Forgot your password?
typodupeerror
Security Apple Technology

Apple Quietly Goes After Mac Trojan With Update 321

Posted by kdawson
from the nothing-to-see-here dept.
Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
This discussion has been archived. No new comments can be posted.

Apple Quietly Goes After Mac Trojan With Update

Comments Filter:
  • Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?
    • by Facegarden (967477) on Saturday June 19, 2010 @04:59PM (#32627614)

      Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?

      I would hardly call release notes for a bugfix "shoving it in their face."

      It makes a lot of sense to say what you fixed in a bugfix, so people clearly know if a system needs a bugfix, or is safe.

      Hiding it makes a lot of sense if you don't want to look bad, but is unhelpful to users who want to know if they need to update their systems or if it can wait.

      This is probably more of an issue for enterprise users, and in that case their are fewer macs for sure, but its a good practice to be honest about what you're fixing, and covering that up is dishonest.
      -Taylor

      • by phantomfive (622387) on Saturday June 19, 2010 @05:16PM (#32627746) Journal

        Hiding it makes a lot of sense if you don't want to look bad,

        It's really hard for me to believe that's the reason they did it, given the number of ugly things they did announce [apple.com], including a few bugs that give complete control of the computer just by opening a web page. They could have added a line about updating malware signatures, and if they worded it right, avoided the bad press (I mean, it's not like it's the first time there has been a trojan for OSX).

        It is more likely that the internal communication processes at Apple got mixed up, and the people in charge of updating the malware signatures haven't gotten in contact with the people in charge of writing the release notes. I don't think that is an uncommon thing in large (and even small) companies.

  • by GreatBunzinni (642500) on Saturday June 19, 2010 @05:14PM (#32627722)

    This is a good opportunity for the world to rethink its perception of what viruses, trojans and the like are. Due to the vast and never ending list of problems and software defects that plague the dominating platform (i.e., microsoft windows) since it's inception and continue to affect it up to this day, the world has been conditioned to think that having a base system with so many profoundly serious defects is somehow acceptable. I mean, these bugs are so serious that they even let other people take over your system, a system that you've paid with your hard-earned money to be able to use as you use fit. Why exactly should this be normal, let alone acceptable?

    In this instance we have a very rare glimpse of what the issue of software vulnerabilities is and how it should be handled. A very serious software bug could be exploited by malicious people to be able to gain control of the system and that problem was fixed by fixing the software bug. That is exactly how it should be. Yet, what Microsoft forced us to believe it is the right way of handling this thing is let that security hole stay wide open. What Microsoft forced the world to believe is that you solve the problems arising from any security bug by paying some third-party vendor for a piece of software that monitors your system for a hand full of instances of malicious code that made it's way into your system through those security holes. And this has become acceptable why? It's as you've bought a house with so many holes that could be used by malicious people to enter your house as they see fit and take over it. The problem lies in those holes being there and the problem doesn't go away if you employ security guards instead of plugging those damn holes your incompetent builder left there.

  • by zerofoo (262795) on Saturday June 19, 2010 @05:39PM (#32627910)

    I use apple's software update server to distribute patches and updates at my company. I never understood why apple gives us a mechanism to centrally control and distribute patches, but no way to automatically install them.

    This is one thing that Microsoft got right. Centrally distributing and installing patches is stupidly easy in the windows world. It pains me to say this, but the lack of automatic patching will bite apple and their users one day.

    • by jjoelc (1589361)

      agreed.. but I'm not holding my breath. Apple has just never really shown much interest in the enterprise market. If they had, they would undoubtedly have more... enterprise features... the tools are certainly out there, and Apple really wouldn't have that hard a time implementing them, I wouldn't think...

      It is kind of a vicious circle in a way.. lack of tools prevents wider enterprise acceptance, lack of acceptance means the company has less reason to focus on the category and make improvements...

      But I re

    • by Drakino (10965) <d_slashdot@@@miniinfo...net> on Saturday June 19, 2010 @07:06PM (#32628504) Journal

      "man softwareupdate" for info on one way to auto install updates.

      And OS X out of the box has ran software update at first boot since 10.0. Yes, a user has to click install now, and they may just ignore it. But it will come back and prompt again later.

    • by JPRelph (519032)
      What's wrong with an ARD Task Server and scheduled tasks to push out softwareupdate commands to clients? Tends to work pretty well in my experience.
  • While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.

    How exactly are these two objectives different from each other?

  • ...because it was mentioned in a blog.

  • Viruses? (Score:2, Interesting)

    by philofaqs (668524)
    Not looking for trouble, but really what was the last virus to hit the windows world? Trojans yes by the bucketload that then download all sorts of malware, but since XP SP2 wnet mainstream viruses as such seem dead. OK a piece of social engineering like the "I love you" will still get people but users are users. All you can do is make them non admins but crudware can still destroy their data and I don't see how other OS's can stop that, the machine might be OK but that user's data is toast and that's gener
  • I don't get it. Why would anyone pirate iPhoto? It comes with every Mac sold, already installed.
    • Re:iPhoto? (Score:4, Informative)

      by dancingmad (128588) on Saturday June 19, 2010 @08:47PM (#32628990)

      Whatever the current version of iPhoto is comes with your Mac. To upgrade you have to buy the latest version of iLife.

    • by Phroggy (441)

      I don't get it. Why would anyone pirate iPhoto? It comes with every Mac sold, already installed.

      The current version comes with every new Mac. If you have an older Mac, you may not have iPhoto, or you may have an old version that doesn't have some of the new features you want. iPhoto cannot be purchased separately; it's part of the iLife suite which sells for $79 and there is no discount for upgrading from a previous version.

  • by Hurricane78 (562437) <deleted AT slashdot DOT org> on Saturday June 19, 2010 @11:41PM (#32629774)

    That if any Apple user would have heard anything about it, they would have preferred to keep the Trojan installed, so they could use it to sneak out of the walled garden once in a while. ;)
    Also, fanbois wouldn’t be able to parrot how their system has no known viruses at all. And we all know that Apple relies nearly completely on...ehrm... viral marketing. ;)

  • by gig (78408) on Sunday June 20, 2010 @12:35AM (#32629966)

    The malware blacklist has existed since Mac OS v10.6.0, and has always had 2 Trojans on it. Now Apple added a 3rd because there is a new one. That's how it's supposed to work. If this is news, it says really good things about Apple because it's man bites dog. New malware on Windows is dog bites man.

    The Mac is not invulnerable to malware. No system is. That would be like saying a building is invulnerable to graffiti. However, if you paint over graffiti the instant it appears, you remove the entire incentive. Apple's Software Update patches 75% of the community within a week or so, and the rest within a month or so. There's just not much to be gained with Mac malware. Whatever you exploit will be replaced almost immediately by Apple. Snow Leopard is not one version of an OS, it's 10 discrete versions. There were 11 versions of Leopard. Each lasts only 2-3 months. A typical Windows version lasts 2-3 years or more. It's a very different situation.

    Another thing to understand is that Sophos and other companies who make their living solely because Windows is mismanaged always want to expand into the Mac market and so they like to pretend that it's not a question of platform management but rather that malware is a fact of life and their services and scanners are necessary. No. The 10-20 built-in security systems of Mac OS are superior to anything you can bolt on to Windows.

"I have more information in one place than anybody in the world." -- Jerry Pournelle, an absurd notion, apparently about the BIX BBS

Working...