Forgot your password?
Security Apple Technology

Apple Quietly Goes After Mac Trojan With Update 321

Posted by kdawson
from the nothing-to-see-here dept.
Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
This discussion has been archived. No new comments can be posted.

Apple Quietly Goes After Mac Trojan With Update

Comments Filter:
  • by GreatBunzinni (642500) on Saturday June 19, 2010 @05:14PM (#32627722)

    This is a good opportunity for the world to rethink its perception of what viruses, trojans and the like are. Due to the vast and never ending list of problems and software defects that plague the dominating platform (i.e., microsoft windows) since it's inception and continue to affect it up to this day, the world has been conditioned to think that having a base system with so many profoundly serious defects is somehow acceptable. I mean, these bugs are so serious that they even let other people take over your system, a system that you've paid with your hard-earned money to be able to use as you use fit. Why exactly should this be normal, let alone acceptable?

    In this instance we have a very rare glimpse of what the issue of software vulnerabilities is and how it should be handled. A very serious software bug could be exploited by malicious people to be able to gain control of the system and that problem was fixed by fixing the software bug. That is exactly how it should be. Yet, what Microsoft forced us to believe it is the right way of handling this thing is let that security hole stay wide open. What Microsoft forced the world to believe is that you solve the problems arising from any security bug by paying some third-party vendor for a piece of software that monitors your system for a hand full of instances of malicious code that made it's way into your system through those security holes. And this has become acceptable why? It's as you've bought a house with so many holes that could be used by malicious people to enter your house as they see fit and take over it. The problem lies in those holes being there and the problem doesn't go away if you employ security guards instead of plugging those damn holes your incompetent builder left there.

  • by phantomfive (622387) on Saturday June 19, 2010 @05:16PM (#32627746) Journal

    Hiding it makes a lot of sense if you don't want to look bad,

    It's really hard for me to believe that's the reason they did it, given the number of ugly things they did announce [], including a few bugs that give complete control of the computer just by opening a web page. They could have added a line about updating malware signatures, and if they worded it right, avoided the bad press (I mean, it's not like it's the first time there has been a trojan for OSX).

    It is more likely that the internal communication processes at Apple got mixed up, and the people in charge of updating the malware signatures haven't gotten in contact with the people in charge of writing the release notes. I don't think that is an uncommon thing in large (and even small) companies.

  • by jedidiah (1196) on Saturday June 19, 2010 @05:56PM (#32628048) Homepage

    ...except Windows is automated to the point that "trojans" become viruses.

    That is the whole problem that Windows has created and magnified. They
    have taken situations that previously didn't have any risk of viral
    infection and added automatic execution of random untrusted programs.

    It's like having walls that pull through any Athenians or Spartans that happen to standing outside.

    Suddenly, the Trojans are wondering WTF is Achilles doing in the middle of the Palace.

  • by eihab (823648) on Saturday June 19, 2010 @05:56PM (#32628052)

    Microsoft in the meantime has gotten much more agile and serious about fixing bugs when they're reported all the while bitching if someone dares go public too quickly for their taste ala Google.

    Too quickly for their taste?

    I don't know what world you live in where you can patch something as complicated as windows in five days.

    Do you know how many versions and language combination of windows there are? Testing and QA that goes into it? Documentation?

    It's not like your small little project where you fix a couple of lines and call it done you know.

    And also, it wasn't "Google" per se, one of their security researchers did it, and according to his tweets he claims that this was done on his own time.

    But sure, let's ignore the facts and label this as a clash of the titans.

  • by gilesjuk (604902) <> on Saturday June 19, 2010 @06:33PM (#32628316)

    The difference with Windows to OSX is Windows has a lot of backward compatibility with older software that weakens it. Renaming an installer to a specific filename defeated the protection in Vista.

    To to mention autorun from USB sticks and other braindead convenience features (which are being removed or have been).

    Security in OSX is mostly based around sound Unix principles. There's no awful backward compatibility in the Unix underpinnings.

  • by luther349 (645380) on Saturday June 19, 2010 @06:48PM (#32628404)
    macs used to be just as bad is pcs pre osx. it was the change to unix that made macs more secure then a pc. unix and its brother linux have one critical advantage over windows. you can upgrade the core of the os at anytime. so a pice of bad soft where can always be patched. this is why linux and osx maleware etc are short lived. as i tell users that ask me the question if linux can get infected i always tell them yes but if you stay up2date the chances of it are slim.
  • by JohnBailey (1092697) on Saturday June 19, 2010 @07:23PM (#32628608)

    Classic case of PR over practicality.

    We don't need as many lifeboats because the ship can't possibly sink. Just put em on to keep the officials happy.

    And as the ship is unsinkable, no lifeboat drills.

    Oh.. and a few lower grade rivets will be fine, cos' the ship is unsinkable remember... No harm saving a few quid eh?

    Of course, a PR driven product couldn't exist like that today, because so many technical people would point out the flaws, and the company wouldn't get away with it. Right?

  • Viruses? (Score:2, Interesting)

    by philofaqs (668524) on Saturday June 19, 2010 @07:53PM (#32628750)
    Not looking for trouble, but really what was the last virus to hit the windows world? Trojans yes by the bucketload that then download all sorts of malware, but since XP SP2 wnet mainstream viruses as such seem dead. OK a piece of social engineering like the "I love you" will still get people but users are users. All you can do is make them non admins but crudware can still destroy their data and I don't see how other OS's can stop that, the machine might be OK but that user's data is toast and that's generally where most people value things. "The machine is fine, the only thing I couldn't recover is that special photo of your dead Gran" is not what folks want to hear.
  • Allow your old PC repair pal Hairyfeet to help you out there bud. What you want is a combination approach, using Comodo AV [] and Comodo Time Machine []. Comodo AV, with full firewall, only uses around 19Mb of RAM and less than 1% CPU when not running a scheduled scan, and Comodo Time Machine allows you to "go back" and remove any malware she is clueless enough to ignore the warnings and install anyway. I have customers and relatives that can fill a PC with more viruses than a Bangkok Whore, and Comodo has kept them squeaky clean.

    One word of warning though: Comodo Time machine will NOT work on a dual boot that includes Windows 7 in any location but the C: drive, due to the fact that Win7 changes everything to C: even if you install it in another location like D:. It won't screw anything up if you try it, it just won't work. But for a single boot, a dual boot with a non Win7 OS, or a dual boot with Win7 on the C: drive, Comodo AV + time machine is a life saver! Believe me, I know where you are coming from, my GF lives 126 miles away and having to repair her PC when she screwed it up was a pain. Thanks to Comodo time machine when she screws something up bad I can walk her through having her OS back to normal in under 15 minutes. And Comodo AV keeps the bugs away, as I had her bring it down just a couple of weeks ago to give it a checkup and all was good.

    Both are 100% free, work on X86 and X64, and Comodo AV even has a sandbox built in that will automatically run installers and new apps in the sandbox if you desire, and you can have it run any app at any time sandboxed. You can even tell it to run her FF sandboxed and she'll never know the difference. Trust me, Hairyfeet is good, Hairyfeet is wise ;-)

  • by eihab (823648) on Saturday June 19, 2010 @10:00PM (#32629368)

    Where in the world except for microsoft the languages is relevant for fixing up bugs or securing the CODE?

    The world where you have to deal with RTL languages like Arabic and Hebrew where no matter how simple the patch is, something is bound to get broken.

    That's not even considering that the bug was in the hcp:// protocol that's directly related to help/remote assistance and the control panel. How will the patch affect hcp://[slashdot ate my UTF-8 Arabic characters that spelled help]?

    That said, I do not have access to the code and I do not know for sure if there are any il8n issues to consider, but make no mistake about it, Windows is not your freaking weekend project that you can fix/QA and push live in five days.

    Look, I dislike Microsoft as much as the next guy, but Google's security researcher really didn't give them any chance here.

    Had he reported it and it went unfixed for 3 months then I'd be rooting for him and bashing MS like there's no tomorrow. But any bug in a code base as complicated as windows cannot be humanly fixed in the time-frame he gave them.

  • by toadlife (301863) on Saturday June 19, 2010 @11:24PM (#32629710) Journal

    Malware that targets services is rare. Malware typically targets users and applications - in that order. Services certainly can be targeted when the opportunity arises, but those opportunities don't come very often, especially in the last several years after debacles like code red hit us and Windows started shipping with the firewall turned on by default.

    The one service you mention as an example, UPnP, has had maybe three vulnerabilities in the last decade (two are listed on secunia, but they only go back to 2003; I know there was one in 2001).

    You claim that UPnP is not adequately sandboxed, but give no reason why. Checking services, I see that UPnP runs as the local service account. This local service has no special rights on the system and can't even read user files. How is that not sandboxed enough and what does OSX do to further sandbox it's services?

    As for this...

    On Windows more are exposed by default, they're easier to exploit, and they are usually proprietary; all of which leads to less security regardless of market share.

    The first claim is downright wrong and the last two are completely unqualified. How are they easier to exploit. How does being proprietary lead to less security?

    As for services being more exposed by default, since XPSP2, the firewall has come on by default, meaning precisely zero services were exposed by default. Despite that, millions of Windows users continued to get infected to this day.

    And another thing about UPnp. It is not a proprietary Microsoft technology. It is a standard which was developed by hardware vendors. Microsoft just supports it. You calling it proprietary is like calling TCP/IP proprietary because Microsoft's TCP/IP implementation is proprietary.

    On a related note, an amusing quip about OS X and UPnP from []..

    "Of course, Apple seem to keep wanting to do their own thing, and their own thing only, so there is no native UPnP support in Mac OS X"

  • by Hurricane78 (562437) <deleted@s l a s h> on Saturday June 19, 2010 @11:41PM (#32629774)

    That if any Apple user would have heard anything about it, they would have preferred to keep the Trojan installed, so they could use it to sneak out of the walled garden once in a while. ;)
    Also, fanbois wouldn’t be able to parrot how their system has no known viruses at all. And we all know that Apple relies nearly completely on...ehrm... viral marketing. ;)

  • by gig (78408) on Sunday June 20, 2010 @12:35AM (#32629966)

    The malware blacklist has existed since Mac OS v10.6.0, and has always had 2 Trojans on it. Now Apple added a 3rd because there is a new one. That's how it's supposed to work. If this is news, it says really good things about Apple because it's man bites dog. New malware on Windows is dog bites man.

    The Mac is not invulnerable to malware. No system is. That would be like saying a building is invulnerable to graffiti. However, if you paint over graffiti the instant it appears, you remove the entire incentive. Apple's Software Update patches 75% of the community within a week or so, and the rest within a month or so. There's just not much to be gained with Mac malware. Whatever you exploit will be replaced almost immediately by Apple. Snow Leopard is not one version of an OS, it's 10 discrete versions. There were 11 versions of Leopard. Each lasts only 2-3 months. A typical Windows version lasts 2-3 years or more. It's a very different situation.

    Another thing to understand is that Sophos and other companies who make their living solely because Windows is mismanaged always want to expand into the Mac market and so they like to pretend that it's not a question of platform management but rather that malware is a fact of life and their services and scanners are necessary. No. The 10-20 built-in security systems of Mac OS are superior to anything you can bolt on to Windows.

  • by CAIMLAS (41445) on Sunday June 20, 2010 @12:37AM (#32629972) Homepage

    Well, I've run into several covert Apple "pushes" in the (thankfully) short period of time I've had to deal with their cobbled system. I seem to recall two stealth pushes of Java in particular which broke the platform we were using: anyone watching upstream would see security issues being discovered (and fixed), but Apple made no such disclosure and just installed them. That's really nice on a server. (Microsoft, you're an ass for doing same with 'new' packages like the latest version of IE, even when SUS has things set to require authentication prior to install.)

    Note: OS X itself isn't bad, from a design perspective. Neither are the BSDs. It's the user utility/ability in being able to control the platform once you've got it (without painful regressions, downtime, etc.).

You are in the hall of the mountain king.