Apple Quietly Goes After Mac Trojan With Update 321
Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
Security as it should be (Score:4, Interesting)
This is a good opportunity for the world to rethink its perception of what viruses, trojans and the like are. Due to the vast and never ending list of problems and software defects that plague the dominating platform (i.e., microsoft windows) since it's inception and continue to affect it up to this day, the world has been conditioned to think that having a base system with so many profoundly serious defects is somehow acceptable. I mean, these bugs are so serious that they even let other people take over your system, a system that you've paid with your hard-earned money to be able to use as you use fit. Why exactly should this be normal, let alone acceptable?
In this instance we have a very rare glimpse of what the issue of software vulnerabilities is and how it should be handled. A very serious software bug could be exploited by malicious people to be able to gain control of the system and that problem was fixed by fixing the software bug. That is exactly how it should be. Yet, what Microsoft forced us to believe it is the right way of handling this thing is let that security hole stay wide open. What Microsoft forced the world to believe is that you solve the problems arising from any security bug by paying some third-party vendor for a piece of software that monitors your system for a hand full of instances of malicious code that made it's way into your system through those security holes. And this has become acceptable why? It's as you've bought a house with so many holes that could be used by malicious people to enter your house as they see fit and take over it. The problem lies in those holes being there and the problem doesn't go away if you employ security guards instead of plugging those damn holes your incompetent builder left there.
Re:If they're trying to keep it secret (Score:5, Interesting)
Hiding it makes a lot of sense if you don't want to look bad,
It's really hard for me to believe that's the reason they did it, given the number of ugly things they did announce [apple.com], including a few bugs that give complete control of the computer just by opening a web page. They could have added a line about updating malware signatures, and if they worded it right, avoided the bad press (I mean, it's not like it's the first time there has been a trojan for OSX).
It is more likely that the internal communication processes at Apple got mixed up, and the people in charge of updating the malware signatures haven't gotten in contact with the people in charge of writing the release notes. I don't think that is an uncommon thing in large (and even small) companies.
Re:You have to wonder? (Score:3, Interesting)
...except Windows is automated to the point that "trojans" become viruses.
That is the whole problem that Windows has created and magnified. They
have taken situations that previously didn't have any risk of viral
infection and added automatic execution of random untrusted programs.
It's like having walls that pull through any Athenians or Spartans that happen to standing outside.
Suddenly, the Trojans are wondering WTF is Achilles doing in the middle of the Palace.
Re:this is anything but new (Score:5, Interesting)
Microsoft in the meantime has gotten much more agile and serious about fixing bugs when they're reported all the while bitching if someone dares go public too quickly for their taste ala Google.
Too quickly for their taste?
I don't know what world you live in where you can patch something as complicated as windows in five days.
Do you know how many versions and language combination of windows there are? Testing and QA that goes into it? Documentation?
It's not like your small little project where you fix a couple of lines and call it done you know.
And also, it wasn't "Google" per se, one of their security researchers did it, and according to his tweets he claims that this was done on his own time.
But sure, let's ignore the facts and label this as a clash of the titans.
Re:Let's get this out of the way, shall we? (Score:2, Interesting)
The difference with Windows to OSX is Windows has a lot of backward compatibility with older software that weakens it. Renaming an installer to a specific filename defeated the protection in Vista.
To to mention autorun from USB sticks and other braindead convenience features (which are being removed or have been).
Security in OSX is mostly based around sound Unix principles. There's no awful backward compatibility in the Unix underpinnings.
Re:The issue is more secure (Score:1, Interesting)
Re:Let's get this out of the way, shall we? (Score:3, Interesting)
Classic case of PR over practicality.
We don't need as many lifeboats because the ship can't possibly sink. Just put em on to keep the officials happy.
And as the ship is unsinkable, no lifeboat drills.
Oh.. and a few lower grade rivets will be fine, cos' the ship is unsinkable remember... No harm saving a few quid eh?
Of course, a PR driven product couldn't exist like that today, because so many technical people would point out the flaws, and the company wouldn't get away with it. Right?
Viruses? (Score:2, Interesting)
Comment removed (Score:3, Interesting)
Re:this is anything but new (Score:5, Interesting)
Where in the world except for microsoft the languages is relevant for fixing up bugs or securing the CODE?
The world where you have to deal with RTL languages like Arabic and Hebrew where no matter how simple the patch is, something is bound to get broken.
That's not even considering that the bug was in the hcp:// protocol that's directly related to help/remote assistance and the control panel. How will the patch affect hcp://[slashdot ate my UTF-8 Arabic characters that spelled help]?
That said, I do not have access to the code and I do not know for sure if there are any il8n issues to consider, but make no mistake about it, Windows is not your freaking weekend project that you can fix/QA and push live in five days.
Look, I dislike Microsoft as much as the next guy, but Google's security researcher really didn't give them any chance here.
Had he reported it and it went unfixed for 3 months then I'd be rooting for him and bashing MS like there's no tomorrow. But any bug in a code base as complicated as windows cannot be humanly fixed in the time-frame he gave them.
Comment removed (Score:2, Interesting)
The reason they kept quiet, is of course: (Score:3, Interesting)
That if any Apple user would have heard anything about it, they would have preferred to keep the Trojan installed, so they could use it to sneak out of the walled garden once in a while. ;) ;)
Also, fanbois wouldn’t be able to parrot how their system has no known viruses at all. And we all know that Apple relies nearly completely on...ehrm... viral marketing.
Adding a 3rd malware to the blacklist is not news (Score:3, Interesting)
The malware blacklist has existed since Mac OS v10.6.0, and has always had 2 Trojans on it. Now Apple added a 3rd because there is a new one. That's how it's supposed to work. If this is news, it says really good things about Apple because it's man bites dog. New malware on Windows is dog bites man.
The Mac is not invulnerable to malware. No system is. That would be like saying a building is invulnerable to graffiti. However, if you paint over graffiti the instant it appears, you remove the entire incentive. Apple's Software Update patches 75% of the community within a week or so, and the rest within a month or so. There's just not much to be gained with Mac malware. Whatever you exploit will be replaced almost immediately by Apple. Snow Leopard is not one version of an OS, it's 10 discrete versions. There were 11 versions of Leopard. Each lasts only 2-3 months. A typical Windows version lasts 2-3 years or more. It's a very different situation.
Another thing to understand is that Sophos and other companies who make their living solely because Windows is mismanaged always want to expand into the Mac market and so they like to pretend that it's not a question of platform management but rather that malware is a fact of life and their services and scanners are necessary. No. The 10-20 built-in security systems of Mac OS are superior to anything you can bolt on to Windows.
Re:Let's get this out of the way, shall we? (Score:3, Interesting)
Well, I've run into several covert Apple "pushes" in the (thankfully) short period of time I've had to deal with their cobbled system. I seem to recall two stealth pushes of Java in particular which broke the platform we were using: anyone watching upstream would see security issues being discovered (and fixed), but Apple made no such disclosure and just installed them. That's really nice on a server. (Microsoft, you're an ass for doing same with 'new' packages like the latest version of IE, even when SUS has things set to require authentication prior to install.)
Note: OS X itself isn't bad, from a design perspective. Neither are the BSDs. It's the user utility/ability in being able to control the platform once you've got it (without painful regressions, downtime, etc.).