or Connect
AppleInsider › Forums › Software › Mac OS X › Java-based Trojan horse targets computers running Apple's Mac OS X
New Posts  All Forums:Forum Nav:

Java-based Trojan horse targets computers running Apple's Mac OS X - Page 3

post #81 of 94
Quote:
Originally Posted by CIM View Post

And this is (one reason) why Apple is getting rid of Java and Flash on Macs, kids.

Hyperbolic statement as Apple is NOT getting rid of either. Java and Flash will still be supported, if the user wants to use them. And updates will be quicker since there will be no more Apple approvals required.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #82 of 94
Quote:
Originally Posted by Mr. H View Post

Oh jeez is this a wind up?

No, I don't think you are being put on. No self respecting Trojan would require your password for permission to do as it pleases. In the past a Trojan would run and appear to perform as advertised but commit mischief without betraying its intentions by requesting permission. I suppose this could be classified as a trojan for particularly dumb people.
post #83 of 94
I am curious about things like viruses and trojans in Mac. Assuming you allow a non OSX specific trojan to install in your Mac does it matter if it is a PPC or Intel Mac? Are PPC Mac safer in a sense that they are of a different architecture?
post #84 of 94
SecureMac gets you to download and run a 'removal tool' for this Trojan, should it be on your Machine.

How does one tell that that 'removal tool' is not an installer tool instead? Installing all sorts of nastiness on your Mac? One doesn't! There's no way to tell. And the similarity is of course striking: SecureMac asks you to do exactly the same thing a Trojan asks you to do...

Anyway, I've heard from a few Macs that it was run on. It didn't find the Trojan and proceeded to sell stuff without missing a beat...
post #85 of 94
Quote:
Originally Posted by sdbryan View Post

No, I don't think you are being put on. No self respecting Trojan would require your password for permission to do as it pleases. In the past a Trojan would run and appear to perform as advertised but commit mischief without betraying its intentions by requesting permission. I suppose this could be classified as a trojan for particularly dumb people.

Umm, no. What exactly is the difference between that and also asking for a password, none! By definition trojans are Social Engineering attacks that require tricking the user into activating the malware and giving execution permissions. If execution permissions are implicit that just makes it easier for the Trojan's true nature to remain undiscovered, but it's still a Trojan.
.
Reply
.
Reply
post #86 of 94
deleted
post #87 of 94
Quote:
Originally Posted by MacRulez View Post

Chip architectures don't matter much. No compiler can force programmers to do adequate bounds checking.

More important is to spend most of your time in a non-admin account. Computers - yes, Macs too - encourage use of the default account when you set it up, but that account is admin so there's no end of potential damage that can be done. But with a non-admin account the worst that can happen is you throw the account out and make a new one, but the system itself can't be compromised.

Except the software can still install if an admin password is entered, something that happens in a OS X admin account too. Unlike older versions of Windows an admin account in OS X does not automatically pass installation and execution permissions on to all newly downloaded software.

If the admin working in a non-admin account enters an admin password based on a Trojan's request, the same level of bad happens. No less, no worse.
.
Reply
.
Reply
post #88 of 94
deleted
post #89 of 94
Quote:
Originally Posted by MacRulez View Post

True to some degree: there is no cure for poor hygiene.

But a non-admin account can only be elevated to admin, while an admin can be elevated to root.

And if you do not enable the root account it cannot be elevated to at all, whether you are in an admin account or not. The whole idea of Admin vs User account is relatively irrelevant in a OS X home environment if the root user is not enabled. It is disabled by default, VERY few users at home should EVER enable it.

User accounts are useful for administered networks to keep configurations under control and prevent morons from allowing in Trojans because they do not know the admin password. But at home, when the victim knows the password, they either do the smart thing or they don't.
.
Reply
.
Reply
post #90 of 94
Quote:
Originally Posted by Mr. H View Post

Trojan != virus

The only way of protecting an OS against Trojans is making it so that the OS will only run signed code and all apps must be checked first by the OS vendor before being available to the wider public, a la iOS.


Adding a code checking system only adds more doors for exploits. People will find a way around it. Not only this, but there has to be a way for developers to run their unsigned projects. Do you think most students could afford the time and money for a signing process on their homework?

Microsoft tried it. Apple wouldn't be any more successful. You must always have a way to run unsigned code on a computer unless you are cookie cutter joe who will only ever use the software that came with the computer and maybe a couple mainstream applications.

Also, a trojan is a type of virus. A virus is a trojan if it relies on some form of user intervention such as clicking on a link or running an infected program. The only time a virus is not a trojan is if it can spread on its own using only expliots. A virus also does not have to use exploits to be a virus. It only has to do something malicious such as encrypt your hard-drive with a random large key so your data is lost forever. But the point in case is that a trojan that is not a virus is not a trojan because if it is not a virus then it will do absolutly nothing malacious. Simple as that.
post #91 of 94
Quote:
Originally Posted by Hiro View Post

And if you do not enable the root account it cannot be elevated to at all, whether you are in an admin account or not. The whole idea of Admin vs User account is relatively irrelevant in a OS X home environment if the root user is not enabled. It is disabled by default, VERY few users at home should EVER enable it.

User accounts are useful for administered networks to keep configurations under control and prevent morons from allowing in Trojans because they do not know the admin password. But at home, when the victim knows the password, they either do the smart thing or they don't.

To be fair it is a little more then just people doing the smart thing or not. Lets say you are uploading some pictures to facebook. A new version of the uploader needs to be installed. Only the insanely paranoid person would not allow that installation to take place even if they got a message about code being unsigned. Why, because it is smart to trust a big company like facebook. Just like it is smart to trust a big company like Microsoft, or Google, or Apple. The problem is that hackers are able to get their trojans onto companies sites from time to time. It's not about doing the smart thing or not. It's about getting tricked. No one is safe from being tricked. Someone who believes they are above the average user so much so that they could never get a virus is usually the person whose computer has been a long time member of a bot net. I am an ISS major and I know mountains more then the average user and I know full and well that I can just as easily be tricked as the next person when you are dealing with trusted sources. Oh, and queue some loser who is going to complain about long sentances and no paragraphs. I did it on purpose just because it bothers you.
post #92 of 94
Quote:
Originally Posted by druble View Post

Also, a trojan is a type of virus. A virus is a trojan if it relies on some form of user intervention such as clicking on a link or running an infected program. The only time a virus is not a trojan is if it can spread on its own using only expliots. A virus also does not have to use exploits to be a virus. It only has to do something malicious such as encrypt your hard-drive with a random large key so your data is lost forever. But the point in case is that a trojan that is not a virus is not a trojan because if it is not a virus then it will do absolutly nothing malacious. Simple as that.

You have confused the terms virus and malware. Trojans are malware. Viruses are malware. Trojans are not viruses. A Trojan is a stand-alone piece of malware that has been engineered to outwardly look useful, but actually do malicious things. Viruses are actually a rare form of malware these days (the vast majority of malware being Trojans, Worms, Adware or Spyware). As with most things computer-science related, wikipedia's article on Viruses isn't too bad.
it's = it is / it has, its = belonging to it.
Reply
it's = it is / it has, its = belonging to it.
Reply
post #93 of 94
Quote:
Originally Posted by druble View Post

Oh, and queue some loser who is going to complain about long sentances and no paragraphs. I did it on purpose just because it bothers you.

You mean "cue"
it's = it is / it has, its = belonging to it.
Reply
it's = it is / it has, its = belonging to it.
Reply
post #94 of 94
Quote:
Originally Posted by druble View Post

To be fair it is a little more then just people doing the smart thing or not. Lets say you are uploading some pictures to facebook. A new version of the uploader needs to be installed. Only the insanely paranoid person would not allow that installation to take place even if they got a message about code being unsigned. Why, because it is smart to trust a big company like facebook. Just like it is smart to trust a big company like Microsoft, or Google, or Apple. The problem is that hackers are able to get their trojans onto companies sites from time to time. It's not about doing the smart thing or not. It's about getting tricked. No one is safe from being tricked. Someone who believes they are above the average user so much so that they could never get a virus is usually the person whose computer has been a long time member of a bot net. I am an ISS major and I know mountains more then the average user and I know full and well that I can just as easily be tricked as the next person when you are dealing with trusted sources. Oh, and queue some loser who is going to complain about long sentances and no paragraphs. I did it on purpose just because it bothers you.

Point A- No, your example is broken. Why would Facebook, a website, need an admin password to install anything? And a secondary alert is that the signing you dismiss explicitly is saying the code would not have come from your fictitious Facebook. Why would Facebook have somebody else install something? If you are going to avoid two major red flags you chances of being tricked go up exponentially.

Point B - Yes trickery can happen to anyone, and I have been saying all along this is a social engineering attack because of that. Not something that can be effectively defended in code. So I suggest you read the flow of posts a bit better because as a CS professor I find your mountainous ISS major skills lacking in comprehension and analysis of the text before you.

Point C -Being snide about intentionally poor grammar isn't something I would be proud of. Just sayin'.
.
Reply
.
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Java-based Trojan horse targets computers running Apple's Mac OS X