Burried at the bottom of that page is this "Looking for Xcode 3? Download Now" which directs you to log into a Apple Developer Connection account, which is free to get.
*cough* tcl/tk *cough*
Though I'm surprised, I'm glad OSX still ships with it. I like tcl personally.
Free download no but..... Xcode comes with every install of OSX. http://www.apple.com/macosx/developers/#xcode The App store deal is if you want to get the latest and greatest version of Xcode. I'm pretty sure that if you pay the App Store $5 for XCode that it includes lifetime updates. So you have a couple of choices to get XCode: stick with the Xcode version that came with your Mac OS install, join the dev program for $99, pay $5 bucks at the AppStore or update to the latest Mac OS every time it comes out.
How are apps developed for iOS?
They are written on machines that aren't locked down like iOS. You cannot, for example, create an iPhone app from the iPhone or any other iOS device. Nothing is created on iOS devices because Apple explicitly forbids running 'execeutable' types of data.
If Apple wanted to do it, they could. The only thing keeping them from doing it is momentum of public will.
That and the fact that OSX wasn't designed to run in such a restricted mode. The customers would not be able to run anything they have now!
Nobody has really thought through the ramifications of trying to actually maintain something like a desktop OS with iOS'ish restrictions. Can't be done. What can be done is to make a desktop or laptop version of iOS. When that day comes and people actually accept it, great. But what then, are Windows machines going to be the development machines of choice?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
Wait till it has the popularity / market share of Windows... Then we'll talk.
It's a well known fact that crackers only crack what crackers own. As a white-hat hacker/cracker I had never discovered any exploit vectors on Mac OS or iOS -- I also never owned an under-powered/over-priced piece of Apple hardware... (Yes, I just bought a machine that has higher specs than any notebook Apple sells, for less than half the price of their inferior model... Quality? Major components are the same brand Apple uses.)
Now that I have a cross platform application to support, I have a couple of Apple development machines with OSX on them -- I find just as many "oops OS/App crashed" bugs for OSX than for Linux or Windows simply due to the fact that both Linux & OSX have many tools/libs in common, so any bug I find when coding that affects the external Linux libs may exist in the OSX libs too... The number of Windows vs Linux bugs I discover is about the same, maybe a smidge higher on the MS side.
Only difference is that when I report a Linux bug, I can (and usually do) submit proof of concept exploit code (for testing) and a patch that prevents it (unlike Apple or Microsoft OS specific bugs -- I only occasionally create proof of concept exploits, but can not submit any patch without source code).
Without fail the lib will be patched in a month or less (typically 1-2 weeks -- days!) or the Linux kernel is patched in the very next release (for binary distros -- for the source based distro I use the fix is working IMMEDIATELY). With MS, the average is 6 months to a year or never for a patch.
Of the 31 bugs I've reported to MS in the course of 9 years, 18 are still exploitable (even though they "rewrote everything" when they made Vista/7). Of the 25 bugs I've discovered in Linux over the past 10 years (4 of which also affect libs on OSX), 23 have been patched (one no longer applies, and with 3.0 kernel, I suspect the last exploit will be avoided too). Of the 10 bugs I've reported to Apple in the past two years, 6 are still exploitable (4 of which were FLOSS libs that were patched w/o Apple's input -- that's right, Apple hasn't fixed a single bug).
Others are not as scrupulous as myself -- I've been offered thousands of dollars by black-hats/script-kiddies for just a few of my OSX exploits, only hundreds for the Windows exploits (high supply & demand), and none for the Linux exploits (they get patched too soon to be worth much -- Yes some of these do apply to servers where Linux has a large market share, so the "no one uses Linux" argument does not apply, esp in Sony's case).
Clearly there is demand for OSX exploits, and it is only a matter of time they approach MS like levels: Every OS is exploitable! -- Let's hope they adopt a good update policy (more like Linux than Windows), but at this point I wouldn't hold my breath...
How much of that stuff can you get on Windows' default install?
JScript/VBScript interpreters, C#/VB.NET/JScript.NET compilers, PowerShell, MSBuild.
Almost completely irrelevant.
When the 'admin' user attempts to do anything requiring root privileges, the system prompts for a password. If you are running as a non-admin user, you just have to fill in a different username in the password box that pops up (that of a admin account). If you don't know the admin account password, then you are obviously not managing your computer, and if you do... Then you have to type in an entire extra word to get root privileges! Wow!
Userspace malware is nothing different than Purple Gorilla Bonzi-Buddy shit.
Purple Gorilla Bonzi-Buddies that quietly wait in the background downloading exploit code for the privilege escalation du jour. Once there's userspace malware, user-intervention isn't required; sometimes not even a login since it can use the system's scheduling (cron/schtasks.exe) to download when the user is logged out, and schedule a new exploit attempt immediately after download.
My mom refuses to ditch Windows despite nearly everyone else in my family (including grandparents) using Linux...
She's the only one that still gets malware -- the answer was simple: Windows Steady State -- Restores the state of the machine each boot!
Other family members using Linux still have loads of "free" stuff installed that they don't need (from the repositories), but at least it's not malware.
Hint: People want free stuff -- Give them an OS that has it easily available.
Apple entered the mobile world in the early 90's with the Newton. By 1997 it actually didn't suck. With addons it could make phone calls, etc. Kind of a pity it was axed, the OS was neat. Handwriting recognition sucked horridly from the onset and the device's rep never recovered, even after they got it working fairly well on the StrongARM-based MP2000 and MP2100 after a couple updates. The SA110@162-220Mhz was no slouch for those days in a handheld. 2 PCMCIA slots ruled too. What they missed is most people who don't understand tech abuse it and making a sharp stick the implement for manipulating to UI for average Joe with no real touch support was silly. MS followed suit. So did Palm.
If you think $99 a year sucks for the iPhone, you should have seen what the Newton Toolkit developer environment cost. Free programming environments were unheard of outside of UNIX circles except for the BASIC interpreter your computer came with (ATARI BASIC WOOOO!!!!). Even most UNIX environments didn't come with FREE development environments. Like Solaris for a long time, except a few scripting languages. ESPECIALLY for mutant embedded operating systems. VxWorks, QNX, etc..
I'm sure you can find GCC binaries for OSX outside of XCode. And I'm sure it's easier than trying to get GCC 2 to compile with DEC C under Ultrix/VAX. Quit crying. Some things cost money. Don't like it, download GCC and write another IDE. Me, I'd rather spend $5.
But if I have to pay them for THEIR development environment.... last I checked, there could be no other competing development environments within the walled garden of the App Store on iOS. I would be incredibly pissed off to see this happen on OSX.
That would solve a lot of problems.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
None of these are viruses.
Any douche can write a destructive trojan that will get by a scanner for a while. Seriously. Doesn't matter what platform your using.
Not a real virus. By ANY..... STRETCH......OF......THE......IMAGINATION.
I saw some real viruses under Classic MacOS in the System 6 and System 7 days. So far none for OSX.
No amount of tech can stop people from clicking on something destructive. Trojans do NOT count as viruses. No OS update or security software is going to make users smarter. Sorry.
If Apple does get their future, where everything is part of the Apple walled garden and all apps, media, etc have to come from Apple then it would be possible to stop user infections. If the screening process was through enough, you could make sure nothing malicious ever made it through. Of course that is a big if, people could get creative to get around it. There's also the fact that many of us are not thrilled with the idea of one company being the gatekeeper of everything.
Short of that, nothing you can do. In fact, little you can do about system level malware. Most people don't pay attention to privilege escalation prompts. They just hand over their password or click ok when asked because they view it as another hoop to jump through.
When you exploit the user, there is little that can be done. That is one of the reasons I'm a big proponent of on access virus scanners. They are not perfect, but they can help protect users against themselves. Since they (in theory at least) only stop bad things you can train users "When this says it is bad, you need to get rid of it."
After playing around with Vista and it's UAE when it first launched, I was impressed by it's UI to make it seem very daunting and scary. I hoped it would train users to hit escape and find something better to do than shoot themselves in the foot.
Guess I was wrong...
Non impediti ratione cogitationus.
They're not when they're right.
And they are when they're wrong. (Hint: "suggesting that something is harmful, and that you remove it, and offering a button to remove it, along with a Cancel button for those who choose not to remove it" != "blocking something".)
If you want Microsoft to bundle more things maybe you should volunteer to pay for their anti-trust and anti-bundling lawsuits ;-)
But to the main point, I think what hes trying to get at is the scary walled garden future of controlling what applications get installed. They're trying to push that with the app store on the desktop OS. Remember this about mainstream users, geeks are a minority. Geeks usually will find a way to get around those restrictions. For e.g. if you had to sell your software and the first step to installing your software was jailbreaking your MacBook to install it, you ain't gonna make that many sales. The alternative is to stick it in the apple app store and pay a tax to apple for letting them list your app. Because they can collect a fee on every sale I'm sure they are going to market this store as THE way to install software on the Mac. Just like most users are used to going to app store to install apps on their iOS device they are going to be conditioned to using apples new store on the desktop. Personally its a tough choice between letting unsuspecting users download and install any software off of a random website and risking potential malware infection and the walled garden approach of only allowing "safe" apps.
Ofcource.. unless you're claiming that because osx ships with the compilers it is "librerating" users by allowing them to spend several man-years writing their own software in C :-P
The problem is ultimately you're still ignoring the weakest link which is the human factor. While the general security you mention is very real the last few viruses that got into the house were the result of someone physically double clicking something and then answering yes to a security question. This type of malware has nothing to do with the security of the system and every system is susceptible to it. Sure the VB script on the mac may not have had access to %obscure_API% but the damage is just as bad if not worse if the result of it is to encrypt your user files and then hold your data for ransom.
Windows isn't great, but Mac OSX's lack of malware really IS due to marketshare. Why would anyone go to the effort of writing something when there's a very real risk that few people will get the chance to execute it. Look at the Android platform. Security on it is quite good, yet every week we see some story about malware all of which is installed by either the user de-activating the protections, or blindly allowing some offline app access to the phone dialer and SMS.
Not exactly.
That user doesn't have admin privileges; that user is in effect, in the sudoers file. They can authorize admin privileged actions. The default user can't modify or tweak anything in /System. But they can be prompted to allow elevated access to allow things to write into important parts of the system.
And frankly, that SHOULD be the default. It doesn't make any sense at all to be more restrictive then that. Yes, you should not run as root, or administrator on windows, in your day to day stuff. But in your regular, day to day stuff, on your machine-- you will in the normal course of events need to authorize programs to install globally or tweak system prefs or whatever else on occasion.
No one will EVER learn the "lesson" you want them to be taught. In a secure environment, you may have your regular user, who can't even possibly access (even via sudo) admin power, and an entirely separate account you use to do the system configuration and application install tasks that need higher authority. That will NEVER happen on user-focused machines. Its a frankly absurd notion.
Yes, that means machines will always be susceptible to stupid people running crap that they don't mean to download or are tricked to downloading, and that means there is no /solution/ to the problem of malware. In truth, even with such a system, you wouldn't solve the stupid. You can't solve the stupid.
The default user that people operate on, and which programs they naturally, passively run under -- should not have admin access. Of course not. Even Microsoft gets that, though their implementation of the escalation process is less then ideal. But if you expect someone to sit down on their desktop machine and ever have more then a single account, you're -- out of touch. That account should not have direct system-level access, no: but no one but a tiny minority of power users will ever accept having to set up some entirely separate account that can escalate privileges.
Its not that people are stupid, or careless. Its that you're expectations are absurd. Security and ease-of-use are opposing concerns. Everyone with any sense knows this: in some situations the demands of security are such that we force the pain on usage, in others we try to find a balance which isn't as difficult.
There will never be a world where people will have two separate accounts on their home machine and that they need to decide to go from one account to another to make changes or operate said machine. People will simply use the tool given them, as they understand it is to be used.
Even on linux, more is rarely expected outside of highly secure environs. Sudo is the norm. Yeah, your account can't do much, but you can explicitly invoke its elevation with your own same password -- and that's fine. Home machines will never, ever, be bastions of secure practice.
Its just not worth the pain in the ass to regular people doing regular things. Is it as good as it can be, as secure as it can be? Not yet, but they are working on it. Windows has its UAV method of privilege escalation that is overly in your face so its too easy to hit 'yes' without thinking; linux has its explicit 'sudo' which is fine (and with GUI helpers in certain environments), and Mac has its own escalation prompt. Is this paradigm of the default user being a sudoer ideal? Maybe not. But its usable, and better then the situations where everything runs as root/administrator.
Usability frankly trumps security. You can not honestly expect users to give up much on their home systems, usability wise; or you're just out of touch with reality.
Did they include a death's head symbol?
The Tao of math: The numbers you can count are not the real numbers.
I'm sure you can find GCC binaries for OSX outside of XCode.
Requires Apple's special forked version of GCC as I recall, and Apple are moving to LLVM so that they don't have to release the source code to their compiler at all.
I ran across it this past weekend. I tried it just now and the ad is still being served via the oddsiti URL. (Not the actual content, that's on a numbered IP machine.)
I suggest you add "||oddsiti.com^" to your adblock preferences, as any ad provider that lets this kind of crap through deserves to be blocked, not to mention allowing ads to be served from numbered IP addresses.
For those of you who want to see it, here it is, but I'm adding spaces to keep the link dead without manual editing:
http://oddsiti . com/?id = 541894
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
It's being served by a different numbered IP address than it was the other day (was on a 178. address now on a 212. address), and I don't think this is MacDefender, but some other scareware trash that's just as stupid.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Problem is those scripting tools are all closed source and proprietary. At least the ones that ship with the Mac are cross platform and libre.
Oolite: Elite-like game. For Mac, Linux and Windows
to remove smugness, I see.
So if I want to protect against malware on a mac I need to update its OS every day, potentially? See the thing is, the last time I updated its OS it went down (didn't come back after reboot) which took me two days to diagnose, fix, and restore my stuff from backup. Since then I decided I don't want to update my OS any more. Will I still be protected by Apple if I don't choose to install their latest risky OS version, but just keep the one I have and will they automatically supply me the fixes to the malware search tool? Seems like it might be easier just to install an anti-malware package and be done with it.
Korma: Good
Apple just announced that they were going to merge the Server and Consumer versions (scroll almost all the way down) of Mac OS X Lion, why would they split them apart into two different versions again?
Or at least that is what Apple is telling its customers.
"A plan fiendishly clever in its intricacies"- Homer Simpson
An informative quotation which describes the problem and what you can do about it (Snow Leopard) is modded troll? Fail.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
and Apple are moving to LLVM so that they don't have to release the source code to their compiler at all.
More correctly stated as "Apple are moving to LLVM, including writing their own non-GPLed front end for C/C++/Objective-C; this means that, whether they choose to do so or not, they are not required to release the source code to their changes to the compiler". Whether that is one of their reasons for doing so (not the reason) is another matter; note that it also means that they could, say, use Clang, LLVM, LLDB, etc. as libraries and link closed-source programs with them, rather than having to keep, say, the GUI bits of Xcode at arm's length to avoid having the GPL require them to provide the source to them.
Currently, the core compiler parts are open-source, under the UIUC license.
That user doesn't have admin privileges; that user is in effect, in the sudoers file.
In particular, one of the groups that user is in is the "admin" group (which does, in fact, happen to be in the sudoers file). At least some directories in OS X have permissions rwxrwxr-x and a group owner of admin, so users in the admin group do have, even when not sudoing something or the GUI equivalent, more privileges than users not in the admin group.
Cuz everyone knows SGI, DEC and Sun used to give source for their compilers.
Just because Apple has a mutant version doesn't mean you couldn't build plain GCC and an assload of free software.
And couldn't the LLVM/Clang move be for performance reasons? Last I checked GCC was merely an "OK" compiler, not the end all be all of compiler technology.
Just because Apple has a mutant version doesn't mean you couldn't build plain GCC and an assload of free software.
You can build plain GCC, but I'm not sure how well linking against Apple's libraries would work with it... they're targetted at different Objective-C ABIs and runtimes.
There is no OS or kernel patch that protects against stupid.
As most of my tech support assistance is for GOOD friends only (I long ago bailed on the frustrating path of coddling stupid users through their self inflicted fuckups), I have to agree that there is absolutely no protection against stupid, and as long as vectors use the path of least resistance, i.e. stupid, then they will win.
Stupid trumps all. Just watch some TV.
Ocean is land, covered with water.