Interesting People mailing list archives
Re: mac trojan in-the-wild
From: David Farber <dave () farber net>
Date: Thu, 1 Nov 2007 10:52:22 -0400
Begin forwarded message: From: "Peter Sahlstrom" <peter () stormlash net> Date: November 1, 2007 10:16:16 AM EDT To: dave () farber net Cc: ip () v2 listbox com Subject: Re: [IP] Re: mac trojan in-the-wild Dave, I'm waiting for "the big one" as much as anyone, but I think this report is a bit premature. I know that there is a lot of frustration at Apple's somewhat arrogant stance on security (if not at Apple itself, at least at the archetypal "Mac user"), but this trojan is just another in a long line of purported watershed moments in OS X security. Some examples: The "opener" rootkit for OS X, announced in 2004: http://lists.apple.com/archives/macos-x-server/2004/Oct/msg01502.html OSX/Leap-A, "The first OS X Virus", from February 2006: http://www.macrumors.com/2006/02/16/the-first-mac-os-x-virus-a-new-os-x-trojan/ The "OSX.Macerena" virus, released November 2006: http://www.macworld.com/news/2006/11/03/macarena/index.php I think there's one thing especially worth noting about this latest trojan report that also applied to the three listed above: the user still has to manually execute a file they have downloaded before the virus can install itself. In this latest trojan, even if you have "Automatically open safe files after downleading" checked, this will only mount the drive image containing the virus; the user must still manually execute the application and type in an administrator password before the trojan can install itself. As Victor Marks mentioned earlier, operating system designers are still trying to figure out how to help users recognize the risk in running programs they have downloaded, just as society at large tries to figure out how to keep users from using products they have purchased in harmful ways. Mac OS 10.5 has some interesting ideas (tagging of downloaded files as potentially dangerous, giving developers the option of signing their binaries), but the fundamental issue is the same: how far should an operating system go in protecting users from themselves? -Peter Sahlstrom peter () stormlash net On 11/1/07, David Farber <dave () farber net> wrote:
Begin forwarded message: From: "Victor Marks" <vxm () miglia com> Date: October 31, 2007 10:04:55 PM EDT To: dave () farber net Cc: ip () v2 listbox com Subject: Re: [IP] mac trojan in-the-wild For IP if you wish Dave, Gadi, It just means that OS X is the new Linux, having joined Linux in possessing vulnerabilities and smug users who like to make fun of Windows. http://www.google.com/search?q=linux+worm&hl=en&client=safari&rls=en&start=30&sa=N Apple is using some of the same GNU and BSD licensed software and has some of the same vulnerabilities. http://apple.com/opensource Apple regularly issues security updates, although some security researchers have expressed disappointment with Apple in the past. In other cases, Apple has chosen to strike a balance between security and annoying the user. Microsoft chose a different balance with Vista's User Access Control (confirm, deny). Now apple will likely re-evaluate the whole safe auto-opening business, but in the end of the day: 1) users will still want to download items to their computers 2) they may be tempted by social engineering (want porn? get shiny new codec-trojan!) How far should the operating system makers go to prevent users (owners of their systems) from installing third-party software? Should they make it hard to download and install software? (Apple already requires an administrator password to install software that touches beyond the reach of the user's files.) Should they attempt to determine malware and prevent its installation for the user? If they should somehow attempt to determine between good software and bad software for the user, what's to say that doesn't open a whole can of worms for operating system makers and using such a thing against competition? IP readers here are some general questions that can be answered regardless of your favorite operating system distribution: what do you think the right way forward is? protecting users from themselves in some fashion (please elaborate) ? leaving users to their own devices and just more strongly encouraging not running as an administrative (non-root) user? encouraging operating system makers to take security more seriously (how?) Other? Regards, Victor Marks On 10/31/07, David Farber <dave () farber net> wrote:Begin forwarded message: From: Gadi Evron <ge () linuxbox org> Date: October 31, 2007 7:23:55 PM EDT To: dave () farber net Subject: mac trojan in-the-wildFor whoever didn't hear, there is a Macintosh trojan in-the-wild beingdropped, infecting mac users. Yes, it is being done by a regular online gang--itw--it is not yet another proof of concept. The same gang infects Windows machines as well, just that now they also target macs. http://sunbeltblog.blogspot.com/2007/10/screenshot-of-new-mac-trojan.html http://sunbeltblog.blogspot.com/2007/10/mackanapes-can-now-can-feel-pain-of.htmlThis means one thing: Apple's day has finally come and Apple users aregoing to get hit hard. All those unpatched vulnerabilities from years past are going to bite them in the behind.I can sum it up in one sentence: OS X is the new Windows 98. Investinginsecurity ONLY as a last resort losses money, but everyone has to learnit for themselves. Gadi Evron. ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
-- Peter Sahlstrom peter () stormlash net http://peter.stormlash.net ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Re: mac trojan in-the-wild David Farber (Nov 01)
- <Possible follow-ups>
- Re: mac trojan in-the-wild David Farber (Nov 01)