Announcement

**Urban Ranger** · February 17, 2006, 20:43

Originally posted by Last Conformist
@Uncle Boris: I've yet to see a MS patch that forces you to reinstall the whole programme.

XP SP2 breaks a whole slew of programs. Simple reinstallation wouldn't do.

Further back, Windows 3.0 to 3.1 did the same thing, and all subsequent major releases did something similar.

**Urban Ranger** · February 17, 2006, 20:47

Originally posted by Imran Siddiqui

us macheads have always pointed out that one advantage comes with smallness - there's not much attention from hackers.

Aggie has claimed on numerous occasions that Mac doesn't get hit by malware because of its security and not just because of smallness.

Security has to do with user awareness to a large degree. In fact, nothing can save you if you do stupid things. Having limited rights means you can only bork your own account and directories you have write access.

**Asher** · February 18, 2006, 03:03

Originally posted by Urban Ranger
XP SP2 breaks a whole slew of programs. Simple reinstallation wouldn't do.

XP SP2 rewrote the networking stack and tons of memory management code. Applications that used both as intended and as instructed in the APIs and documentation were unaffected.

A few programs broke in the process and needed some changes. Tell us, UR, which programs did SP2 break that don't work today?

Further back, Windows 3.0 to 3.1 did the same thing, and all subsequent major releases did something similar.

Earth to UR -- we're not talking about major OS upgrades...we're talking a 0.0.1 revision to fix bugs...

**Asher** · February 18, 2006, 03:04

Originally posted by Urban Ranger
Security has to do with user awareness to a large degree. In fact, nothing can save you if you do stupid things. Having limited rights means you can only bork your own account and directories you have write access.

In most cases, that is the most dangerous thing.

My dad could spend an hour reinstalling Windows if it's borked, but if his documents and data were deleted or corrupted, that's a major FUBAR.

It's time for you to obtain what is called "perspective".

**Agathon** · February 18, 2006, 04:53

Originally posted by monolith94

*opens up ichat to see if anything funky is going on*

Stop worrying about it.

Here are the facts.

You can absolutely prevent yourself from being victimized by this trojan app without worrying about security updates or anti-virus software. This is not evidence of a security flaw in OS X. It's simply an executable that has had the icon of a jpeg pasted on it (it's an old trick). If you double click on the file, and you are running an adminstrator account, it will execute and write to various apps including iChat, which will attempt to send a copy of the file to people on your buddy list.

If you are not running an adminstrator account (and you simply shouldn't be, since you don't need to), OS X will deny the trojan permission to write to your applications folder, and it will fail.

If you receive an unexpected file through iChat, don't open it.

If you were to download this trojan using Safari or Apple Mail, the download would be interrupted by a prompt, informing you that the download contained an application, and asking you if you wanted to continue with the download. Since, you would download it thinking it was a picture, you would automatically realize that something was wrong and abort.

If you continually tried to access the file while operating as an ordinary user, OS X would prompt you for an administrator password, which would alert you to the fact that the "jpeg" isn't doing what it is supposed to. If you refused to give it your password, the trojan would fail.

If you had turned on "show all extensions", you would see that the file was not what it had claimed to be.

If you selected the file and hit Apple-I, you would immediately see that it was a Unix executable and not a picture.

It's nothing new: various proof of concepts utilizing the same trick have been seen before. Some clown downloaded a file that claimed to be a pirated copy of Office. It was a script that used the sudo command to wipe his home directory.

There's little that can be done about such things, because they exploit problems with people rather than problems with the OS. If a user has the power to delete or modify files, then an app can be created that does that, and the user can be tricked into running it.

The benefit of running a UNIX based system is that ordinary users, no matter what they click on, or run, have no power to screw up the system unless they specifically agree to do so by authenticating (and they have no power to mess with anyone else's data unless they authenticate as root, which is a pain to do). If you don't or can't authenticate, trojans like this are powerless to do anything more than mess around in your home directory.

Sure, it's bad news if your home directory gets messed up, but that's a lot better than the whole system being compromised, or everyone else's data being messed up as well.

There is a million miles between this and what happens with various versions of Windows. On Windows it is possible for such things to gang rape your whole system without you ever knowing it, because Windows lacks the secure permissions system that OS X and other UNiX based OSes have.

If Apple is at fault here, it is that they don't promote user awareness by making people create a separate admin account (that's easy to do, and you don't have to switch accounts to use admin powers, you can authenticate within your user account). They could also alter the GUI such that any executable was flagged as such in the Finder, thus solving the icon spoofing problem. Other than that, there isn't much they can do because malware like this relies on tricking the user rather than the system.

If you try to run such an app as an ordinary user, something like the following is what you will probably see:

Attached Files

**Agathon** · February 18, 2006, 04:56

Originally posted by Urban Ranger

Security has to do with user awareness to a large degree. In fact, nothing can save you if you do stupid things. Having limited rights means you can only bork your own account and directories you have write access.

Word.

Of course the stupidest thing you could do would be to run Windows.

**Agathon** · February 18, 2006, 04:59

Originally posted by Q Cubed
And, for the record, iChat is an ungainly piece of ****. AdiumX is better.

Word.

I love Adium. It's worth it for the Yoda Duck icon alone.

Attached Files

**Agathon** · February 18, 2006, 05:03

Originally posted by Oncle Boris

IIRC, he's always claimed that OS X was more secure than Windows, but he also admitted that its lower distribution makes it less attractive to malware writers.

Thanks Boris. It's nice to see that someone actually read my posts, instead of twits like Imran who completely missed the point (and who doesn't even know what he's talking about anyway).

**Last Conformist** · February 18, 2006, 05:21

Originally posted by Urban Ranger

XP SP2 breaks a whole slew of programs. Simple reinstallation wouldn't do.

I've installed SP2 on a bunch of machines, and it never broke anything.

Further back, Windows 3.0 to 3.1 did the same thing, and all subsequent major releases did something similar.

Please be serious. Those aren't patches.

**Q Classic** · February 18, 2006, 07:02

Originally posted by Agathon

Word.

Of course the stupidest thing you could do would be to run Windows.

On this, we disagree. Security often has to do with the intelligence (or lack thereof) between keyboard and chair, regardless of the operating system.

**Imran Siddiqui** · February 18, 2006, 13:13

Originally posted by Agathon
Thanks Boris. It's nice to see that someone actually read my posts, instead of twits like Imran who completely missed the point (and who doesn't even know what he's talking about anyway).

That's exactly what I said, just in a different package.

You get a cookie

**Asher** · February 18, 2006, 13:38

Another Mac worm today.

The page is not found

http://www.securitypronews.com/insiderreports/insider/spn-49-20060217MacOSXViralInfections.html

The Mac from Apple was long thought to be relatively safe from viruses and the like, but a new virus is worming its way through via iChat and it's doing a good job. That was yesterday. Another proof of concept worm appeared today. This one gets in through Bluetooth.

UK-based software security firm Sophos published their finding on Thursday and now it's the talk of the tech world. Today, Finnish-based F-Secure posted on their blog that a new worm, OSX/Inqtana.A is out there. The proof of concept has surfaced and it uses a Bluetooth OBEX Push vulnerability.

According to F-Secure's blog, the worm has not surfaced in the wild and this particular worm's lifespan will be short lived. They said it uses a Bluetooth library locked into a specific Bluetooth address and the library expires on February 24th of this year. They said it's doubtful Inqtana.A would be any kind of threat. This takes us to the other point though.

Mac has been hacked. Someone climbed the mountain and got to the top and now the viruses will flow like water. Sophos just conducted a poll and their numbers say 79% of the 600 web poll respondents feel Macs will be targeted more in the future. The interesting point is that many of those polled didn't feel the problem would be as great as for Windows.

"The bad news is that most people think the situation is going to get worse for Macintosh users, and more threats will be targeted against the Apple community. The good news is that most don't believe it will ever be as big a problem as the one Microsoft Windows faces," said Graham Cluley, senior technology consultant for Sophos. "What's perhaps surprising is that there are a hardcore element of 21% who believe that threat attempts against Mac users will not grow."

"The correct response is to remain calm and take sensible measures to protect your Mac computers in future," continued Cluley. "The Leap-A worm isn't in itself a significant threat, but it should act as a helpful reminder that malware can be written for any computer and that the best protection is through sensible best practise, firewalls, security patches and anti-virus technology. Mac users cannot keep thinking that they are invulnerable to these threats."

Security Focus quoted Jay Beale, a senior security consultant for Intelguardians and expert in hardening Linux and Mac OS X systems last week at the ShmooCon, "This is almost certainly the year of the OS X exploit. The OS X platform may be based on a Unix platform, but Apple seems to be making mistakes that Unix made, and corrected, long ago."

"On a good day, Apple doesn't even make it to Microsoft's level of security awareness," Beale said.

This doesn't bode well for the kids in Cupertino. If this does turn out to be the year of the OS X exploit, then things are going to get ugly. For over a decade, Windows has been at the top of the viral food chain because they completely dominate the computing landscape, particularly among the home user. Now, as hacking and viruses become more of an economic enterprise, all the operating systems are going to be more subject to assault.

For the longest time, Apple had the benefit of security through obscurity. Then this pesky little thing called an iPod came along, made Apple a part of pop culture again and in so doing increased the market share for Macs. It's good for business but it also means they are higher profile and more of a target for various illicit enterprises. Apple's going to really start burning the midnight oil to make sure they're security is up to par. In the meantime, users need to make sure and keep their patches, definitions and other updates current.

Aggie?

**Q Classic** · February 18, 2006, 14:32

If we start seeing more of these problems, I'll have been proven right, once again.

As I said a long time ago, and kept repeating, security through obscurity isn't really security at all.

'Course, I was informed that I was wrong by numerous people...

**Agathon** · February 18, 2006, 15:51

Originally posted by Q Cubed

On this, we disagree. Security often has to do with the intelligence (or lack thereof) between keyboard and chair, regardless of the operating system.

Often, but not always.

**Fake Boris** · February 18, 2006, 17:08

Here is the original quote, Imran:

Monolith says:

but us macheads have always pointed out that one advantage comes with smallness

to whom you reply:

Not true. Aggie has claimed on numerous occasions that Mac doesn't get hit by malware because of its security and not just because of smallness. Which is why Asher posted this. It's because of smallness, not because of better OS security.

Actually your post was ambiguous. On one hand, you seem to imply that indeed Agathon recognizes the two reasons for OS X security. OTOH you also categorically said 'not true' of Monolith's claim that Macheads willingly point out smallness as a security bonus.

If you are going to say one thing and its opposite in the same post, don't blame people for having troubles following you.

Announcement

The impossible has happened: MacOS X worm/malware spreads via iChat

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment