In my experience, I myself pose the most danger to my system and data. The same is true for 99.99% of users.
You know what, this is 100% true. And that's why you should be careful.
There's no FUD in what I write, I'm just urging you all to be careful. I don't care what some security guy wrote - why? Because he's writing it from a Unix point of view - which doesn't matter a jot, because the exploits on a Mac aren't based around Unix, they're based around the GUI.
You can sit there and talk about how the system files are locked up, and you need the superuser to do anything. Hey, wake up! Start the process viewer up, look at all that stuff running as *you*.
Saying you need to run permissions on stuff just isn't true, I ran an app installer just a couple of weeks ago that *did* not ask for a login.
Besides anything else, are system files the only things you care about? You have no work on your disks, you don't care what happens to mounted servers.
All the stuff *you* can do a virus/malicious app can do too. You deleted your files accidentally... how about I put them somewhere you don't get the chance to get them back from?
Virii aren't just about denial of service attacks on remotes sites, they are about pissing you off and screwing with your system.
Could I write a virus? Could *I*, don't think about that, think about could you? And the answer is, yes you could, and the good thing is you just don't realise it.
You don't realise what you have on your desk, and if you did then you'd sh*t a brick.
People talking about self-loading, this, that and the other don't know anything. Those PCs got infected because someone made a stupid decision. Not an admin, not a programmer - a user.
Don't have fear, be certain, have no doubt - just be careful because *you* are the weakest link.
As for trojan style attacks that require a user must execute a file OS X will prompt the user for thier administrative password. If you key in your admin password and run malicious code on your system, thats your own problem. I doubt many others will do the same and really you can only harm stuff in your home folder.
This is 100% wrong. Did you use a password the last time you ran Safari - no, you didn't. Did you use a password the last time you read/wrote/moved/deleted a file - no you did not. Have you got all your preference panes locked, or did you get bored keying in the password? Do you really know what your email app, browser or other system components can do, without your direct intervention?
You obviously have no idea. What makes virii annoying is their propensity to spread.
Im glad you like your powerful computer and realize just what it is you have on your desk. Ill just have to live in ignorance. Then again isnt ignorance supposed to be bliss.
If you read the bottom of my previous post you will see some good advice, take it, and pass it on to your friends.
Although you highlighted the fact that I could run a program that would delete everything near and dear to me, you have yet to even mention a method of delivery or replication. Which really is what makes a virus a virus. Otherwise your just running malicious code on your system, probably shouldnt run things that dont come from people you dont know or trust.
So, by your omission of describing a viable transmission method Im left believing you either dont know how viruses spread or havnt thought it through. What did you accidentally wipe out your home folder last night or something ?
If you installed something that didnt require an admin password it didnt touch your system files at all, just copied itself into your applications folder.
Look, you're a fictional giant Lion from Narnia, that died and was reborn, work it out for yourself.
If anyone with any programming experience at all wants to refute what I've written, go ahead, make my day.
I've no axe to grind here, just best wishes to my Mac brethren. Don't trust something because someone says so, or the alternative seems unlikely - the alternative is out there and waiting for your misstep.
I've no axe to grind here, just best wishes to my Mac brethren. Don't trust something because someone says so, or the alternative seems unlikely - the alternative is out there and waiting for your misstep.
There's no FUD in what I write, I'm just urging you all to be careful. I don't care what some security guy wrote - why? Because he's writing it from a Unix point of view - which doesn't matter a jot, because the exploits on a Mac aren't based around Unix, they're based around the GUI.
I'm not aware of any OSX exploit that's "based around the GUI". There are two I've heard of: the DHCP "remote" "exploit" (neither really remote nor a real exploit), and the SSH exploit. The first is really only an issue if a hacker can gain physical access to your Mac, in which case, well, he has physical access to your Mac, anyway, and doesn't need an exploit. The second is based on a service that is OFF by default, and if you're savy enough to turn it on and use it, you're savy enough to keep up to date with security patches.
If you mean, by GUI exploit, that I could write a script to do "rm -rf ~/" and send it to you, and you could run it, well...sure. I could also just tell you:
"Open Terminal and type 'rm -rf ~/', then hit return. Send an email to all your friends telling them to do the same thing."
There. I just told you to do it. If you actually do, that's your own damn fault, just as it would be if I told you to leave your front door unlocked, and you actually do. Neither makes for an "exploit" or "virus" or "worm" or anything.
Edit: The critical point, like others have said,is that there's no known way for a worm to propogate itself on OSX without asking for user authentication. No propogation, no worm.
it installed itself in my system folder. It's called carbon.framework and its in System-Library-Frameworks. DELETE IT IMMEDIATELY and then empty the trash right away. It erases your ENTIRE HD one minute after your view this web page. DO IT NOW!!!! QUICK! Or it will turn your hard drive into an inanimate carbon rod!!!11!11
Saying you need to run permissions on stuff just isn't true, I ran an app installer just a couple of weeks ago that *did* not ask for a login.
interesting choice of emphasis
(installers only ask for permission if they are installing things that affect core system folders(as in the folders that could fuxxor your computer if a virus got into them and tampered with stuff) as was mentioned in the thread already)
Curiousburb, the risk is not "laughably low", it is "lower". Some of the stuff you wrote I just outright disagree with, and some of what you write is just plain wrong.
But I'm not going to sit here and educate hackers.
Some of the old hacks for macs relied on things like the startup disk being called "Mac HD", but you'd always change you disk names, wouldn't you - every single one of you has done that, haven't you.
It's easy to sit there and write "stupid PC users do this...", but stupid Mac users do the same things. Did you ever download and install a file from the 'net?
Did you know the originator of each one of those files personally?
Do you know what some files are capable of, that seem innocuous?
A secure system would check every time *you* took an action, and by *you* I mean the person logged in, not necessarily what your fingers are poking at. But that would get really boring really quickly.
So we open up the doors, and through the cracks come the crackers.
The critical point, like others have said,is that there's no known way for a worm to propogate itself on OSX without asking for user authentication. No propogation, no worm.
That is not true, and I'm glad that you don't know it.
That is not true, and I'm glad that you don't know it.
wait a second, you posted saying that you just wanted us to be careful, get off our high horse about being so secure about virus attacks and actually worry about these things because they are apparently such real threats in your eyes, yet you are glad that he isn't being aware of these things?
(installers only ask for permission if they are installing things that affect core system folders(as in the folders that could fuxxor your computer if a virus got into them and tampered with stuff) as was mentioned in the thread already)
And as I mentioned already, those aren't the only things you should care about.
Comments
However you did provide links...
Originally posted by dfiler
In my experience, I myself pose the most danger to my system and data. The same is true for 99.99% of users.
You know what, this is 100% true. And that's why you should be careful.
There's no FUD in what I write, I'm just urging you all to be careful. I don't care what some security guy wrote - why? Because he's writing it from a Unix point of view - which doesn't matter a jot, because the exploits on a Mac aren't based around Unix, they're based around the GUI.
You can sit there and talk about how the system files are locked up, and you need the superuser to do anything. Hey, wake up! Start the process viewer up, look at all that stuff running as *you*.
Saying you need to run permissions on stuff just isn't true, I ran an app installer just a couple of weeks ago that *did* not ask for a login.
Besides anything else, are system files the only things you care about? You have no work on your disks, you don't care what happens to mounted servers.
All the stuff *you* can do a virus/malicious app can do too. You deleted your files accidentally... how about I put them somewhere you don't get the chance to get them back from?
Virii aren't just about denial of service attacks on remotes sites, they are about pissing you off and screwing with your system.
Could I write a virus? Could *I*, don't think about that, think about could you? And the answer is, yes you could, and the good thing is you just don't realise it.
You don't realise what you have on your desk, and if you did then you'd sh*t a brick.
People talking about self-loading, this, that and the other don't know anything. Those PCs got infected because someone made a stupid decision. Not an admin, not a programmer - a user.
Don't have fear, be certain, have no doubt - just be careful because *you* are the weakest link.
Originally posted by AsLan^
As for trojan style attacks that require a user must execute a file OS X will prompt the user for thier administrative password. If you key in your admin password and run malicious code on your system, thats your own problem. I doubt many others will do the same and really you can only harm stuff in your home folder.
This is 100% wrong. Did you use a password the last time you ran Safari - no, you didn't. Did you use a password the last time you read/wrote/moved/deleted a file - no you did not. Have you got all your preference panes locked, or did you get bored keying in the password? Do you really know what your email app, browser or other system components can do, without your direct intervention?
The list goes on...
Im glad you like your powerful computer and realize just what it is you have on your desk. Ill just have to live in ignorance. Then again isnt ignorance supposed to be bliss.
If you read the bottom of my previous post you will see some good advice, take it, and pass it on to your friends.
Originally posted by AsLan^
You obviously have no idea. What makes virii annoying is their propensity to spread.
Did I say they couldn't?
Originally posted by AsLan^
Then again isnt ignorance supposed to be bliss.
No, ignorance is catching AIDS.
Did I say they couldn't?
Although you highlighted the fact that I could run a program that would delete everything near and dear to me, you have yet to even mention a method of delivery or replication. Which really is what makes a virus a virus. Otherwise your just running malicious code on your system, probably shouldnt run things that dont come from people you dont know or trust.
So, by your omission of describing a viable transmission method Im left believing you either dont know how viruses spread or havnt thought it through. What did you accidentally wipe out your home folder last night or something ?
If you installed something that didnt require an admin password it didnt touch your system files at all, just copied itself into your applications folder.
Originally posted by AsLan^
Although you highlighted...
Look, you're a fictional giant Lion from Narnia, that died and was reborn, work it out for yourself.
If anyone with any programming experience at all wants to refute what I've written, go ahead, make my day.
I've no axe to grind here, just best wishes to my Mac brethren. Don't trust something because someone says so, or the alternative seems unlikely - the alternative is out there and waiting for your misstep.
Just a word of warning, make your own choices.
Windows User:
Unpacks computer, connects everything and boots up.
Plugs into cable modem and sets up email account info.
Checks Outlook email. Surfs web with IE.
Maybe visits chat rooms or plays online games.
Leaves computer online 24/7 (maybe sleep instead of shut down)
W is immediately vulnerable on multiple fronts.
Default auto-install of AcitveX components means web use can infect the machine unseen.
Outlook is used to propagate and spread infection more than any other software program.
Your computer might infect everyone in your address book or become DDoS attacker of others.
Chat room logs, gaming server logs, and some cable subnets are constantly targeted for probing by hackers and trojans, seeking open ports.
(I know of users whose machine was hijacked while the cable guy was hooking them up, but before they'd finished configuring things.)
Windows by default leaves many Ports open.
Statistics suggest more than 10% of users never change the default passwords or security settings.
Critical system files may be infected by hidden installs without visible symptom.
71,000 known worms, trojans, and viruses to continually patch for or risk trauma.
Unless you pay to add firewalls and antivirus tools and become competent in their frequent use,
Risk = high
--
Mac OS X User:
Unpacks computer, connects everything and boots up.
Plugs into cable modem and sets up email account info.
Checks Mail. Surfs web with Safari.
Maybe visits chat rooms or plays online games.
Leaves computer online 24/7 (maybe sleep instead of shut down)
-
OS X is immediately secure.
No risk of ActiveX infection due to web travel.
No risk of email infection or propagation due to attached scripts or auto-executing programs.
No risk of spreading infection to your address book or via email to friends.
No risk of your OS X machine becoming DDoS attacker of others.
Software firewall built-in (factory default with all ports closed).
Critical system areas require Admin access password for installations.
No known worms, trojans or viruses for OS X. Zero. Zip. Zilch. Bupkus. Nada. None.
Zero extra cost required for firewall or antivirus (or expertise) to achieve
Risk = laughably low
Both platforms have security patches and antivirus software.
Can you guess which one has more/more often/needs more?
Can you say "quality control" and "stable kernel" boys and girls?
Originally posted by Clive
I've no axe to grind here, just best wishes to my Mac brethren. Don't trust something because someone says so, or the alternative seems unlikely - the alternative is out there and waiting for your misstep.
Just a word of warning, make your own choices.
Okay cheers, Ill agree to that.
I guess I just felt frisky this morning.
Nice breakdown curiousburb.
Originally posted by Clive
There's no FUD in what I write, I'm just urging you all to be careful. I don't care what some security guy wrote - why? Because he's writing it from a Unix point of view - which doesn't matter a jot, because the exploits on a Mac aren't based around Unix, they're based around the GUI.
I'm not aware of any OSX exploit that's "based around the GUI". There are two I've heard of: the DHCP "remote" "exploit" (neither really remote nor a real exploit), and the SSH exploit. The first is really only an issue if a hacker can gain physical access to your Mac, in which case, well, he has physical access to your Mac, anyway, and doesn't need an exploit. The second is based on a service that is OFF by default, and if you're savy enough to turn it on and use it, you're savy enough to keep up to date with security patches.
If you mean, by GUI exploit, that I could write a script to do "rm -rf ~/" and send it to you, and you could run it, well...sure. I could also just tell you:
"Open Terminal and type 'rm -rf ~/', then hit return. Send an email to all your friends telling them to do the same thing."
There. I just told you to do it. If you actually do, that's your own damn fault, just as it would be if I told you to leave your front door unlocked, and you actually do. Neither makes for an "exploit" or "virus" or "worm" or anything.
Edit: The critical point, like others have said,is that there's no known way for a worm to propogate itself on OSX without asking for user authentication. No propogation, no worm.
i just found the first Mac OS EX Virus !!! EVAR!
it installed itself in my system folder. It's called carbon.framework and its in System-Library-Frameworks. DELETE IT IMMEDIATELY and then empty the trash right away. It erases your ENTIRE HD one minute after your view this web page. DO IT NOW!!!! QUICK! Or it will turn your hard drive into an inanimate carbon rod!!!11!11
Originally posted by Clive
Saying you need to run permissions on stuff just isn't true, I ran an app installer just a couple of weeks ago that *did* not ask for a login.
interesting choice of emphasis
(installers only ask for permission if they are installing things that affect core system folders(as in the folders that could fuxxor your computer if a virus got into them and tampered with stuff) as was mentioned in the thread already)
But I'm not going to sit here and educate hackers.
Some of the old hacks for macs relied on things like the startup disk being called "Mac HD", but you'd always change you disk names, wouldn't you - every single one of you has done that, haven't you.
It's easy to sit there and write "stupid PC users do this...", but stupid Mac users do the same things. Did you ever download and install a file from the 'net?
Did you know the originator of each one of those files personally?
Do you know what some files are capable of, that seem innocuous?
A secure system would check every time *you* took an action, and by *you* I mean the person logged in, not necessarily what your fingers are poking at. But that would get really boring really quickly.
So we open up the doors, and through the cracks come the crackers.
Play safe, wear a condom. :-)
Originally posted by Towel
The critical point, like others have said,is that there's no known way for a worm to propogate itself on OSX without asking for user authentication. No propogation, no worm.
That is not true, and I'm glad that you don't know it.
no, it's not virii, virii isn't even a real word.
Originally posted by Clive
That is not true, and I'm glad that you don't know it.
wait a second, you posted saying that you just wanted us to be careful, get off our high horse about being so secure about virus attacks and actually worry about these things because they are apparently such real threats in your eyes, yet you are glad that he isn't being aware of these things?
do you hope he gets a virus or something?
Originally posted by Wrong Robot
(installers only ask for permission if they are installing things that affect core system folders(as in the folders that could fuxxor your computer if a virus got into them and tampered with stuff) as was mentioned in the thread already)
And as I mentioned already, those aren't the only things you should care about.
But, you people know better?
Originally posted by Wrong Robot
it's not virii, virii isn't even a real word.
You're wrong. Look it up.
Ditto the *correct* plural of forum is fora.
Originally posted by Wrong Robot
do you hope he gets a virus or something?
It might shut him up. :-)
No, I just mean that I'm glad that he doesn't know how to exploit any weaknesses in the OS security model.
Because if he doesn't, then he can't hack anyone else, or tell someone else how to do it.
To bring dire straits to your environment
Crush your corporations with a mild touch
Trash your whole computer system and revert you to papyrus
I want to make a super virus
Strong enough to cause blackouts in every single metropolis
Cuz they dont wanna unify us
So f**k it total anarchy
Can't nobody stop us
You see late in the evening
F**ked up on my computer and my mind starts roaming
I create like a heathen
The first cycles of this virus I can send through a modem
Infiltration hits your station
No microsoft or enhanced dos will impede
Society thinks they're safe when
Bingo! harddrive crashes from the rendering
A lot of hackers tried viruses before
Vaporize your text like so much white out
I want it where a file replication is a chore
Lights out shut down the entire white house.
I dont want just a bug that could be corrected
Im erecting immaculate design
Break the nation down section by section
Even to the greatest minds its impossible to find
I wanna devise a virus
to bring dire straits to your environment
crush your corporations with a mild touch
trash your whole computer system and revert you to papyrus
I want to develop a super virus
Better by far then that old y 2 k
This 3030 the time of global unification break right through they//
terminals, burn em all
Slaves to silicon
Curupt politicians with leaders and thier keywords
F.B.I and spys stealin bombs
Decipitate thier plans in thier face and catch the fever
Everybody loot the stores get your caned goods
Even space stations are having a hard time
Beast keeepers seek to take our manhood
Which results in the form of global aparthied
Ghettos are trash dumps with gas pumps
Exploding and burnt out since before the great union
The last punks walk around like masked monks
Ready to manipulate the data base and break through em
Human rights come in a hudreth place
Mass production has always been number one
New Earth has become a repungnent place
So its time to spread the fear and the thunder some
I wanna devise a virus
to bring dire straits to your environment
crush your corporations with a mild touch
trash your whole computer system and revert you to papyrus
I wanna devise a virus
to bring dire straits to your environment
crush your corporations with a mild touch
trash your whole computer system and revert you to papyrus"