Full Disclosure mailing list archives
Re: mac trojan in-the-wild
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Thu, 1 Nov 2007 19:10:10 -0400
On 11/1/07, nnp <version5 () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There's a difference between ignoring something and making a statement like 'OS X is the new Windows 98.'
OK How about "iPhone is the new Win9x"? It is running a type of OSX, one that is configured to use root for everything. I repeatedly hear that OSX is secure because BSD is a well picked through OS. Developers have had 30 some odd years to work out the bugs/vulns. What people are not taking into consideration is that if you install a single insecure app, (I.E: IE for Mac or Safari) and then use it to update your myspace profile and browse pr0n; you have to take additional preventative measures or will no longer have a secure system. This will be compounded by the fact that most corporations don't see a need to shell out the bucks for AV/AS for Macs. AV/AS by itself is not a great defense, but at least its something. Anyhoo, to reiterate: OSX !BSD. Windows had a hell of a time securing its OS in part due to all the bells and whistles and also in part because they would release an insecure product with the semi-intention of patching later. The iPhone's configuration proves that Apple will release products that do not conform to well known security best practices as well (the least of which is don't run everything as root). This makes me think that Apple is 1990's-M$-like in its pursuit of functionality over security . BTW: Did anyone test out whether the Mac AV/AS products detected this trojan? -JP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: mac trojan in-the-wild, (continued)
- Re: mac trojan in-the-wild Steven Block (Nov 01)
- Re: mac trojan in-the-wild Nick FitzGerald (Nov 01)
- Re: mac trojan in-the-wild reepex (Nov 01)
- Re: mac trojan in-the-wild Paul Schmehl (Nov 01)
- Re: mac trojan in-the-wild reepex (Nov 01)
- Re: mac trojan in-the-wild Nick FitzGerald (Nov 01)
- Re: mac trojan in-the-wild Nick FitzGerald (Nov 01)
- Re: mac trojan in-the-wild Steven Block (Nov 01)
- Re: mac trojan in-the-wild Paul Schmehl (Nov 01)
- Re: mac trojan in-the-wild Alex Eckelberry (Nov 01)
- Re: mac trojan in-the-wild nnp (Nov 01)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 01)
- Re: mac trojan in-the-wild nnp (Nov 01)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 02)