Slashdot Mirror
New Mac Trojan Installs Silently, No Password Required
An anonymous reader writes "A new Mac OS X Trojan referred to as OSX/Crisis silently infects OS X 10.6 Snow Leopard and OS X 10.7 Lion. The backdoor component calls home to the IP address 176.58.100.37 every five minutes, awaiting instructions. The threat was created in a way that is intended to make reverse engineering more difficult, an added extra that is more common with Windows malware than it is with Mac malware."
Yeah, right.
how about an article on every windows- or android-based trojan.
Not going to help you if you're hit by an in-browser drive-by attack. Chrome or Firefox with Noscript can help here.
Good call. Let me fire up my trojan botnet.
I love my MacBook, but this goes to show that security through obscurity isn't a great way to go.
It's not a virus.
This is not a Virus, this is a Trojan. At least try to read the summary, I bet even your kids can do that.
if you actually read the article this is just some bullshit proof of concept made by a anti-virus company to shake down mac users. it's never actually been seen outside of a security website.
Sure it will. If it's not signed by Apple or an Apple developer, Gatekeeper prevents it from installing. Or do you have any proof ot can bypass Gatekeeper?
Hopefully LIttle Snitch alerts about this, and can block it?
The Invisible Hand of the Free Market is what punches workers in the nuts.
This is not a Kid, this is a Virus. At least try to read the summary, I bet even your Trojan can do that.
Well, it "was", the problem is Macs and OS x are no longer "obscure" ...
that a new version of OSX has just become available to purchase, better rush out and buy it.
Nullius in verba
There's a big difference between merely getting it on their machine and actually executing it. Gatekeeper is a new Mountain Lion feature that, by default, prevents any apps that are not from the Mac App Store and are not otherwise signed with an Apple-provided certificate from executing. While inflammatory, the AC's point still stands.
They don't, but you can't fix stupid, which is what trojans exploit.
When Firefox/Chrome/Safari launch a process they are still classed as being "from the app store" right?
- http://www.milkme.co.uk
The backdoor component calls home to the IP address 176.58.100.37 every five minutes, awaiting instructions. The threat was created in a way that is intended to make reverse engineering more difficult...
However, blocking the threat is as simple as an ACL on your router...
No.
That's not a trojan, that's Mountain Lion.
I love my MacBook, but this goes to show that security through obscurity isn't a great way to go.
Security through obscurity has always been a myth. :P If it was truly the case, why did (does?) malware on pre-OS X (System 7.5 - Mac OS 9) greatly outnumber that on OS X systems? :P
My guess is that (if Gatekeeper is enabled) every binary loaded by the system must be signed by Apple or else it wont load.
To catch outgoing calls.
repetitive much?
No, its not. The product is "OS X". The version is 10.5.
What else would you say? "OS X 5"? That's neither the product, nor the version.
Or those signed by a registered Apple developer since that is the default Gatekeeper setting.
Which means any geek has to turn that off to use fink.
Kids and Viruses have a lot in common. They delete all your stuff, cost tons of money in repairs. The big difference is that you usually like it more when your kids replicate.
repetitive much?
"also writing "OS X 10.5" is like ATM machine..."
If there was only a little bit of truth in that statement:
OSX 10.5 doesn't get security patches anymore, as written here: http://www.sture.ch/node/196
So using 10.5 (and if the link is correct also 10.6 from now on) is a bigger security threat than this single Trojan reported here.
Any executable that's downloaded is "tainted." Mach-O executables carry their certificates and checksums as metadata segments in the executable, and if you don't have those, or they don't resolve to a certificate with an Apple signature, Gatekeeper will stop it from running according to the user's preference setting.
Taintedness can be removed with
to delete it (it's stored in the filesystem extended attributes), or by launching the app from the "Open" command contextual menu. It will not launch by double-clicking, Apple-O'ing, or with Apple Events (like Firefox would do).
Don't blame me, I voted for Baltar.
So they just assign these viruses an arbitrary nickname, right? I think "Crisis" was a pretty funny shot at Apple, seeing as how they refuse to admit the last month or two has been one for them because of viruses. But if anyone can just randomly assign it a name, why not go all the way and name it Lol@Apple then the next one Lol@Apple2 etc?
How? From all the Mac users who know how to do that?
*said while holding up "sarcasm" sign*
Gatekeeper is a new Mountain Lion feature
RTFS; Mountain Lion is not the distro being compromised.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Sorry, didn't get it. My reply therefore doesn't make sense.
Disassemble it and follow the code. Even if some of the code is encrypted something in the virus will have to decrypt it before it can be run and you'll have that on hand too.
I'm not saying its easy but its not protected by some magic ward.
If you had a trojan you might not have kids or catch a bad virus as easily
-KI
#include bier;
Not true. Read the Ars Technica review: Gatekeeper only stops the execution of apps directly from downloading them (downloaded executables are flagged). Hell, you can right-click the app after downloading it, select "run", and it will work just fine.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Maybe, maybe not. Gatekeeper is supposed to prevent unsigned downloaded programs from running, but it will only work if the executable gets properly flagged as "downloaded." It doesn't stop other executables from running, nor does it stop people from running them directly, so whether it will stop all drive-bys or not is not 100% clear (it should stop some, of course).
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
It's called "Morcut" by Sophos and they offer a free anti-virus product for Mac OS X.
They claim it's designed to access these things: mouse coordinates, instant messengers (for instance, Skype [including call data], Adium and MSN Messenger), location, internal webcam, clipboard contents, key presses, running applications, web URLs, screenshots, internal microphone, calendar data & alerts, device information, address book contents
New Version of OSX drops, shortly after new malware discovered that only affects old versions.
I smell marketing ploy.
Only by default, there are two other settings, one of which will let you install anything unsigned. And it isn't clear the other two settings will stop a drive by.
::golf clap::
It seems more and more these days, that malware is becoming user-mode to avoid the nasty popups that comes with trying to gain administrator mode.
Which makes sense as a lot of stuff you need to do as malware can be done strictly as usermode without needing to get admin priviledges. This one apparently checks to see if it can get admin or running in a restricted user account.
So even malware these days are learning to be friendly and compatible with users who aren't admins and not requiring admin for everything.
Obscurity is just one valid tool in a security arsenal -- but it shouldn't be the only one. Ranked high above it in importance is "user education" - a feat that's nearly impossible as we continue to dumb down the computing experience.
But OS isn't the name. So while it would probably be easy to tell from context what you are referring to, it's hardly redundant to call OS X 10.5 by it's designated name (and version).
In other words, you are wrong. Get over it.
I answer this question so much I should just put it on my blog and link to it. System 7.5 - Mac OS 9 had NO SECURITY whatsoever and software was shared with write-able disks, and so, many people wrote malware for fun and fame in those days. Since around Mac OS X's release, software is distributed on read-only media (CDs, DVDs. blu-ray is still a bag of hurt I hear) and the threats come from exploiting programs over the network or social engineering to trick the user to download a trojan. Exploiting a program and social engineering mean selecting mac users on web sites when they are outnumbered 10:1 by Windows users typically, with malware being profit driven now-a-days because all of the mainstream OSes are basically secure against the trivial threats of 90's malware, it hardly ever makes sense to target 5% over 90%. In the same sense that most games are not available for macs, the profit incentive is not there. The argument that your logic leads to is that Macs are not infected because they can not be infected, but this and other malware prove that wrong. Mac malware thusfar does not do anything profound that Windows malware doesn't do, basically the user is tricked into downloading it and it does what it wants. It's not like mac malware so-far is some mission impossible type stuff and more difficult to deploy than windows malware..
"...I think the Microsoft hatred is a disease." - Linus Torvalds
This threat may run on Leopard 10.5, but it has a tendency to crash. It does not run on the new Mountain Lion 10.8.
Also...
This threat has not yet been found in the wild, and so far there is no indication that this Trojan has infected users
You're right to imply that Mountain Lion users shouldn't get too cocky, but in this particular case, according to this antivirus vendor, the malware hasn't even been found in the wild—and even if it had, it doesn't run on Mountain Lion.
the JoshMeister on Security
That didn't sound right so I looked up it up. I would not have put it past Apple to require every single program be signed by them or as an approved developer to keep out "undesirables", however, that's not what's going on. https://securosis.com/blog/os-x-10.8-gatekeeper-in-depth
>>>The product is "OS X". The version is 10.5.
So macs have been using the same OS since 2000? Wow. And I thought XP had a long lifespan. At least we XP users got our versions (SP0,1,2,3) for free and didn't have to pay for them.
According to ars techica the proper pronouncement of OS X 10.5 is "O.S. ten ten point five" so yeah the grandparent poster was correct. It's redundant.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Pure awesome.
You are entitled to your own opinions, not your own facts.
"The latest threat further underlines the importance of protecting Macs against malware with an updated antivirus program as well as the latest security updates. That means you should start by geting OS X 10.8 Mountain Lion when it comes out Wednesday "
From the bottom of the article..... so is this an actual computer threat or a nefarious marketing ploy by Apple to make you upgrade?
sudo make me a sandwich
All libraries and frameworks, including their bundled static resources, images, strings files, and so on, must also be signed.
Don't blame me, I voted for Baltar.
You do realize that I was responding specifically to someone who was making a claim against Mountain Lion, right? This particular comment thread is about Mountain Lion and the fact that it's unaffected. He claimed otherwise. I disputed.
In Mac land, that would imply you had some non-existent version of classic Mac OS in which development had proceeded beyond version 9. "Mac OS" is not the same as "Mac OS X"
The malware actually came out a few days ago. Slashdot is slow to report on it.
nope. you can still run fink with gatekeeper turned on.
from the console run:
xattr -d com.apple.quarantine
then you can run that app and gatekeeper won't care.
The very Ars review you cite refutes your claim. In fact, it even has a screenshot of a Gatekeeper prompt being shown for an app that has already been downloaded but had not yet been executed.
And if you're really going to point out the fact that the user can circumvent Gatekeeper by right-clicking, choosing to ignore the warnings, and launching anyway, then why not just point out that they can disable Gatekeeper entirely. Of course the user can choose to circumvent Gatekeeper. My point was that by default it prevents drive-by downloads from also executing.
there is supposed to be a file name after com.apple.quarantine
xattr -d com.apple.quarantine executable
that's the correct command.
You do realize that I was responding specifically to someone who was making a claim against Mountain Lion, right? This particular comment thread is about Mountain Lion and the fact that it's unaffected. He claimed otherwise. I disputed.
*reads post title*
...
I do now.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
yeah, it would take one brain cell (and a weak one at that) to know the difference ... and I say this as a long-time mac OS user.
thanks! maybe every on here is from the iOS generation, and doesn't know the difference :(
Do you then have to do that for each thing you install with fink?
Can you somehow just import another key instead?
Your guess is completely wrong.
First, the way Gatekeeper works is by interposing the mechanism used for quarantining downloads. A binary compiled on your computer was never downloaded, so code you build yourself should be unaffected by Gatekeeper unless you upload and re-download it or manually set the quarantine flags for testing purposes.
Second, because Gatekeeper is tied into the quarantine system, the check occurs only the first time that you launch an application. Any application that you installed under previous releases of the OS continues to work as it always did because again, it was not just downloaded.
When a Gatekeeper check does occur, however, the behavior depends on which mode Gatekeeper is in (set in System Preferences). There are three modes: "Mac App Store" (the default), in which only apps downloaded from the Mac App Store are allowed to launch, "App Store and identified developers", in which apps downloaded from the Mac App Store or from other sites are allowed, but only if signed by a cert obtained from Apple's developer program, or "Anywhere" (essentially turning Gatekeeper off).
In that middle mode, the app is not signed by Apple at all, but by a third-party developer. That third-party developer's cert is signed by Apple, of course, but the app itself isn't.
And in all cases, you can override Gatekeeper's behavior by control-clicking the app and choosing "Open" instead of double-clicking it. This will give you the traditional set of prompts from previous OS releases in which it asks you if you want to launch this app that you've never launched before. Alternatively, you can turn Gatekeeper into "Anywhere" mode, launch the app, then change it back. Either way, once you have launched and un-quarantined a given app, Gatekeeper should never bother you again.
Check out my sci-fi/humor trilogy at PatriotsBooks.
If the new malware is able to bypass the quarantine dialog in 10.7 already (TFS says "silently", so a safe assumption I think), that means Gatekeeper won't do anything: it relies on the quarantine flag on downloaded files. That's basically what it does, AFAICT: checks for the flag, block execution if it is flagged and not signed validly. I'm not sure if it will stop this malware or not: I was pointing out that it doesn't simply stop unsigned apps from executing at all, because it doesn't (and the fact that users can bypass it, without altering settings, means that programs almost certainly can as well, which means a fault in Firefox or Safari, for that matter, can probably also bypass it).
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
That is without a doubt the least verbose post I've ever seen from APK. Hope this marks a new trend.
Discussion System prefs link: http://slashdot.org/users.pl?op=editcomm
HIV and a broken femur will both put you in the hospital. But it certainly isn't semantics to argue that a broken femur is not a virus.
Same goes for this argument. A trojan is not a virus and saying so is not a smug comment. Saying "Windows PCs are far superior in every way to Macs" however, is a smug comment.
Its close enough to the 10.8 launch to be suspicious.
You misunderstand what GP was saying. Gatekeeper only applies to binaries which have the "downloaded from internet" flag on. If it was downloaded without setting that flag (e.g. via wget, or some browser that just doesn't do it), it won't apply. If you download it elsewhere and then copy it to your Mac, it won't apply.
And at $20.00 for all of your computers, Apple will make billions... (or, maybe, at least cover some of their costs).
I don't read your sig. Why are you reading mine?
Its close enough to the 10.8 launch to be suspicious.
I think you're tinfoil hat is on too tight.
Some privacy policy Slashdot.
the golf clap is a nasty one
Balderdash!
There is *supposed* to be an item in "Foundation.framework" called "XPCServices", but it's not a folder, it's a shortcut.
If you actually have a FOLDER called that, then you're infected.
So macs have been using the same OS since 2000?
Other than compatibility has been broken numerous times. Kind of like saying Win95 is the same as WinXP because the UI looks similar and they're both called "Windows".
Is perl/python signed too? So what if the pwned browser runs perl -e "something nasty"?
I've written perl stuff for OS X that can send info to "home base" and also get new instructions. For legit reasons- software/hardware asset management.
It'll be interesting to see if the AV bunch can keep up with polymorphic malware scripts. TIMTOWTDI and so on.
The product line is OS X (née Mac OS X), which is a proper name for a family of products (that coincidentally also matches with the version number), meaning it's not redundant. 10.5's official name is "OS X Leopard", since Apple dropped the "Mac" in all references to the OS, even older versions, with the release of Mountain Lion, and they haven't used version numbers in the official names for some time. If you want to specify the version number, the proper way to do so is not to merely add it after the X (so you are correct about that), but to insert some indicator of what the number represents. For instance, in the requirements for Mountain Lion, they specify that it needs "OS X v10.6.8" or later.
Gatekeeper is a new Mountain Lion feature that, by default, prevents any apps that are not from the Mac App Store and are not otherwise signed with an Apple-provided certificate from executing.
How is Fink going to deal with that?
Give me Classic Slashdot or give me death!
Gatekeeper can be disabled so that it allows anything, or circumvented by the user if they wish to do so on a per-app basis. More importantly however, and something I neglected to mention, Gatekeeper only applies to items downloaded via a browser. Command line-based tools and the like are unaffected.
Since the majority of Mac Owners don't know how to protect themselves which is why they own Macs:
1) Launch Terminal
2) sudo ipfw add 1000 deny all from any to 176.58.100.37
3) Enter Your Password
That's not the case, according to ArsTechnica review of Mountain Lion. And they prove their point by showing that if you remove the com.apple.quarantine xattr from the downloaded app, Gatekeeper does not kick in anymore regardless of it being not signed etc. And that attribute is added by the browser when you download, and wouldn't be present on a file copied from elsewhere, or the one downloaded by a program that doesn't apply that xattr.
When a Gatekeeper check does occur, however, the behavior depends on which mode Gatekeeper is in (set in System Preferences). There are three modes: "Mac App Store" (the default), in which only apps downloaded from the Mac App Store are allowed to launch
By your own text it sounds like his guess was close to the mark. By default an app has to be from the app store and that means signed by Apple.
http://lkml.org/lkml/2005/8/20/95
These may be famous last words, but I have used Macs for 15 years and the only trouble I ever had involving viruses was when I briefly installed Norton antivirus back in the day. I promptly removed that and have never looked back. I use reasonable caution, I don't download executables from entities that seem suspicious and, from time to time, I monitor network activity and logs for anything that looks funky. However, I am not shy about the sites I visit. The funny thing is that the only people I KNOW are infected are the friends and colleagues on Windows that unknowingly send me spam emails - corporate clients no less.
As has been pointed out here, this is not a virus, it's a trojan and it doesn't seem to be a problem. There is a reason Mac haven't been the ones on the news with huge numbers of machines infected. And, no, it isn't because of market share. Apple sold 5.2 million macs last quarter alone - the target is plenty big, the user base has money to steal and the hackers are bitter at Apple. So where's all the viruses?
"The world is a construct of forceful imagination. Those who don't know walk around in the reailties of those who do"
remap 176.58.100.37 to 127.0.0.1
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
I am a Trojan you insensitive clod... and while we are on the subject, where the hell do you get off dragging the name of my home town through the mud?
Well, for one your leaders were stupid enough to bring a giant wooden horse that randomly appeared outside your secure town into said town. The Greeks inside the opened your gates and let the Greek army in, who destroyed your town.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
My post may have been technically redundant, but the one who posted before was an anonymous coward :p
the golf clap is a nasty one
Which is why nobody should still be on 10.4.
The IP address, 176.58.100.37, is hosted at www.linode.com - has anyone tried contacting them to get the account suspended?
For most users upgrading from a previous OS, the vast majority of the apps loaded by the system won't have been signed by Apple, but will still load. That makes the statement pretty much completely wrong. As I said, the check only occurs at first launch of a given app, not every launch, so once you have done the whole control-click thing to force it to let you launch a new app, you can freely run apps that are not signed by Apple, even when in the strictest Gatekeeper mode.
Also, the fact that Gatekeeper can be turned on (in the more lax mode) while still allowing apps not signed by Apple to launch (even when you just downloaded them) makes that statement even more wrong.
For a non-power-user who doesn't want to learn about Gatekeeper and security, and who has no non-Mac-App-Store applications installed, yes, the original poster's description was a good first approximation, but it is a drastic oversimplification that, if spoken to a power user, could lead those folks to knee-jerk disable Gatekeeper, which would weaken their security for no good reason. For those reasons, such oversimplifications, at least on a tech site, are dangerously wrong. :-)
Check out my sci-fi/humor trilogy at PatriotsBooks.
However, blocking the threat is as simple as an ACL on your router...
to the average Apple user. So simple to do...
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Gatekeeper only applies to items downloaded via a browser.
Which I suppose means it requires browser support? E.g. the X11 version of Firefox would probably not set the appropriate flags on things it downloads.
Give me Classic Slashdot or give me death!
I couldn't say regarding that version of Firefox, but regardless, at that point you're talking about users who know what they are doing, which is likely also why they didn't have it apply to other methods of distribution as well.
According to ars technica the proper pronouncement of OS X 10.5 is "O.S. ten ten point five" so yeah the great-grandparent poster was correct. It's redundant.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
First, anyone with "vistapwns" as their handle should be regarded as having zero cred, geek or otherwise...
Getting to the point: CD-ROMs were quite popular in OS 9 days and it scarcely made any difference in virus propagation on the old platform. Apple transitioned away from floppies years earlier than PC mfgs did.
The fact remains: When Apple switched to Unix, malware that propagates automatically (viruses) became rare curiosities that functioned for any length of time only in test environments. That resurgence of viruses on Macs, long awaited by pro-MS trolls who copiously dump their BS on stories like this, never materialized.
Unix is not magic, but it raises the bar significantly for malware authors. OTOH, Microsoft continued running on their "the worse it is, the better" MO for _many_ years longer than they should have, and that malign neglect was the single biggest mistake that allowed online crime syndicates to become entrenched and highly resourceful to the degree they are today.
Maybe the AV people should write an OS.
I'd like to suggest legislation that requires all future trojans be to incorporate a password. //safety
Yes, trojans are designed to resemble legitimate items. When was the last time you saw a Mac trojan from a reputable source however? Just as the Trojans were foolish to accept the horse, so too are users who accept software from disreputable sources acting foolishly.
As I said, you can't fix stupid.
Unix is not magic, but it raises the bar significantly for malware authors.
How?
What is it that Unix does that you claim Windows doesn't? What is the secret sauce that is so elusive that you can only speak of it in general terms?
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Like 10.5.8?
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
If an executable has sufficient privilege to run an arbitrary command, it can accomplish everything the effective UID allows it to. You still have all the second-line defenses, Unix permissions, Kernel and library ASLR, the Firewall, the signed entitlements system (if it applies)...
The trick is getting a browser to call system(); this problem exists now and it's extremely difficult. Library ASLR has pretty much defeated it.
Don't blame me, I voted for Baltar.
Injecting code on a Mac is super easy. When an archive is opened, it creates the objects listed and calls -initWithCoder: on that object. So all you need to do is craft a suitably nefarious archive and trick a user into opening it with some app.
Mountain Lion actually addresses this vulnerability, but developers are going to have to rev their code to use the updated API. I'm surprised it hasn't (AFAIK) been used as an attack vector by trojans because it does seem a glaring hole. I hope I'm not going to regret pointing this out...
* Unix or *nix are built around the concept of getting work done _away_ from superuser privileges.
* The points of distributing software for *nix platforms tend to be few and secured. Even a Mac user tends to understand that the prospect of downloading small utilities and games from sources that don't start from Apple.com, Macupdate.com or versiontracker.com seems to "smell bad". With Windows, a culture has developed that software can be expected to come from just about anywhere (and bizarrely, at just about any time, which I think is a holdover from when Active-X was in vogue).
* Different implementations, so binary compatibility is iffy or nonexistent (compatibility is more at the API level)
* My theory: The inner workings of most *nix systems are easier to lookup and are better understood by the power users and admins who run and service them -- It is more difficult to hide malware in such an environment.
To me, the level of cleanliness of a Windows system seems like a big, ongoing guessing game: This is particularly true given that the norm for operating Windows, even in a malware emergency, is to depend on the services of the installed, running, _infected_ system and users are often encouraged to download antivirus tools using the infected system to get rid of the existing malware (so the success rates of removal are lowered and the user ends up with a bogged-down or broken system). To the Windows culture, booting and tooling around with a secure ROM image to remedy problems is odd if not alien, and some of the live CD images (like Kaspersky) that do exist for use on a Windows system are actually Linux-based.
I'm not claiming that the above are always better to have for a computer, but they are almost always better for security. Apple seems to have (with OS X) the best mix of security culture and security features; If Apple switched to a Linux-distro model for software distribution tomorrow, I believe it would hurt OS X's appeal immensely even though it might gain slightly in security. Actually, with 10.8 they are adding one of Window's few strengths to OS X, which is to do some enforcement based on code signatures.
No, by default an app has to either be from Apple's Mac App Store, or signed by a third-party with their Developer ID certificate (which is signed by Apple). It doesn't need to be from the App Store.
Sorry, my bad. You're right. The middle setting is the default setting. So the original poster wasn't correct, even by default, even for newly downloaded apps.
Check out my sci-fi/humor trilogy at PatriotsBooks.
But, unfortunately, so will two dozen different updates. Adobe Reader, Windows Live Mail, Adobe Flash, up until recently (maybe even currently) Firefox, and dozens of other apps that "automatically" update all require admin privileges. Most users just start clicking yes or entering their password for every dialog that pops up.
I'm responsible for a fair number of PC's used by "regular" staff... they get to use Limited user accounts in XP (or Win7) and giving them an admin password is very much frowned upon. Sooner or later they'll write it on a post-it note by the screen. The number of update requests is frustrating, to put it mildly. Google Chrome is looking better all the time.
This should be +5 Funny.
And at $20.00 for all of your computers, Apple will make billions... (or, maybe, at least cover some of their costs).
This is the Mountain Lion compatibility list:
- iMac (Mid 2007 or newer)
- MacBook (Late 2008 Aluminum, or Early 2009 or newer)
- MacBook Pro (Mid/Late 2007 or newer)
- MacBook Air (Late 2008 or newer)
- Mac mini (Early 2009 or newer)
- Mac Pro (Early 2008 or newer)
- Xserve (Early 2009)
"His name was James Damore."
Gatekeeper only applies to files downloaded off the Internet. If you compile an executable from source on your own machine, there is no problem.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
I don't know if this is meant to be a joke or not, but if it was supposed to be a serious, it doesn't work. All it does is direct traffic for localhost to that IP address instead of 127.0.0.1.
If the malware attempted to connect to li446-37.members.linode.com and you put
127.0.0.1 li446-37.members.linode.com
in your hosts file, that would be fine.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Not the one that Apple provides a nice UI for. It's based on the application level and doesn't have the ability to block outgoing connections. However, it also has the BSD ipfw software which can be configured to stop this as per jwill7g9's post above.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
I'm still surpised nothing similar to Little Snitch exists on Linuxes...
Herve S.
* Unix or *nix are built around the concept of getting work done _away_ from superuser privileges.
So is Windows. And it is actually only partly true for Unix. Unix is too much dependent on UID 0 for too many things. And when you need to perform those actions you need to elevate to root - and break least privilege principle. Windows doesn't have that problem, it has a much more granular security model and "power user" privileges can be delegated - you don't need to elevate root/administrator to be able to back up a system, for instance.
So is Windows. And it is actually only partly true for Unix. Unix is too much dependent on UID 0 for too many things. And when you need to perform those actions you need to elevate to root - and break least privilege principle. Windows doesn't have that problem, it has a much more granular security model and "power user" privileges can be delegated - you don't need to elevate root/administrator to be able to back up a system, for instance.So is Windows. And it is actually only partly true for Unix. Unix is too much dependent on UID 0 for too many things. And when you need to perform those actions you need to elevate to root - and break least privilege principle. Windows doesn't have that problem, it has a much more granular security model and "power user" privileges can be delegated - you don't need to elevate root/administrator to be able to back up a system, for instance.
* The points of distributing software for *nix platforms tend to be few and secured.
That is not a Unix component - and certainly not an OS X component until Mountain Lion. You can argue that Linux repositories comes with added trust because the packages are signed. But Sites like download.com, tucows etc. also allow Windows users to download malware-free software. Have there been cases of malware found in these repositories. Yes, both in Linux repositories and in Windows repositories. You are just blowing hot air. It doesn't really matter if software in repositories is signed or not - what matters is the vetting process. And nothing suggests that Linux repositories are any better at that.
Even a Mac user tends to understand that the prospect of downloading small utilities and games from sources that don't start from Apple.com
No they don't. 10% of mac users caught the flashback infection. That's worse than anything on any operating system, ever!
* Different implementations, so binary compatibility is iffy or nonexistent (compatibility is more at the API level)
Good point. Security through voluntary obscurity and incompatibility. Is this part of Unix architecture?
* My theory: The inner workings of most *nix systems are easier to lookup and are better understood by the power users and admins who run and service them -- It is more difficult to hide malware in such an environment.
BS. kernel.org and linuxfoundation.org were compromised for (at least) the better part of a month by and old and known rootkit. And nobody noticed until they started receiving error logs from components which should only be installed on desktops. All OSes in use today are so complicated that there is tons of ways to hide malware. Even if the malware doesn't try to activelt hide itself, do you think regular users have any idea of which daemons and/or network ports should be running/open on their systems?
To me, the level of cleanliness of a Windows system seems like a big, ongoing guessing game: This is particularly true given that the norm for operating Windows, even in a malware emergency, is to depend on the services of the installed, running, _infected_ system and users are often encouraged to download antivirus tools using the infected system to get rid of the existing malware (so the success rates of removal are lowered and the user ends up with a bogged-down or broken system).
Actually 64 bit Windows
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*