First virus for OSX?!? WTF??
http://www.cnn.com/2006/TECH/04/30/a....ap/index.html
Give me a break ... 2 people? It doesn't even mentioned if they had to type in their admin password or not. Is this real or not, anyone else hear about this?
And oh yeah - someone please remind me how an intel chip makes it easier to compromise OSX again?
Quote:
Benjamin Daines was browsing the Web when he clicked on a series of links that promised pictures of an unreleased update to his computer's operating system.
Instead, a window opened on the screen and strange commands ran as if the machine was under the control of someone -- or something -- else.
Daines was the victim of a computer virus.
He and at least one other person who clicked on the links were infected by what security experts call the first virus for Mac OS X, the operating system that has shipped with every Mac sold since 2001 and has survived virtually unscathed from the onslaught of malware unleashed on the Internet in recent years.
Benjamin Daines was browsing the Web when he clicked on a series of links that promised pictures of an unreleased update to his computer's operating system.
Instead, a window opened on the screen and strange commands ran as if the machine was under the control of someone -- or something -- else.
Daines was the victim of a computer virus.
He and at least one other person who clicked on the links were infected by what security experts call the first virus for Mac OS X, the operating system that has shipped with every Mac sold since 2001 and has survived virtually unscathed from the onslaught of malware unleashed on the Internet in recent years.
Give me a break ... 2 people? It doesn't even mentioned if they had to type in their admin password or not. Is this real or not, anyone else hear about this?
And oh yeah - someone please remind me how an intel chip makes it easier to compromise OSX again?
Comments
Originally posted by the cool gut
....
Give me a break ... 2 people? It doesn't even mentioned if they had to type in their admin password or not. Is this real or not, anyone else hear about this?
And oh yeah - someone please remind me how an intel chip makes it easier to compromise OSX again?
Even if real, this does not sound like a virus. Afterall, viruses try to hide themselves, not reveal themselves as this thing reportedly does. It sounds like one of those hoax web pages which runs an MS-DOS DIR command in an web frame. However, these losers provide so little information that they may have just seen garbage on the screen for all we know.
--Noah
With new Macs running the same processor that powers Windows-based machines, far more people will know how to exploit weaknesses in Apple machines than in the past, when they ran on the PowerPC chips made by IBM Corp. and Motorola Corp. spinoff Freescale Semiconductor Inc.
"They have eliminated their genetic diversity," said independent security consultant Rodney Thayer. "The fear is that we're going to run into a new class of attacks."
Bud Tribble, Apple's senior vice president of software technology, disagreed.
"All the things we've been doing to make Mac OS X secure continue to be relevant on Intel," he said.
Duh. This article is just a bunch of fear mongering. These people don't understand software. How much malware is really written for Intel assembly, as opposed to just Windows' security holes?
Originally posted by bborofka
These people are idiots.
Duh. This article is just a bunch of fear mongering. These people don't understand software. How much malware is really written for Intel assembly, as opposed to just Windows' security holes?
I hear that the code was crafted by Balmer.
Originally posted by the cool gut
....
Give me a break ... 2 people? It doesn't even mentioned if they had to type in their admin password or not. Is this real or not, anyone else hear about this?
....
CNN.com got it from the AP. The AP got it from Mac Rumors.com.
"Clicked a series of links" => translation: "entered his Admin ID and password".
It's a trojan, the one the script kiddies cooked up to move the hashed passwords to the Public folder and then go back and get them later and use a brute-force cracker to crack the passwords.
Nothing can prevent somebody from running a Trojan sent to them if they are willing to authenticate when asked.
I wonder what "other security software" the so-called "expert" guy is now running, as he claims.
Just another paid plug to CNN to try and get clueless Mac users to rush out and buy some useless virus checker.
I never knew an Intel processor magically made it easier to explot holes in code? It's the thought that Windows runs on intel and Windows gets virus, so Macs must be more vulnerable now...
What crap
Originally posted by netdog
Vista has been delayed because much of the team has been reallocated onto the OS X Virus Deployment Team.
Haha, that's a good theory...
or is it a M$ internal memo?
Originally posted by Marvin
Haha, that's a good theory...
or is it a M$ internal memo?
Memo from the desk of Roz Ho. Explains why they are taking so long to get VirtualPC and Universal Office going.
http://daringfireball.net/2006/05/good_journalism
The sole reason people make viri isn't because of a particular hate towards one OS or another. They're out to infect as many users as they can. And like it or not most people use Windows.
I think that as the Mac gets more popular viri will become more of a threat. Apple's gained a lot of ground in the past 3 years or so, and hackers, crackers, and other such geeks are noticing.
Apple has to know this. And I'm interested to see what mesures they're taking against it. Because lets face it, the Mac isn't any more secure than Windows in more respects. people just haven't gone after it like they have with Windows.
For instance, MS DOS will stop you and verify most of the actions you ask it to do. Such as a hard drive wipe. Unix does not.
Don't get me wrong, I'm as big a Mac geek as they come. but the idea that an OS is "immune" to viri is both foolish and prideful.
-My 2 cents.
Originally posted by lundy
Here is a great response to this nonsense:
http://daringfireball.net/2006/05/good_journalism
Great? More like full of useless nitpicking.
His reliance on 'Oh, OS X has legitimate bugs, but Windows has more!!11!' is a pathetic explanation, at best. And his personal attacks of the persona behind the article ('he has long hair and a beard so he must be an expert') reveal just how stupid his whole 'OMFG THERE'S A CONSPIRACY AGAINST NEW APPLE ADS!1' charade is.
The article itself was pretty lacking in facts, but this is just outright disappointing.
Personally I think it all boils down to popularity.
The sole reason people make viri isn't because of a particular hate towards one OS or another. They're out to infect as many users as they can. And like it or not most people use Windows.
I think that as the Mac gets more popular viri will become more of a threat.
The "Marketshare Means Malware" argument has no basis in fact. To the contrary, Apache web server has a larger marketshare than Windows IIS, but IIS is compromised an order of magnitude more often.
1) Nobody is saying the Mac is "immune". Windows fans always like to misquote that, but no Mac person ever says it. It would be foolish to boast that Mac OS X was free from security holes - but the ability to overflow a buffer or submit a malformed image file does not give the attacker root as it does on WIndows.
2) Trojans, as described in the article, are impossible to defend against on any computer platform or OS. If you can use social engineering to convince the victim to enter an Admin password, that says nothing about either the cleverness of the malware or the vulnerability of the OS in question.
3) It's not just that Windows has "more bugs", but that the basic design of the OS makes it wide open to destruction if any bugs allow code to execute in the context of the current user, which on Windows is usually Admin, which is in effect root. Mac OS X does not allow this without explicit authorization.
Originally posted by Gene Clean
Great? More like full of useless nitpicking.
His reliance on 'Oh, OS X has legitimate bugs, but Windows has more!!11!' is a pathetic explanation, at best. And his personal attacks of the persona behind the article ('he has long hair and a beard so he must be an expert') reveal just how stupid his whole 'OMFG THERE'S A CONSPIRACY AGAINST NEW APPLE ADS!1' charade is.
The article itself was pretty lacking in facts, but this is just outright disappointing.
Originally posted by Gene Clean
Great? More like full of useless nitpicking.
His reliance on 'Oh, OS X has legitimate bugs, but Windows has more!!11!' is a pathetic explanation, at best. And his personal attacks of the persona behind the article ('he has long hair and a beard so he must be an expert') reveal just how stupid his whole 'OMFG THERE'S A CONSPIRACY AGAINST NEW APPLE ADS!1' charade is.
The article itself was pretty lacking in facts, but this is just outright disappointing.
Do you go out of your way to purposefully complain about things?
1) Nobody is saying the Mac is "immune". Windows fans always like to misquote that, but no Mac person ever says it. It would be foolish to boast that Mac OS X was free from security holes - but the ability to overflow a buffer or submit a malformed image file does not give the attacker root as it does on WIndows.
Don't be so sure. I've read plenty post from (most likely ignorant on the ways of security) Mac users touting OS X as 'immune'. Windows has no 'root', it has Administrator. Most users run as Administrators because a lot of programs are retarded enough to try to install things outside of your User territory. Admittedly, Microsoft has made it hard for people to run as regular users by going with an Admin by default, but that is being corrected.
2) Trojans, as described in the article, are impossible to defend against on any computer platform or OS. If you can use social engineering to convince the victim to enter an Admin password, that says nothing about either the cleverness of the malware or the vulnerability of the OS in question.
Right, but did we establish beyond reasonable doubt what the 'virus' was?
3) It's not just that Windows has "more bugs", but that the basic design of the OS makes it wide open to destruction if any bugs allow code to execute in the context of the current user, which on Windows is usually Admin, which is in effect root. Mac OS X does not allow this without explicit authorization.
Windows security policies are totally irrelevant on an article about Mac OS X security. I fail to see how pointing out Windows flaws makes the case for OS X security. His claim is that the person who wrote the original article is a Windows Guy and that he is just writing crap about OS X (which he was, to some degree). That's why he goes on and on about Windows and its problems, while forgetting that he is (supposed to) talk about OS X and the claims made in the article.
None of the claims in the article said that Windows was better, so concentrating on that (coupled with some childish attacks on the person) makes for a less-than-stellar article. I mean, he has valid points, but he also comes off as an arrogant prick. Could be a coincidence though.
gregmightdothat:
Do you go out of your way to purposefully complain about things?
No, I just think that serious articles should concentrate on their thesis, rather than expand the article to include irrelevant bits about other systems coupled with personal attacks. If that's complaining, then yes, yes, I am complaining about things.
Originally posted by Gene Clean
Don't be so sure. I've read plenty post from (most likely ignorant on the ways of security) Mac users touting OS X as 'immune'.
Well, let me rephrase that to no one who knows what they are talking about would claim that any system was "immune". Refer to the article I quote at the end of this post.
Windows has no 'root', it has Administrator.
They don't call it root...
Most users run as Administrators because a lot of programs are retarded enough to try to install things outside of your User territory. Admittedly, Microsoft has made it hard for people to run as regular users by going with an Admin by default, but that is being corrected.
That's what I was talking about. It's not as big a problem on OS X because Admin != root.
Right, but did we establish beyond reasonable doubt what the 'virus' was?
By the description, he's talking about the "Opener" Trojan. Script kiddies mailing a shell script. Nothing to see here - you have to download it, ignore Mac OS X's warning that it sees the shebang in the file, and then double-click it and authenticate as Admin. I had a guy on DSLR who insisted it was a virus because after all this authenticating and social engineering, it did TRY to do something to spread itself. I got a warning for telling him to "kiss my hairy red ass".
Windows security policies are totally irrelevant on an article about Mac OS X security. I fail to see how pointing out Windows flaws makes the case for OS X security.
See, I think it is completely relevant IF the author is claiming "Marketshare Means Malware". Otherwise I agree. Once they claim Marketshare Means Malware, then it is a valid rejoinder to point out that it isn't Windows' marketshare that makes it full of malware, it is the design.
His claim is that the person who wrote the original article is a Windows Guy and that he is just writing crap about OS X (which he was, to some degree). That's why he goes on and on about Windows and its problems, while forgetting that he is (supposed to) talk about OS X and the claims made in the article.
None of the claims in the article said that Windows was better, so concentrating on that (coupled with some childish attacks on the person) makes for a less-than-stellar article. I mean, he has valid points, but he also comes off as an arrogant prick. Could be a coincidence though.
Well, OK. I would just say that since the original article made NO effort to explain that the "virus" that they were all excited about wasn't the same as the viruses on Windows, that the guy had every right to point out their omission, which omission seemed to make it appear as if the two OSes were the same as far as vulnerability.
I quote here a reply from an author whose mailbox was filled with explanations after he made a similar baseless "Marketshare Means Malware" claim:
The myth isn't what we think - the myth is that low marketshare explains the absence of malware:
From http://www.baltimoresun.com/technolo...1353478.column
Writing a column containing debatable comments from security experts is nearly as good at filling up your e-mail inbox as the SoBig virus.
Last week, I concluded that Apple Computer Inc.'s Macintosh OS X provided safer computing than Microsoft Corp.'s Windows operating systems -- in part because its small market share offers Internet villains too little opportunity to spread mayhem and partly because OS X ships with all of its vulnerable services turned off. This blocks potential attackers from gaining access to the system's software in the first place.
The disputed quote arose in the effort to ascertain whether OS X is inherently more secure than Windows -- that is, harder to crack -- or is the dearth of viruses and worms for the Mac a result of "crackers" considering it not worth the time.
...
The remark that many readers found objectionable came from Graham Cluley, senior technology consultant of British anti-virus software firm Sophos PLC.
"It's perfectly possible to write viruses for Apple Macs," Cluley said. "Indeed, a Mac has no more inherent security than a PC, but virus writers appear motivated by a desire to cause widespread havoc and so have concentrated on the market leader."
Many readers, most of them computer programmers, vehemently disagreed .
"Your article, and Mr. Cluley's statements in particular, perpetrate a myth regarding the fallibility of *NIX [Unix-based operating systems] when compared to Microsoft Windows," said Burt Janz, a senior software engineer who is president and owner of CCS New England, a computer-services provider in Nashua, N.H.
Janz has developed in all the major operating systems -- Windows, Unix, IBM Corp.'s OS/2, as well as OS X.
While creating a Mac OS X virus is not impossible, Janz said, "the degree of difficulty here is at least 9.5 on a scale of 1 to 10."
Even harder is creating a virus or worm that could access the OS X system. The reason, Janz and several others pointed out, is in part explained by how Unix-based systems handle multiple users on the same machine.
For instance, Mom, Dad and Sis all can have separate user accounts. This also is true of Windows. But in OS X, only an account with administrator privileges can install software -- and even those accounts cannot access or change applications or data in other accounts, especially not the core of the system software.
Furthermore, only a user with "root"-level permissions has full access to the system, but Apple has this access disabled by default . Most users never will go to the trouble of figuring out how to enable the root user, and don't need to -- as nothing a regular user would want to do requires root-level authority.
Denied such access, the damage that any OS X malware could do becomes limited to the account of the user who runs it.
In other words, even if Dad got hit with an OS X virus that wiped out all his data -- and, remember, no OS X viruses presently exist -- the Mac still would operate, and Mom's and Sis's stuff on it would be untouched.
Also, because OS X always asks the user to type an administrator password before modifying anything in the system, attempts to install malware or alter system files immediately would be flagged.
"The virus would have to be an application," said Alan Dail, an independent senior software engineer in Wooster, Ohio. " You'd have to see that it's an application and make a conscious decision to run it for it to actually do anything."
Windows, the programmers said, has no such protections.
The software allows many tasks to execute themselves in the background without the users' permission or knowledge. This maximizes malware's ability to do harm. And, unlike the Mac OS, a user account with administrative privileges on a Windows machine can wreak catastrophic damage to data, programs -- or the system itself.
"Any misbehaving task under Windows is capable of modifying any [non-running program] anywhere on the system," Janz said. "And, when that [executable] file is run, bad things will absolutely happen."
This is how the two most recent malware incidents, the Blaster worm and the SoBig virus, became huge headaches. Each could exploit weaknesses in the Windows code that allowed them to hijack the system and propagate themselves.
Several correspondents also pinned a lot of blame on the Windows' e-mail program.
"Microsoft made a decision 10 years ago that their e-mail client, Outlook, should be allowed to run any script that it finds as an attachment to incoming mail," said Darrin Cardani, president of Buena Software Inc., a Chicago-based company specializing in audio-, video- and image-editing tools.
"Since the average user has no idea this feature exists, or even what a script is, they don't know to turn it off -- let alone know how to turn it off," Cardani said.
So a virus like SoBig can infect a Windows machine and e-mail itself out, to everyone in the user's address book, without the user realizing it.
No Mac e-mail program allows this , so Mac users would have to spread a virus like SoBig manually by intentionally mailing it other users -- not a likely scenario.
In response, Sophos' Cluley said his comments reflected the danger of something like an AppleScript e-mail attachment. AppleScript is OS X's built-in scripting language, and scripts can be launched like programs.
A foolish user could click on such an attachment and cause some damage, Cluley said.
He blamed the success of many Windows viruses on the human element: people clicking on attachments in e-mail despite being told of the dangers.
Still, even Cluley had to admit that Microsoft bore some of the guilt because of its "sloppy coding" -- a sentiment expressed by several readers of last week's column -- and that the open-source Unix core of OS X was, indeed, more secure.
Despite the "trustworthy computing" initiative ordered by Microsoft Chairman Bill Gates in January 2002, most of the millions of lines of code in Windows was written before that. Even if Microsoft is succeeding in writing a more secure code, old vulnerabilities will continue to lurk in Windows for years, gradually being found and patched.
A Microsoft spokesperson said the company, based in Redmond, Wash., is "committed to making Windows the most reliable operating system available" and noted that Windows XP's Online Crash Analysis feature allows users experiencing a Blaster-related crash, for example, to upload a report that will redirect them to a page to download the patch.
Another issue raised by readers concerned Cluley's statement regarding the Mac's "security through obscurity" -- arguing the reverse. The real reason no viruses exist for Mac OS X has little to do with its low market share, they say, but rather its near-impenetrability.
Though many amateurs may be looking for, and finding, holes in Windows, the FreeBSD Unix code that forms the foundation of OS X has been prodded by legions of expert programmers for 30 years.
Though a few hardy souls use the Unix offshoot Linux on PCs built for Windows -- they usually wipe Windows off the hard drive -- Unix typically is used in mission-critical roles, powering high-end work stations and file servers.
And, as mentioned earlier, crackers prefer hitting targets that will cause maximum disruption.
"Many orders of magnitude more people look over the source code for OS X and the related BSDs than have access to Windows source code," said John Klos, a developer of NetBSD, a flavor of Unix closely related to OS X.
Thus, many of the obvious holes in OS X were closed years ago. That, some suggested, actually makes OS X a more attractive target.
"If I were a fame-driven cracker with solid technical skills, cracking a BSD-based system would be the fastest way to show off my capabilities," said Rich Morin, a programmer and consultant based in San Bruno, Calif.
"My suspicion, therefore, is that many crackers have tried this challenge and failed," Morin added. Still, he cautioned "nobody has any way to know for sure."
(Emphasis added).