Apple Quietly Goes After Mac Trojan With Update 321
Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
Re:If they're trying to keep it secret (Score:5, Insightful)
Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?
I would hardly call release notes for a bugfix "shoving it in their face."
It makes a lot of sense to say what you fixed in a bugfix, so people clearly know if a system needs a bugfix, or is safe.
Hiding it makes a lot of sense if you don't want to look bad, but is unhelpful to users who want to know if they need to update their systems or if it can wait.
This is probably more of an issue for enterprise users, and in that case their are fewer macs for sure, but its a good practice to be honest about what you're fixing, and covering that up is dishonest.
-Taylor
Re:You have to wonder? (Score:1, Insightful)
There's no wondering involved. They had a commercial that blatantly said that Macs don't get viruses. Liars.
This may be news to you but trojans are not viruses. There are, in fact, no Mac OS X viruses in the wild. There are some spyware, adware, and trojans but they are few and far between and there is protection built-in to the operating system to deal with most of them.
Saying that Mac OS X does not have any viruses at this point in time is 100% true.
Re:Trojan for Mac had to appear some day... (Score:3, Insightful)
So how does Mac "detects" it ?
Does Mac have a built-in anti-virus or do they rely on something simpler like checksums or something like that ?
Anyway, as said in TFA, I guess all MAC users should install anti-virus software. I use clam on Linux although I run no daemon process. I only scan emails or other very suspicious downloaded files and I run a full scan every week during the night. I also rely on common sense and digital signature when I download/install software.
Re:Trojan for Mac had to appear some day... (Score:0, Insightful)
That sound you are hearing is not a Mac user. It is the sound of air currents swirling in a torrent between your ears.
Seriously, what does "I would bet this isn't the first one" mean to you?
One does not have to wonder (Score:1, Insightful)
I hate story blurbs that suggest the sinister ('one has to wonder!') when the only news is that apple added yet another trojan to it's list of other trojans. If you wanted to say something intelligent you might instead say something like "is apple the only OS that, at the OS level, has explicit trojan filters?" then you could remark about Linux distro's or various editions of Windows or maybe even Baracudda routers or something. But there is nothing sinister here, it's all good. Reminds me of Aharon AppleMcHater over at TGdaily. always the negative spin!
Re:You have to wonder? (Score:5, Insightful)
Trojans aren't viruses.
Please list off all the viruses that will run on Snow Leopard.
Mac users are very fond of pointing out this distinction, leaving out that trojans and malware, and social engineering, these days are the overwhelming majority of Windows issues as well. The traditional virus is mostly a thing of the past.
Re:Let's get this out of the way, shall we? (Score:1, Insightful)
What would you choose?
"Unsinkable" modern passenger ship with no lifeboats or worn African ferryboat with more lifeboats than seats?
Re:You have to wonder? (Score:1, Insightful)
There's no wondering involved. They had a commercial that blatantly said that Macs don't get viruses. Liars.
This may be news to you but trojans are not viruses. There are, in fact, no Mac OS X viruses in the wild. There are some spyware, adware, and trojans but they are few and far between and there is protection built-in to the operating system to deal with most of them.
Saying that Mac OS X does not have any viruses at this point in time is 100% true.
Only problem being, by that definition, Windows nowdays doesn't have viruses either. They just have spyware, adware, and trojans. Which work just as well, thank you very much.
So either Apple was lying or they're just as slimy as the used car salesman who'll sell you a lemon on technicalities.
Comment removed (Score:5, Insightful)
Re:this is anything but new (Score:2, Insightful)
Fix them very quickly? Not true. They fix the ones made public very quickly but they are often as slow as Microsoft used to be at fixing the ones that don't make a splash. Microsoft in the meantime has gotten much more agile and serious about fixing bugs when they're reported all the while bitching if someone dares go public too quickly for their taste ala Google. Microsoft has gotten good at keeping researchers from telling anyone anything while Apple has simply been happy that no one has noticed. As Apple's market share rises they are becoming a target and if there wasn't so much money in it we'd probably have already seen a nasty worm or two. But these days that's a waste of money - black hats now make big bucks off of exploited machines and that stuff doesn't just get thrown around like it used to for giggles.
Meanwhile the "experts" at the Apple store tell customers that their machines "can't get viruses because they're built different". Seriously - this was overheard at one of their stores and it's mind boggling.
Comment removed (Score:5, Insightful)
Re:One does not have to wonder (Score:5, Insightful)
So you like it when the OS vendor pushes some software onto your system without any mention in the patch notes (which is the point of the article)? If so, you're posting on the wrong website.
Re:Let's get this out of the way, shall we? (Score:5, Insightful)
If you're just starting to wonder now then you're gonna be in for a shock. Apple has never been a really transparent company about what they do, and they've always just pushed and bundled things however they like.
Re:this is anything but new (Score:2, Insightful)
Re:If they're trying to keep it secret (Score:5, Insightful)
Hiding it makes a lot of sense if you don't want to look bad, but is unhelpful to users who want to know if they need to update their systems or if it can wait.
I think you run too much windos. The only reason I've ever hesitated installing an OS X update right away was when it required a restart and I had something running I didn't want to interrupt. I've never seen an update break anything. I shake my head when I hear the windos admins at the company test a bugfix update. Why'd the need to do that? Isn't that what the vendor is supposed to do before sending it out?
I think you run too much Mac.
Vendors are supposed to test their updates before sending it out, but who knows if their tests were comprehensive? The best way to see if an update will work with your specific combination of hardware and software is to test it on your hardware and software. Are you using a custom app written in-house? Did your programmer rely on an outdated program interface that finally got phased out in this update? The vendor may have given plenty of warning that they were going to phase out that interface, but your programmer may have missed that, or been an idiot. In that case, the vendor *DID* test and considered it functional, but it could still break stuff.
Or the vendor thought they tested it, but screwed that up. Are you willing to trust them to always get it right 100% of the time?
Your cuddly image of Mac computers always working is great, but *NO* system is infallible, and if you have 1000 computers and you can't afford to have them all stop working on you, you have to test *EVERY* upgrade. That's just common sense.
-Taylor
Re:You have to wonder? (Score:4, Insightful)
He's not saying that Macs are immune, he's saying that Windows had some bad design concepts at one point. Microsoft went through a phase where they integrated things like scripting and COM into everything they could, but there was very little consideration for security. It wasn't until worms and malware started rampaging across Windows machines that they actually started considering and working on security.
Take Outlook for example. E-mail was normally safe because it's was only text and images. Then add VBA scripting capabilities and embedded ActiveX controls to the mix...suddenly there are huge vectors for hostile software to use in plain old e-mail messages. Internet Explorer would ask if you wanted to install an ActiveX control, if you said yes it would have full access to your system to do whatever it wanted. NT based systems ran will a full compliment of services exposed to the internet and ready to use.
No one considered that people on the internet might be assholes and take advantage of those handy features for completely hostile purposes. Even if they did Microsoft had no clue where to begin and would take years of hard lessons to get Windows into a decently secure state.
anti-virus is for the user, not for the OS (Score:4, Insightful)
On one hand, Apple could have very well done the same with other parts of the software, providing fix without disclosure. This goes on to say that vulnerability disclosure is a very poor indicator of software quality. However, in this case, it could have said something as trivial as "updated malware signature database." It's not fixing a vulnerability.
On the other hand, this article highlights the very interesting fact that there *is* a market for anti-virus software, even when the base OS is robust and secure. The base OS could be immune to virus and malware attack when there is no user action involved. However, the user could become the weak link to compromise their own system. Anti-virus software prevents high-risk users from being affected by their reckless action.
It's just like how only certain people need to be HIV tested regularly. You only need to worry about HIV infection if you received blood transfusion, or if you engaged in promiscuous sexual act (willfully or as a rape victim). If you did neither, then you don't need to be tested, hence you don't need to spend money on the pharmaceutical products for the HIV test. You should definitely be tested regularly if you know what you do carries a high risk of contracting HIV.
You may still need anti-virus software, depending on if what you do online carries a high risk of contracting malware. It has less to do with whether your operating system is secure.
Comment removed (Score:4, Insightful)
Re:Security as it should be (Score:3, Insightful)
Re:You have to wonder? (Score:3, Insightful)
Bad example. Many people know in their hearts that there _is_ a Flying Spaghetti Monster.