Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Apple Technology

Apple Quietly Goes After Mac Trojan With Update 321

Posted by kdawson
from the nothing-to-see-here dept.
Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
This discussion has been archived. No new comments can be posted.

Apple Quietly Goes After Mac Trojan With Update

Comments Filter:
  • by Facegarden (967477) on Saturday June 19, 2010 @03:59PM (#32627614)

    Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?

    I would hardly call release notes for a bugfix "shoving it in their face."

    It makes a lot of sense to say what you fixed in a bugfix, so people clearly know if a system needs a bugfix, or is safe.

    Hiding it makes a lot of sense if you don't want to look bad, but is unhelpful to users who want to know if they need to update their systems or if it can wait.

    This is probably more of an issue for enterprise users, and in that case their are fewer macs for sure, but its a good practice to be honest about what you're fixing, and covering that up is dishonest.
    -Taylor

  • by Graff (532189) on Saturday June 19, 2010 @04:11PM (#32627686)

    There's no wondering involved. They had a commercial that blatantly said that Macs don't get viruses. Liars.

    This may be news to you but trojans are not viruses. There are, in fact, no Mac OS X viruses in the wild. There are some spyware, adware, and trojans but they are few and far between and there is protection built-in to the operating system to deal with most of them.

    Saying that Mac OS X does not have any viruses at this point in time is 100% true.

  • by ls671 (1122017) * on Saturday June 19, 2010 @04:16PM (#32627744) Homepage

    So how does Mac "detects" it ?

    Does Mac have a built-in anti-virus or do they rely on something simpler like checksums or something like that ?

    Anyway, as said in TFA, I guess all MAC users should install anti-virus software. I use clam on Linux although I run no daemon process. I only scan emails or other very suspicious downloaded files and I run a full scan every week during the night. I also rely on common sense and digital signature when I download/install software.

  • by Anonymous Coward on Saturday June 19, 2010 @04:17PM (#32627748)

    That sound you are hearing is not a Mac user. It is the sound of air currents swirling in a torrent between your ears.

    Seriously, what does "I would bet this isn't the first one" mean to you?

  • by goombah99 (560566) on Saturday June 19, 2010 @04:19PM (#32627776)

    I hate story blurbs that suggest the sinister ('one has to wonder!') when the only news is that apple added yet another trojan to it's list of other trojans. If you wanted to say something intelligent you might instead say something like "is apple the only OS that, at the OS level, has explicit trojan filters?" then you could remark about Linux distro's or various editions of Windows or maybe even Baracudda routers or something. But there is nothing sinister here, it's all good. Reminds me of Aharon AppleMcHater over at TGdaily. always the negative spin!

  • by Anonymous Coward on Saturday June 19, 2010 @04:21PM (#32627792)

    Trojans aren't viruses.

    Please list off all the viruses that will run on Snow Leopard.

    Mac users are very fond of pointing out this distinction, leaving out that trojans and malware, and social engineering, these days are the overwhelming majority of Windows issues as well. The traditional virus is mostly a thing of the past.

  • by phoenix321 (734987) * on Saturday June 19, 2010 @04:23PM (#32627810)

    What would you choose?

    "Unsinkable" modern passenger ship with no lifeboats or worn African ferryboat with more lifeboats than seats?

  • by Anonymous Coward on Saturday June 19, 2010 @04:26PM (#32627832)

    There's no wondering involved. They had a commercial that blatantly said that Macs don't get viruses. Liars.

    This may be news to you but trojans are not viruses. There are, in fact, no Mac OS X viruses in the wild. There are some spyware, adware, and trojans but they are few and far between and there is protection built-in to the operating system to deal with most of them.

    Saying that Mac OS X does not have any viruses at this point in time is 100% true.

    Only problem being, by that definition, Windows nowdays doesn't have viruses either. They just have spyware, adware, and trojans. Which work just as well, thank you very much.

    So either Apple was lying or they're just as slimy as the used car salesman who'll sell you a lemon on technicalities.

  • Actually funny you should say that, as I would say that most Windows users would be safer as they know there is malware for Windows and thus are more likely to have AV and Antimal. I had to clean up a few Macs infected with the "Mac Codec" DNSChanger awhile back, and I literally had to take them to a security site and show them a security report saying "This is Mac malware" because they completely refused to believe it was possible for a Mac to get malware, because that was what they had been told so often. One even got irate with me because "WTF is the point of spending all this money buying a Mac and a bunch of new stuff to go with it if I can still get infected!!!". I told him to go take it up with the guys at the Genius Bar, because I just fix boxes.

    So I would say, especially with Windows 7 where there are features like ASLR, NX bit, and Windows Defender by default, that Windows users are probably safer because they know of the dangers out there. Many Mac users think they can run whatever they want and do anything because "Macs can't get bugs" and are therefor less likely to have good safety practices like have an AV or worry about updates. BTW all the guys that hope for a "Year of the Linux Desktop"? Guess what inevitably comes with clueless users? Can you say malware and headaches boys and girls? Believe me, I tried converting a "must click on teh pron!" Windows user to Linux once, he managed to break the OS in just three days. No matter the OS, stupid is as stupid does.

  • by Anonymous Coward on Saturday June 19, 2010 @04:33PM (#32627878)

    Fix them very quickly? Not true. They fix the ones made public very quickly but they are often as slow as Microsoft used to be at fixing the ones that don't make a splash. Microsoft in the meantime has gotten much more agile and serious about fixing bugs when they're reported all the while bitching if someone dares go public too quickly for their taste ala Google. Microsoft has gotten good at keeping researchers from telling anyone anything while Apple has simply been happy that no one has noticed. As Apple's market share rises they are becoming a target and if there wasn't so much money in it we'd probably have already seen a nasty worm or two. But these days that's a waste of money - black hats now make big bucks off of exploited machines and that stuff doesn't just get thrown around like it used to for giggles.

    Meanwhile the "experts" at the Apple store tell customers that their machines "can't get viruses because they're built different". Seriously - this was overheard at one of their stores and it's mind boggling.

  • by zerofoo (262795) on Saturday June 19, 2010 @04:39PM (#32627910)

    I use apple's software update server to distribute patches and updates at my company. I never understood why apple gives us a mechanism to centrally control and distribute patches, but no way to automatically install them.

    This is one thing that Microsoft got right. Centrally distributing and installing patches is stupidly easy in the windows world. It pains me to say this, but the lack of automatic patching will bite apple and their users one day.

  • by Anonymous Coward on Saturday June 19, 2010 @04:44PM (#32627956)

    So you like it when the OS vendor pushes some software onto your system without any mention in the patch notes (which is the point of the article)? If so, you're posting on the wrong website.

  • by Bungie (192858) on Saturday June 19, 2010 @05:23PM (#32628240)

    If you're just starting to wonder now then you're gonna be in for a shock. Apple has never been a really transparent company about what they do, and they've always just pushed and bundled things however they like.

  • by Dragoniz3r (992309) on Saturday June 19, 2010 @05:44PM (#32628374)
    yeah if you don't mind google knowing every hostname you ever resolve...
  • by Facegarden (967477) on Saturday June 19, 2010 @06:28PM (#32628638)

    Hiding it makes a lot of sense if you don't want to look bad, but is unhelpful to users who want to know if they need to update their systems or if it can wait.

    I think you run too much windos. The only reason I've ever hesitated installing an OS X update right away was when it required a restart and I had something running I didn't want to interrupt. I've never seen an update break anything. I shake my head when I hear the windos admins at the company test a bugfix update. Why'd the need to do that? Isn't that what the vendor is supposed to do before sending it out?

    I think you run too much Mac.

    Vendors are supposed to test their updates before sending it out, but who knows if their tests were comprehensive? The best way to see if an update will work with your specific combination of hardware and software is to test it on your hardware and software. Are you using a custom app written in-house? Did your programmer rely on an outdated program interface that finally got phased out in this update? The vendor may have given plenty of warning that they were going to phase out that interface, but your programmer may have missed that, or been an idiot. In that case, the vendor *DID* test and considered it functional, but it could still break stuff.

    Or the vendor thought they tested it, but screwed that up. Are you willing to trust them to always get it right 100% of the time?

    Your cuddly image of Mac computers always working is great, but *NO* system is infallible, and if you have 1000 computers and you can't afford to have them all stop working on you, you have to test *EVERY* upgrade. That's just common sense.
    -Taylor

  • by Bungie (192858) on Saturday June 19, 2010 @07:03PM (#32628796)

    He's not saying that Macs are immune, he's saying that Windows had some bad design concepts at one point. Microsoft went through a phase where they integrated things like scripting and COM into everything they could, but there was very little consideration for security. It wasn't until worms and malware started rampaging across Windows machines that they actually started considering and working on security.

    Take Outlook for example. E-mail was normally safe because it's was only text and images. Then add VBA scripting capabilities and embedded ActiveX controls to the mix...suddenly there are huge vectors for hostile software to use in plain old e-mail messages. Internet Explorer would ask if you wanted to install an ActiveX control, if you said yes it would have full access to your system to do whatever it wanted. NT based systems ran will a full compliment of services exposed to the internet and ready to use.

    No one considered that people on the internet might be assholes and take advantage of those handy features for completely hostile purposes. Even if they did Microsoft had no clue where to begin and would take years of hard lessons to get Windows into a decently secure state.

  • by pikine (771084) on Saturday June 19, 2010 @08:10PM (#32629136) Journal

    On one hand, Apple could have very well done the same with other parts of the software, providing fix without disclosure. This goes on to say that vulnerability disclosure is a very poor indicator of software quality. However, in this case, it could have said something as trivial as "updated malware signature database." It's not fixing a vulnerability.

    On the other hand, this article highlights the very interesting fact that there *is* a market for anti-virus software, even when the base OS is robust and secure. The base OS could be immune to virus and malware attack when there is no user action involved. However, the user could become the weak link to compromise their own system. Anti-virus software prevents high-risk users from being affected by their reckless action.

    It's just like how only certain people need to be HIV tested regularly. You only need to worry about HIV infection if you received blood transfusion, or if you engaged in promiscuous sexual act (willfully or as a rape victim). If you did neither, then you don't need to be tested, hence you don't need to spend money on the pharmaceutical products for the HIV test. You should definitely be tested regularly if you know what you do carries a high risk of contracting HIV.

    You may still need anti-virus software, depending on if what you do online carries a high risk of contracting malware. It has less to do with whether your operating system is secure.

  • by zerofoo (262795) on Saturday June 19, 2010 @08:36PM (#32629268)

    Only works if the logged in user is an administrator. My end users do not have local admin permissions.

  • by Andorin (1624303) on Saturday June 19, 2010 @09:22PM (#32629444)
    They were built to be backwards compatible with DOS. I mean, even modern Windows systems still create an administrator account for the initial user instead of a limited user account and a separate admin account. The problems are still there.
  • by zmollusc (763634) on Sunday June 20, 2010 @12:08AM (#32630070)

    Bad example. Many people know in their hearts that there _is_ a Flying Spaghetti Monster.

"Ignorance is the soil in which belief in miracles grows." -- Robert G. Ingersoll

Working...