Backdoor Trojan For Windows Ported To Mac OS 263
An anonymous reader writes "A Remote Access Trojan (RAT) for Windows, known as darkComet, has been ported to Mac OS X. The new backdoor Trojan is not yet finished, but it could be indicative of more underground programmers attempting to take advantage of Apple's growing market share."
Besides missing link, summary isn't accurate.. (Score:5, Informative)
darkComet (aka darkComet-RAT) [darkcomet-rat.com] is the name of a remote administration tool, which BlackHoleRAT's control functionality is derived from. The trojan is actually called BlackHoleRAT, but regardless, here's an article link [tgdaily.com].
And, while I'm going, the distortion of the term "trojan" is starting to test my patience. A trojan horse [wikipedia.org] is a piece of software that is deceptive in nature, one which appears to perform a desirable function, but, in fact, steals information or harms the system its occupying. This application, darkComet-RAT, is referred to as a trojan itself all over the web in news articles relating to this beta of "BlackHoleRAT," which is NOT the case. darkComet-RAT is a legit remote administration tool, similiar in functionality to VNC, and should be treated as such.
I understand this butchering of the acronym "RAT," between its use as "Remote Administration Tool" and "Remote Access Trojan" may be confusing, as with all acronyms that use the same letters, but please, for the love of god, do some damn fact checking, and this would be less likely to happen.
Grumble grumble grumble.
Re:Besides missing link, summary isn't accurate.. (Score:5, Funny)
Looks like someone has a case of the Mondays
Re:Besides missing link, summary isn't accurate.. (Score:5, Funny)
You're gonna get your ass kicked, man.
Re: (Score:2, Flamebait)
At least they didn't name it NigerianPrince.
And here I thought GIMP was the only FOSS project with a name problem.
Re: (Score:2, Informative)
Well, darkcomet isn't technically a trojan anymore than CoDC's Back Orifice is, but both are designed to be installed by subverting OS security restrictions and run stealthily. And while both have legitimate remote administration functions, they also have some not-so-legitimate ones well (i.e keyloggers). Let's face it, darkcomet and its ilk are designed to be used by black hat (wannabes). I doubt you would ever find them installed by any responsible IT dept for RA of business desktops.
It may not be a troja
Re: (Score:2)
Yes, let's hope for a whole new legion of compromised computers because of your dislike of an operating system.
And they call Mac users selfish.
Re:Besides missing link, summary isn't accurate.. (Score:4, Funny)
And I measure the speed of my car in fractions of parsec.
Re:Besides missing link, summary isn't accurate.. (Score:5, Funny)
slow car. I once did a kettle corn run in less than 12 fathoms.
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
I measure my speed as a fraction of plaid.
Re: (Score:2)
That's ludicrous.
Re: (Score:3)
And I measure the speed of my car in fractions of parsec.
So do I.
One femtoparsec per second is about 111km/h (nearly 70mph for the traditionalists). Go faster than that, and you risk getting a ticket on the highway here.
Re: (Score:3)
If you go faster than that, you can go tell yourself to go slower so you won't get a ticket in the future.
Re: (Score:3)
Not that hard, just need the right prefixes and it's not even that bad to deal with.
For instance, I drove down the freeway at 3.65 picoparsecs per hour. Even an easy, if rough, conversion: MPH / ~20 == pParsecs / hour
Re: (Score:3)
...or 9.8 meters per second the "force" of gravity.
Or think gravity is, dimensionally, a velocity...
Re: (Score:2)
No, it's an acceleration.
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
AT&T supplied me with a small piece of hardware for my adsl connection. AT&T refers to it as a modem even though it doesn't modulate or demodulate anything.
Wikipedia disagrees [wikipedia.org]: "Broadband modems should still be classed as modems, since they use complex waveforms to carry digital data. They are more advanced devices than traditional dial-up modems as they are capable of modulating/demodulating hundreds of channels simultaneously."
Hopefully this dumbing down of language doesn't creep into areas where
Or... (Score:2, Insightful)
Re:Or... (Score:4, Informative)
But Sophos has pushed out alarmist trolling press releases every quarter or so for years now all implying how OSX is about to be hit by a tidal wave of viruses, worms etc (other sites have credited Sophos as the source of this story - not Slashdot though, it seems.
Am I insane? (Score:5, Insightful)
Bravo slashdot. A new low.
Re: (Score:2)
I read it as a remote access tool that installs as a trojan.
In other words, it relies on social engineering to get the user to run it in the first place, but after being installed it gives control of the system to an attacker.
Re: (Score:2)
And the point he was making:
Really? A remote access tool, once installed, allows...wait for it...remote access!
Shouldn't be on Slashdot.
So just another remote access tool. (Score:3)
Slow day, cmdrtaco??
In other news (Score:5, Funny)
Re: (Score:2)
Shitty programs are shitty. (Score:2)
This software allow you to make hundreds of functions stealthly and remotely without any kind of autorisation in the remote process.
Real administrators have had this functionality for years, it's called "ssh" with public key authentication. (There's absolutely no legitimate use for remote access with zero authentication.)
DarkComet is design with the latest IDE of Delphi
No one uses Delphi for writing serious software.
Works in chinese systems : The client is coded in a full natif Unicode environement then it can easily use and traduce in China, also since version 2.1 it works in all kind of Chinese operating system and display the correct Unicode characters.
Congratulations, welcome to the 21st century! Unicode has been supported by pretty much all mainstream operating systems for years. The fact that they have to mention it is indicative of poor software quality. Oh yeah, and the UI looks like it w
Re: (Score:2)
Not yet finished?!?! (Score:5, Funny)
What the hell, even malmare is vaporware now? Can I put in a pre-order for it to infect my computer sometime next year?
Re: (Score:2)
Sure, but make sure to buy the extended warranty with your purchase.
SB
OSX who cares (Score:3)
What matters to me, is does it run on Linux under WINE?
OMG!!!!!! (Score:2)
Holy Shmoly, I just discovered my Mac has a trojan as well. Not sure if people are aware of this thing, it's called FTP. Not sure what it stands for, but it allows people to log into my computer and if they have the correct permissions, they can read, write and execute files!!!! Oh the humanity...
Not about Market Share (Score:2)
This isn't about market share because OSXs market share hasn't significantly increased over the past several years. It's about 5% world wide and 9% in North America...right where it has been for a while now.
Re:It was just a matter of time (Score:5, Informative)
Hmm, you spout off on some stupid controversial opinion without even checking if it has anything to do with the topic on hand, yes you are a troll.
Though part of the fault is that whoever made this summary is also a troll, DarkComet is a Remote Administration Tool (Emphasis on TOOL) similar to VNC, SSH, etc. There is nothing about this that is Virus or Trojan related.
Re: (Score:2)
Re:It was just a matter of time (Score:4, Interesting)
Re: (Score:3)
Re: (Score:2, Interesting)
Re: (Score:3)
Just because you do not frequently encounter it, doesn't mean it isn't used by others. darkComet is not a trojan. A trojan is something that either installs some sort of malware or is itself some sort of malware under the guise of being a legitimate application. Also, having a secure OS does not prevent a trojan, because the software is installed willingly by the person administering the machine.
darkComet is a normally useful tool, that is being used by a trojan called Blackhole RAT(the actual trojan they s
Re: (Score:2, Interesting)
People persecuting MS for poor security are living in the past. Windows is now a fine secure OS,
Actually, due to backwards compatibility, you too are living in the past. Windows is hardly more secure than it used to be. I bet anything most still operate as admin... undermining all the new security features. In fact, judging by the summary, it's security is so bad it makes other operating systems less secure.
Re: (Score:3)
No, it's not typical.
It's just that Mac users face an unending storm of abuse from people who don't use OS X for our choice of OS. Most of us are not zealots, or fanboys, and run multiple systems and OSes - right tool for the right job etc.
I try not to define my self worth by the operating system I use - the same can't be said for platform zealots, but they exist on all major platforms. I'm sure there are some BeOS zealots around here. Last time I took a poll, both BeOS users told me "Windows sucks!".
Rampan
Re: (Score:2)
nice post.
Rampant, trollish "windows sucks!" posts are no more representative of the Mac user base than the rabid anti-Apple troll in the other thread on here at the moment.
If I'm not mistaken, OS X users generally aren't the enemy of Windows. Windows zealots bring the fight to them, not the other way around. It appears to be a confidence issue, or a lack of confidence issue, on the part of Windows ops. Further, the whole purpose of the existence of Linux is for those that hate Windows. Nearly every single time Microsoft comes up with a proprietary Windows technology, the Linux heroes duplicate it for free, and with a superior implementation (AD/Exchange is an excep
Re: (Score:2)
If I'm not mistaken, OS X users generally aren't the enemy of Windows. Windows zealots bring the fight to them, not the other way around. It appears to be a confidence issue, or a lack of confidence issue, on the part of Windows ops.
Excellent comments. For example, as an OSX user, I cannot recall the last time I've called out somebody's sexual preference for using Windows.
Re: (Score:2)
That's because.... (wait for it....)
once you go Mac, you don't go back.
Re: (Score:3)
How is that more secure?
Quite obviously, it increases the security of one's occupation, as Windows will forever have security issues, thus, there will always be a need for a Windows guy to say "hey, our ship is tight." Meanwhile, the true security experts that are in the midst of massive Windows installations does indeed have trouble sleeping at night. Or... at least he should.
Re: (Score:2)
The thing about the market share argument is that even if Macs had as many pieces of malware as Windows, but scaled down to their percentage of market share, there would be screaming left and right about how insecure OS X is.
Even when scaling things down, OS X is not getting hit nearly as hard as Windows.
On an anecdotal level -- ever seen an infected Mac? The last time I did was about two years ago when someone decided that the copy of iWork '09 available on a P2P distribution was a good idea, and downloa
Re: (Score:2)
That is overly simplistic, Fox News style approach to logic. Yeah, it seems like common sense, but without actual scientific evidence that this is true, it's conjecture on the part of basement dwellers everywhere.
Why would anyone write legitimate software for less than 10% of the market (yet they do)?
I would throw my conjecture out there too and say given Windows open architecture, it's easier to write crap for it. But I don't have anything to back it up except for making a shallow, sarcastic comment like,
Re:It was just a matter of time (Score:5, Insightful)
The medical model for disease works for computer viruses too. You need both a vulnerability and a vector. The number of potential hosts increases the attractiveness of the host for a virus (whether through natural evolution or malice aforethought.) The number of hosts also increases the vector span. But there still has to be a vulnerability!
Similarly, we need for the countermeasures to be demonstrated as both "safe and effective." My personal experience with Mac OS 9 and earlier anti-virus applications is that they were not very "safe", they caused a lot of problems. For OS X, I'm waiting for some reasonable demonstration of "effective" based on real-world threats. Predictions of doom from anti-virus vendors (who most certainly have a vested financial interest) that are not substantiated with real-world experiences are not persuasive to me.
By the way, what is the measured track record for successful penetrations observed by third parties, i.e. "in the real world", for both Win 7 and Mac OS? The argument that "Mac OS claims to be secure ... [by] not targeted as much" rings hollow to me. You'd think if vulnerabilities exist in a platform that is growing by leaps and bounds at the -high end- of the market would have garnered some successful penetrations, if nothing else than for the "glory of hacking the supposedly secure platform."
dave
Re: (Score:2, Insightful)
Except it doesn't. Biological viruses are not driven by self-aware controllers with a financial interest, nor do they evolve in the biological sense.
But apart from that, a sound analogy.
Re: (Score:2)
"financial interest", reproductive "interest". What's the difference? Rich guys get the babes. A complex life form is motivated by precisely the same principles as a single string of DNA. We are nothing more than an accretion of symbiotic life forms with a bit more centralized control than a jelly fish. And besides, everything we create is a result of a biological brain. So computer viruses are very "biological" within in its own framework.
Re: (Score:2)
Re: (Score:2)
What sense do they evolve in then, if not biologically? Viruses certainly do evolve. Sure, one of them isn't suddenly going to sprout legs and walk away, but what are all those mutations if not evolution in action?
Re: (Score:2)
Coders, coding. Or "God" if you prefer. Computer viruses: the creationists' wet dream.
Re: (Score:2)
Re: (Score:2)
nor do they evolve in the biological sense.
You:
Or perhaps the word "life" is not actually included anywhere in the concept of "evolution".
No, but it is included in the concept of biological evolution. Bio - latin prefix for life or living organism. It's also funny that in the same breath you're arguing about the ridiculous of God creating things while simultaneously wishing to redefine evolution to nonliving things which would include the evolution of things made by a creator (like cars and computers totes evolving!) which is the same argument creationists go with.
Re: (Score:2)
Blah blah blah, I have a doctorate in a biological field and I am an atheist. Learn to read, yeah? That's not my argument at all. The device I was using is called sarcasm.
Evolution exists on a molecular level, which is far more fundamental than the broad and ancient definition of life. Our new understanding of viruses and prions actually challenge some of the ancient notions of life which only considered the cell as the basic unit of life. However evolution is not concerned with the differentiation of cel
Re: (Score:2)
nor do they evolve in the biological sense.
Malware authors do not evolve biologically. They can't actually be expected to shower, can they?
Re: (Score:2)
Re:It was just a matter of time (Score:5, Interesting)
There may well be large gaping holes in Mac security. The question is: why is no one exploiting them? I don't mean winning a competition, but maliciously or criminally using them.
At what percentage of market share does it become viable to start writing malware? 25%? 50%? 75%?
Regardless of percentage, there are reckoned to be c. 94 million OS X users. Is that still not enough? As we all know, Mac users are computer illiterates with far more money than sense. Surely this sector would seem ideal for targeting by malware writers?
Assuming the reason for the lack of malware is NOT the inherent robustness of the OS; and it's NOT the market share: then what IS it?
Re: (Score:2)
Regardless of percentage, there are reckoned to be c. 94 million OS X users. Is that still not enough?
One cannot hope to reach 100% of users. It's easier to hit X users if there are 50X users.
As we all know, Mac users are computer illiterates with far more money than sense.
Yeah, I agree that's an over-generalization.
Re: (Score:3)
Why spend time developing an exploit that will target at an extreme maximum 10% of the market, when you can spend the same time and effort and target 80% of the market? Given an equal amount of work, would you not choose the option that yeilds a significantly larger ROI?
Re: (Score:2)
Re: (Score:2)
Why spend time developing an exploit that will target at an extreme maximum 10% of the market, when you can spend the same time and effort and target 80% of the market? Given an equal amount of work, would you not choose the option that yeilds a significantly larger ROI?
The same reason tens (hundreds?) of thousands of developers spend 100% of their time and effort targeting less than 10% of the market by writing legitimate stuff for OSX and iOS?
Re: (Score:2)
I wonder about this too. May be it's a combination of factors.
Mac users are computer illiterates with far more money than sense.
Very true, but are they quite as oblivious as Microsoft junkies? Plenty of people switched to OS X once they heard that "it has no viruses". Here are people who are willing to switch OS for the sake of security. People who stayed with Windows until now, even after years of abuse by Microsoft, have done so either because they got locked in good, or because they cannot fathom how to combine words "computer" and "security" in the same sentence. Let'
Re: (Score:2)
There is also another argument at well, which not just applies to OS X, but Linux, AIX, Solaris, and other platforms:
Windows has always been a commercial, closed source platform. Developers write on it because it brings them cash. In general, there is no respect for the platform itself, so people don't think twice about writing malicious code. There is no respect in general by developers for it. This puts Microsoft in a bind because they have to drag lazy coders kicking and screaming to allow for basic
Re: (Score:2)
Regardless of percentage, there are reckoned to be c. 94 million OS X users. Is that still not enough? As we all know, Mac users are computer illiterates with far more money than sense. Surely this sector would seem ideal for targeting by malware writers?
Assuming the reason for the lack of malware is NOT the inherent robustness of the OS; and it's NOT the market share: then what IS it?
THIS!
Further, if 5-10% market share is good enough for legitimate software developers to code for OSX, why isn't that good enough for malware authors?
Badly formed argument (Score:5, Insightful)
Anti Troll missiles locked on.
As much as people want to think otherwise, there is a direct causal link between marketshare and the amount of malware for a given OS./
Sitation please? If you are going to make such a statement, please site studies and facts. In fact there is NO direct causal link, and you are abusing the statement without facts and citations. That said, I would agree that I think there is causal link, but you are further abusing the statement by not citing the magnitude, which is where proper citations would help. Windows has thousands of variants of malware. Mac OS X is in the dozens still, if that. No system is completely secure, and there will always be attempts to compromise a system, but saying ONE piece of malware suddenly brings Apple crashing in flames and "zOMG Mac OS X is teh insecurez they will be pwned!" is the worst kind of hyperbole imaginable.
The zealotry was on show yesterday in the OS X article where it was stated that OS X is more insecure than windows
I looked for an article yesterday on slashdot and the only article I found was one about how Apple is inviting security experts to look at their system. Sounds like a pretty responsible thing if you ask me, and I found no mention of this yesterday. Perhaps you'd like to review your citations?
People persecuting MS for poor security are living in the past.
Again, no citations. You sound like a MS schill. MS still has a poor record, period. Sure it's getting better but it's massive exaggeration to try to say that somehow MS gets a pass because 6 years ago they were utterly shitty shitty shitty, and suddenly now it's okay because they have improved to stinky farty smelly.
Hopefully as marketshare increases they will take responsibility and secure their OS, if for no other reason than to maintain their image.
How odd, Marketshare doesn't seem to have an effect on how secure an operating system is, because 90% marketshare never encouraged Microsoft. I do hope security remains forefront on Apple's mind, because they are the underdogs here and it will only continue to help them to be focused on security as they continue to compete for more marketshare, but here's another example of how off kilter your rant is.
Now I'm just waiting to be modded troll....
You will be, but just one more thing to nail the coffin shut. This is a goddamn fucking TROJAN HORSE!!! Do you know what that is? Do you remember the goddamn story of Troy? There's good movie released a few years back you should watch it. A virus is something getting in without your action or knowledge, but a Trojan horse requires the user perform an action, and the way it gets in is simply by deceiving a human being. You can inject a trojan horse into any system and hope to own it, Windows, Mac OS, UNIX, or other, just send the admin an email and hope he's stupid enough to open the attachment and do the work for you! You can't put a malware scan on the brain of an uneducated admin. It's not the fault of the OS makers if the admin is uneducated enough to open a file that they should not trust.
Like many rants before it, your rant is like buying the most secure home security system in the world, then giving the key to a random person on the street for safe keeping, and complaining to the security company when your house is robbed.
Re: (Score:2)
Are you for real? Your attempt at a well formed response goes out the window when you accuse me of trolling from the get-go.
I'd say given his sound rebuttal and clear ability to formulate and communicate a thought, yes, he's for real. And you yourself called yourself a troll, he's just showing you why you ARE a troll.
This may be news to you, but simply disagreeing with the majority zealot opinion is not trolling.
Providing facts that are as dubious as "commonly accepted" without citation is the definition of a troll.
Now, you ask for citations, and I'm not going to go searching to provide them, but I will be happy to explain to you where you can find them.
Classic logical fallacy. You are basically arguing, "oh yeah? YOU prove it!" when being asked to prove it. Stuff of 3rd grade logic.
Well now, there are actually quite a lot of studies supporting this, and a quick look on Google will show this.
So now I'm starting to understand how a troll doesn't realize they ar
Re: (Score:2)
As much as people want to think otherwise, there is a direct causal link between marketshare and the amount of malware for a given OS.
Can you explain why there are far fewer exploits for Apache and *nix than for IIS and Windows? Linux and UNIX web servers are the vast majority in every marketshare evaluation that I have seen. Being that these servers can contain valuable information about hundreds or thousands of individuals instead of one desktop user, it would seem those should be the bigger target. It is true that Windows has gotten far more secure after they overhauled the code and adopted a similar security model to many *nix distrib
Re: (Score:2)
Vector and vulnerability. From the surface, I would believe that linux and unix web servers are going to be run by individuals with a higher degree of technical aptitude thus a bit more secure to attack so although the vector exists the vulnerability may not be there.
Also, targeting windows based systems is going to put you in to corporate systems more over than not, as Microsoft controls much of that marketplace (things are changing as more shops are going without Microsoft but this is still the exception
Re: (Score:2)
People persecuting MS for poor security are living in the past. Windows is now a fine secure OS
I would write a longer response, but I'm trying to help a friend get forty-eight viruses off their Vista machine without reinstalling the OS.
Re: (Score:2)
Re: (Score:2)
But let me tell you how that number of viruses got onto your friend's Windows machine - he put them there. Or you're exaggerating. Or a bit of both.
They complained their PC was running slow, we asked whether they'd run a virus scan and when they did it claimed to find forty-eight viruses.
And no, they're just an average user who does some web browsing, they don't download dodgy software or visit porn sites. Their kid does have an ipod, so we're guessing it may have got infected and spread viruses to the computer when plugged into the USB port.
Re: (Score:2)
How come every other OS doesn't need a virus scanner & adware blocker and constant vigil to keep them up to date?
How come every other OS requires elevated privileges to install applications system wide? Like UAC should - yet scareware gets installed with just a click.
Re: (Score:2)
Re: (Score:2)
As much as people want to think otherwise, there is a direct causal link between marketshare and the amount of malware for a given OS.
The problem with this is that there isn't much to back up the assertion. What proves that marketshare is the driver for malware? And before you trot out some numbers, can you be sure that marketshare is the reason? It's not that I can't accept the concept. And, in fact, I agree with your couching the idea by noting a "casual" relationship. Marketshare has to be part of the equation. Unless you have a very specific target, it stands to reason that an attacker going after targets of convenience is going
Re: (Score:2)
Not only that but due to the complacency (Apple is immune to viruses) and ignorance (I don't want to know anything about computers which is why I bought an Apple) of the average Apple user base, it is an audience as extremely ripe for the picking as a classroom full of children with HIV is to the teacher with chicken-pox.
WHEN Apple gains enough market share to be interesting to write specific
Re: (Score:2)
There's more to being a target than mere marketshare. The smart criminals (if there are such things) will go to the rich neighborhoods where people feel so safe that they don't even bother to lock their doors...
I've seen a number of (so called) computer security experts spouting off about how insecure the Mac OS is and as evidence to support their position they suggest that, proportionately Mac users lose more money to phishing... You would think that someone with the terms "computer" and "expert" in the
Re: (Score:2)
Now I'm just waiting to be modded troll....
Well at least your self-evaluation skills are good. Your logic and factual knowledge...not so much.
In sweeping broad-brush generalizations, Apple, as a culture, is far more commited to security than Microsoft has ever been, right down to the dreaded walled-garden approach to, well, everything the make.
Re:It was just a matter of time (Score:5, Funny)
You owe me a new bottle of iced tea and a new keyboard.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
And an example of this would be?
Bonus points for something in the wild.
I know there have been privilege escalation exploits on OS X - I have read about them in the security updates when patching them. Are there any known open ones now? (ie, ones that have been discovered and published as bugs/exploits and as yet have been unpatched).
Re: (Score:2)
Re: (Score:2)
I agree - it's why I never (and to be honest most people who understand) say that OS X is not "immune" to threats, but is well protected in general - for example, SAMBA is not on by default in an OS X install which helps to limit the damage.
Windows probably wouldn't be half as bad as it was, reputation wise, if it shipped with things off by default.
I'm not seeing the issue with the OpenSSH one - the most recent version of OS X that is vulnerable is listed as OS X 10.1.5, which is *ancient*, and the page was
Re: (Score:2)
The same way Android phones get infected - alternative methods of software delivery. I believe a couple of years ago there were pirated torrents of Microsoft Office 2008, iWork, iLife, and Photoshop CSwhatever that had an additional package in the
Re: (Score:2)
So what? The user still had to type in the admin password to run the installer. To install the botnet (and the other software). Admin password gives you admin privileges and anything can be done then.
This is not the same as drive-by/scareware/malware installations that typically no user interaction, except maybe a single click in the case of scareware.
Re: (Score:2)
Re: (Score:2)
To be fair, these days we always get these kinds of results no matter which search parameters we use.
Re: (Score:2)
And watch the hypocrisy in the parent post, which fails to realize that virus and drive-by exploits are not the same thing as a trojan.
No matter how secure you make your OS, as long as the user can override things, trojans will exist.
The only way to have a system 100% secure is to have the OS and all the programs in ROM. Not flash with limited write access... that's a security risk. You need ROM.
Re: (Score:2)
And watch the hypocrisy in the parent post, which fails to realize that virus and drive-by exploits are not the same thing as a trojan.
Failing to realize something is not hypocrisy. Ironically, you are trying to point out the ignorance of the parent post.
Re: (Score:2)
Firefox add-ons have the full weight of the browser behind them they can do anything firefox itself can do-- and if you didn't realize this before-- firefox runs under your account and needs to be able to write out files (save web pages) as well as read files (upload files.) Browser plugs for all the browsers also get a lot of access; although, now they run in separate processes they can do A LOT of things even though they can't mess directly with the browser anymore.
Its not like Mozilla doesn't WARN YOU w
Re: (Score:2)