New Mac OS X Trojan Hides Inside PDFs 194
Trailrunner7 contributes this snippet from ThreatPost: "Malware that targets Mac OS X isn't anywhere near catching up to Windows-based malware in terms of volume and variety, but it seems that OS X malware may be adopting some of the more successful tactics that Windows viruses have been using to trick users. Researchers have come across a sample of an OS X-based Trojan that disguises itself as a PDF file, a technique that's been in favor among Windows malware authors for several years now."
Nothing to see.. (Score:4, Informative)
Article is shallow: users click executables disguised with a PDF icon.. Nothing to see here, move along folks!
Re: (Score:2)
Don't forget the part where opening a "PDF" asks for your admin password. Hm....
(Note: I couldn't find out whether it actually asks for your admin password, but if it actually wants to do much it's going to have to)
Re: (Score:2)
Re:Nothing to see.. (Score:5, Insightful)
Do much being .... What, exactly? Access your browser to capture your passwords? Participate in a DDOS? Send spam email? Propagate itself?
Don't need admin to do any of that...
Yep (Score:5, Insightful)
In fact I've seen a big rise in the amount of non-admin Windows malware. It just infects the user that is using the system. The reason is they realize that for the vast majority of systems, the user IS the system, there is no need to infect anything else. It also lets them get an infection in an enterprise setup where users don't get admin.
Now I suppose it does make the malware slightly easier to get rid of but then it really doesn't matter, I tend to scan the things from a boot disk anyhow.
This geek idea that only the system matters is silly. True for a server maybe, not for a desktop. On a desktop, the user's data is all that matters and you don't need admin to get at that.
Re: (Score:3)
This geek idea that only the system matters is silly. True for a server maybe, not for a desktop. On a desktop, the user's data is all that matters and you don't need admin to get at that.
Some of us have understood for a while that that the user is the most vulnerable part of any system. Almost all malware infections I've seen have been user initiated, drive by infections in this day and age are very rare even on unpatched machines. This is why my Windows servers are more secure then any Linux or Mac desktop, simply because no user is permitted near them.
Re: (Score:2)
win-admin friends
SBS 2007
Your friend for one isn't a Windows Admin, he is someone who uses Small Business Server, rather than setting things up himself.
He sounds like a part time admin, not a actual Windows administrator.
Re: (Score:3)
I don't need the admin password to add something I own to my own startup items list...
Re: (Score:2)
You need your own password though.
Re: (Score:2)
Only if the option has been locked in the control panel by the end user, and most don't...
Re:Nothing to see.. (Score:5, Informative)
It can add itself to your user files, which allow something to start "at boot", as long as that user is the one (auto)logging in.
You don't see much Windows malware adding itself to your "Startup" folder, but few average Mac users are going to check "command line files" to see whether something has injected something bad or not.
As TFA says, this isn't a PDF, but an executable merely pretending to be one.
It's a trojan, and it likely wouldn't even be sandboxed due to the ball-dropping there on Apple's part. It wouldn't be able to snoop some low level processes, but absolutely anything that is running under your user? Yup. Open ports to communicate with the mothership? Of course. Install a line to start whenever this user is logged in? Of course.
If you get a user dumb enough to allow admin privileges to a fake PDF, you can use officially sanctioned mechanisms to inject code into every process in the machine without requiring a separate 'trojan process' to stay alive to monitor it. Or just replace the operating system kernel. :p
Re: (Score:2)
It's a trojan, and it likely wouldn't even be sandboxed due to the ball-dropping there on Apple's part.
What makes you think it wouldn't be sandboxed on OS X 10.7 by default, the same as every other app you download?
Re:Nothing to see.. (Score:4, Informative)
What makes you think it wouldn't be sandboxed on OS X 10.7 by default, the same as every other app you download?
Because it wasn't downloaded from the App Store, so it isn't sandboxed by default.
Re: (Score:2)
And Microsoft is actually way ahead here. Random files downloaded or found on CDs/USB drives at least generate a warning prompt that allows you to cancel opening them. Granted many users are too dumb to understand what is happening, but even then the app still needs to generate further warning prompts to add itself to start up, dump files in protected filesystem locations, access certain other app's data or open holes in the firewall. IMHO it is a shame that the Windows Firewall does not block outbound acce
Re: (Score:2)
You might want to get caught up on OS X. The application launch system asks for permission (and has been asking for a while, i.e. it's not new to 10.7, although it's more refined in 10.7) of things that were downloaded before allowing them to launch. As to random files on CDs/USB, I couldn't say. I don't recall the last time I used a CD or launched something from a USB, so I have no experience with that level of functionality.
Re: (Score:2)
Safari has set a ’quarantine' bit on downloaded executables since at least 10.4 - this ensures that newly downloaded executables trigger an alert when they are first run.
Re: (Score:2)
But, does Mail? Entourage (now Outlook)? How about messaging software that allows file transfer? I know Firefox does, and I believe Chrome does, but not every software does this.
Re: (Score:2)
The capability-based privilege system applies to all applications, not just App Store ones. An application on 10.7 can't access paths on the filesystem without either getting explicit permission or asking through an NSOpenPanel, which on 10.7 runs in a separate process.
Re: (Score:3)
The capability-based privilege system applies to all applications, not just App Store ones.
No, it only applies to applications that have opted into it, which App Store apps have to, but other apps don't.
An application on 10.7 can't access paths on the filesystem without either getting explicit permission or asking through an NSOpenPanel, which on 10.7 runs in a separate process.
Again, only if it's opted into it. cat doesn't have to ask permission, and neither do, say, Wireshark or Microsoft Office or Quicken or.... Some apps that ship with Lion are sandboxed, such as TextEdit and Preview, but most aren't.
Ah, I just can't wait.. (Score:2)
Or just replace the operating system kernel.
OS X malware doesn't have to do that. Personally, I can't wait until the malware starts to complete the full circle, and we see common malware start using its own kernel extensions to hide itself completely from the system, giving us Mac rootkits.
Re: (Score:2)
He probably setup the action on the launchd folder to alert him to when files were added and/or modified.
Re: (Score:2)
Without your admin password it can still do quite a bit; it could skim your iMail account, access your browser saved passwords, etc-- anything else that YOU have access to without typing a password.
Re: (Score:2)
Re: (Score:2)
aka mac mail, whatever that default mail application is.
Re: (Score:2)
Browser passwords on a Mac are in the system keychain, which you have to give the password for. If you're using Mail.app, which I assume you mean by "iMail," it's the same deal. Passwords are stored in the system keychain and are accessible by Mail.app but not by other apps, without the password. I guess it could probably scrape any locally stored e-mail though.
Anyway, I really don't care what happens to someone dumb enough to click on a fake PDF that's sent to them and then click yes, it's okay to run t
Re: (Score:2)
When the OS offers to save a password it asks you. The login keychain, which is the default location for most passwords is opened at logon, and available to be read pretty readily.
Re: (Score:2)
The new piece of malware hides inside a PDF file and delivers a backdoor that hides on the user's machine once the malicious file is opened. Once the user executes the malware, it puts the malicious PDF on the user's machine and then opens it as a way to hide the malicious activity that's going on in the background, according to an analysis by researchers at F-Secure. The Trojan then installs the backdoor, which is named Imuler.A, which attempts to communicate with a command-and-control server.
That server isn't capable of communicating with the malware, however, the researchers found, so the malware is on its own once it's installed on a victim's machine. What's not clear is exactly how the malware is spreading right now.
Vague enough to be worthless, but worded to sound informative.
Re: (Score:2)
But Mac OS X don't use file extensions. How is a Chinese person supposed to know it is a legit PDF or a malware? Do we really need to install an AV in Mac OS X these days?
Re: (Score:2)
How do you view Mac OS X's file extensions (e.g, .exe)? I always thought they didn't have them like MS' OSes.
Re: (Score:2)
How do you view Mac OS X's file extensions (e.g, .exe)? I always thought they didn't have them like MS' OSes.
You were mistaken. Executable images in Mac OS X have no file extensions (Mac OS X being a UN*X), and classic Mac OS didn't use extensions, but Mac OS X uses extensions for a lot of file types, including "application bundles" (.app), which is what files (well, directories) in, for example, /Applications are.
You view them either by using ls or by (at least on Snow Leopard) opening up the preferences for the Finder, selecting the Advanced tab, and checking "Show all filename extensions", so that it shows th
Re: (Score:2)
Ah, I will have to look at that option.
Re: (Score:2)
So...turn off pdf previews (always a good idea) and/or don't use Mail.app. Also, don't download pdfs from strange sources. Pretty basic stuff.
Re: (Score:2)
Yep, it's not a problem if the pdf is an executable disguised as a pdf or an actual pdf...the classic non-problem.
Windows is bad, hmmmmk? (Score:2)
Must every story about Mac malware spend more time talking about how Windows is so bad than the OS X malware they are reporting?
Re: (Score:2)
Re: (Score:2)
I'm sure that will be a great comfort to the Mac users effected by this malware :)
Re: (Score:2)
It takes time to effect a user. I guess you could start the process while bored, waiting for your computer to be repaired, but somehow I think that any users effected would probably not need any particular comforting regarding the particulars of their conception if this were the case.
Re: (Score:2)
We're talking about malware on an OS targeting people who can't even figure out Windows... an OS these same computer illiterates were likely told is perfectly safe and unable to get a virus by the family computer nerd that talked them into buying it. While I agree with the sentiment of your post, I think reality is that the "doesn't work on people who have a brain" thing is going to be even less of an obstacle for malware on OS X than it is in the Windoze world.
Re:Windows is bad, hmmmmk? (Score:4, Insightful)
So it requires a gullible user. There's not exactly a shortage of those.
Re: (Score:2)
But how do you prevent stupidity? To stop this attack, you'd need to remove the ability for the user to execute programs of their choosing. A mitigating factor would be preventing applications from setting their own icon. Which do you propose?
If "people are exceedingly stupid and will do anything the dancing bunnies tell them" is your only major security flaw, I'd say you're doing as well as possible.
Re: (Score:3)
But how do you prevent stupidity? To stop this attack, you'd need to remove the ability for the user to execute programs of their choosing. A mitigating factor would be preventing applications from setting their own icon. Which do you propose?
You don't need to prevent a user from being able to run apps, you just need to restrict default behaviors for apps, provide the user with information on how much an "expert" thinks they should trust software, and tell the user in clear and simple terms when the app wants more privileges and exactly what those privileges are. Finally, you need to present this in a usable interface. Apple is already heading down this route with both iOS and OS X. In OS X 10.7 apps are sandboxed by default, although I haven't
Re: (Score:2)
Re: (Score:2)
Users do not read dialog boxes.
Users do read dialogue boxes, when presented in a decent UI instead of the abysmal situation we have with most programs today. First, they have to be presented sparingly; not a problem going forward as most apps should never need to elevate privileges, especially since those distributed by the manufacturer through controlled channels can be vetted and signed with an ACL. This only applies to unsigned apps downloaded outside the main channels. It will take time to overcome the conditioning most users of Wind
Re: (Score:2)
"isn't anywhere near catching up to Windows-based malware in terms of volume and variety"
"may be adopting some of the more successful tactics that Windows viruses have been using to trick users"
"a technique that's been in favor among Windows malware authors for several years now"
Re: (Score:2)
So, to be kind and politically correct towards windows - stockholm syndrome is real - we must ignore the fact that OSX has indeed less volume and variety of malware? Does not make sense.
OSX has less malware than windows and is the more refined desktop OS out there. Windows has more games and possibly vertical apps, and I prefer debian to both. See? No problems.
Re: (Score:2)
WIndows 1.1 also has less malware volume and variety of malware than Windows XP So does BeOS. That doesnt mean its more secure.
Does not hide in PDFs (Score:5, Insightful)
It's just a trojan with a PDF icon.
And it will be nerfed as soon as it's added to the OS X XProtect filter, if it hasn't already.
Trojans are nothing new, giving them fake icons is nothing new, even Mac trojans are nothing new. News this ain't.
Re:Does not hide in PDFs (Score:5, Informative)
Black lists dont work. (Score:2)
And it will be nerfed as soon as it's added to the OS X XProtect filter, if it hasn't already.
Black lists don't work. This even MS has figured out. So they add this particular one to the filter rather then fixing the vulnerabilities or worse yet, educating users on how to safely use computers (as opposed to telling them they are automagically protected by owning a Mac) but the malware writers simply make a new variation to get around that black list. There is so much Malware for Windows simply because a lot of it is subtle variations on the same malware to get around AV/Anti-malware.
The "protect
Re: (Score:3)
Lets be clear here, then.
Is or is not Microsoft to blame for executable content that a user double clicks? Because if we had a clear "no" to that, I think the entire "Windows security vs OSX security" discussion would basically be over.
Re: (Score:2)
Re: (Score:2)
At the risk of erring (as I dont have time to check each vulnerability), I would hazard that most-if-not-all of those are XP vulns; you might as well compare it to some linux 2.4 distro (since thats the era XP comes from).
And MOST of the exploits that XP has been hit with are through 3rd party apps, that just so happen to be cross platform (Quicktime plugins, Java plugins, Flash plugin s, Acrobat plugins), and most of the remainder are browser exploits. Unless you go back to Code Red or Sasser days (or an
Re: (Score:2)
Its actually built into Windows Vista and 7-- check your services. Also, they provide Security Essentials, though they dont build it in (not sure that would be legal-- see Internet Explorer anti-trust suit). Finally, every so often when updates are applied, the Malicious Software Removal tool runs, which is basically a targetted virus detection and removal suite.
ANyways, Im not sure I see the big value of a built-in antivirus-- if Security Essentials came with every windows PC, every single virus would come with a method of bypassing it (which is likewise why Im not super reassured by Mac having it built in-- would-be viruses will all have to have a bypass method before they are pushed into the wild).
Any Informative Links? (Score:4, Interesting)
I saw reference to this trojan the other day, but my research turned up only vague descriptions such as the one linked in the summary. From all the reading I did it seems like this is an executable of some sort, with no extension that is being e-mailed to people. None of the descriptions I've read have described how it infects the machine, but I assume the user has to run it and then agree to allow the unsigned program to run for the first time. At this point it drops a PDF on the hard drive, opens it, and then installs a bare bones apache server, which doesn't actually work as far as anyone can tell. There was some indication that this was a cross platform trojan, but no one has been able to confirm this.
So if anyone is actually in a lab with a copy of this could you please enlighten us on the following points:
So as far as I can tell this is a failed attempt to create a trojan that was released into the wild, possibly as part of testing or as an experiment. It's not really much in the way of news, but for security geeks it is quite interesting; which is why the complete failure of the security companies to provide a decent description is so frustrating. Does anyone have real information about this trojan?
Re: (Score:2)
So as far as I can tell this is a failed attempt to create a trojan that was released into the wild, possibly as part of testing or as an experiment. It's not really much in the way of news, but for security geeks it is quite interesting; which is why the complete failure of the security companies to provide a decent description is so frustrating. Does anyone have real information about this trojan?
Of course it is a failed attempt - they should have got it on the app store and given Apple control of 30% of the infected machines.
Seriously, security is one area where, IMHO, Apple users have a bit of a head in the sand attitude. Other than hearing some (non-Apple) stores that are authorized retailers attempt to sell "protection" plans for Macs because "Macs have two viruses in the wild" (really? What are they?); the general attitude is "Macs are immune because no one attacks them." While strident fanboy
Okay, fellow Mac users (Score:4, Insightful)
Here's the plan:
1) OS X makes it brain-dead easy to not run as an admin user. Create a separate admin account first, then remove the admin privilege from your everyday account. On those rare occasions you need admin privileges, you'll be automatically asked to provide the admin account info - you don't need to even think about it.
(Somehow that isn't sinking into a lot of peoples' heads, even those who should know better)
2) Back up your stuff regularly. Again, OS X makes this brain-dead easy with Time Machine. You can use something else like a custom rsync script, but - just DO IT.
If you're running as a non-admin user, the worst that can happen is your own stuff gets hosed - and then you can get it back from your backups. But since trojans are probably only going to go after the system files, it's unlikely even your stuff will get touched.
Okay, there's one caveat. If you click on an infected file, and it asks for admin permissions and you provide it, you're screwed. But one would hope you're smart enough to realize viewing a PDF should not require admin authentication. In the end, common sense does have to enter into the picture.
BTW if you claim running as an admin is okay because you're always prompted to authenticate anyway... you're just wrong.
Re: (Score:2)
You can call things "brain-dead easy" all you want. The average user still won't use them, or even know they're there.
Re:Okay, fellow Mac users (Score:4, Informative)
You can call things "brain-dead easy" all you want. The average user still won't use them, or even know they're there.
For the account stuff, you might have a point. They don't need to "know it's there" (unlike, say, the old Windows setup where you had to know about "Run as Administrator...") - but they do need to know what admin versus non-admin means. But really that's all they have to know. Even my 70+ year old mom was able to grok that.
As far as backups go, though - the first time you plug in an external hard drive, if backups haven't already been set up - OS X automatically asks "do you want to use this disk for backups?" The user doesn't need to go looking for anything. That's a pretty low bar.
Re: (Score:3)
That's if they plug in an external drive. How many do? And how many answer in the affirmative? A lot might worry that if they say yes, they can't use that drive for other things.
And I suspect that your 70+ year old mom had it explained to her, likely by you. There are a lot of people who just want their cursor to turn into a unicorn, and will say yes to anything to make it happen.
In the end, you can't defend a computer from it's owner, no matter which OS you use.
Re: (Score:2)
In the end, you can't defend a computer from it's owner, no matter which OS you use.
iOS does a pretty good job of defending itself from the owner. Mac OS X 10.7 has the technology built in to have similar features, all they would need to add is a tick box somewhere "only allow trusted software to run".
Where "trusted software" is software that was digitally signed by Apple as part of purchasing it via App Store, where they've been adding some serious crypto based security recently. Dangerous privileges, such as *accessing the internet* or *decoding a jpg file* will raise serious red flags a
Re: (Score:2)
The advice I give to people in this class of user (ie, my mom) is to go buy a backup drive just for Time Machine. Plug it in, click 'Yes' and don't touch it. For a $75 insurance investment, you are now backed up.
If you need an external drive for more storage space, go buy another drive. They're cheap.
Re: (Score:2)
For the account stuff, you might have a point.
He definitely has a point.
Consider the "installer." You bring your fancy new computer home, turn it on, and it starts up the setup program. It asks you to make an administrator account. It then says, "Great! You're now ready to use your brand new computer!"
Nothing mentioned about setting up a second account for regular use or anything like that.
Re:Okay, fellow Mac users (Score:4, Insightful)
Re: (Score:2)
Come on, how many passwords do you still see pasted on monitors, or sticky's on the desktop?
Unless your machine is in an easily accessible place, that seems perfectly reasonable to me. I'd rather have users who write down complex passwords than ones that use "password1" for everything.
Re: (Score:2)
Come on, how many passwords do you still see pasted on monitors, or sticky's on the desktop?
Unless your machine is in an easily accessible place, that seems perfectly reasonable to me. I'd rather have users who write down complex passwords than ones that use "password1" for everything.
I work for a K-12 public school system... and most of the passwords I see like this *are* [lastname][current year], or something equally guessable. Oh, and these are the faculty. I really want to send out an email at the beginning of every school year; "All faculty should make three copies each of their house and car keys, and attach them to 3"x5" index cards containing the address/license # and description of each property. Please have these delivered to the Technology Department as soon as possible, so
Re: (Score:2)
I work for a K-12 public school system... and most of the passwords I see like this *are* [lastname][current year], or something equally guessable. Oh, and these are the faculty. I really want to send out an email at the beginning of every school year; "All faculty should make three copies each of their house and car keys, and attach them to 3"x5" index cards containing the address/license # and description of each property. Please have these delivered to the Technology Department as soon as possible, so we may have them distributed randomly about our schools when the students arrive to begin this year. If you take exception to this, please consider how we feel about your doing the same with our keys, the ones we call passwords." Think anyone would read it? No more than they do those annoying boxes which pop up asking for credentials...
I wonder if there is a way to actually provide physical keys to computer systems. The solution would be to insert a USB key that would unlock the computer. The sys admin could set all the passwords. That way, even if the user forgot their key, they could still use the password- they would just have to memorize it.
Re: (Score:2)
I wonder if there is a way to actually provide physical keys to computer systems.
Yes. That's smartcard-based login systems, and they've been around for decades. The main downside is that they're relatively expensive due to the need to have all that extra hardware and someone on-site to issue new cards — that can't be outsourced to another location, well not outside the city where this is happening, because cards will get broken from time to time and need replacing by someone who's trained to check that the card is going to the right person — so they tend to only be used in s
Re: (Score:3)
Not to mention the fact that if an Apple executable is downloaded via browser or email, when you attempt to run it for the first time you get a message that says:
"Xxxx is an application that was [downloaded from the internet || attached to a mail message]. Are you sure you want to open it?"
And some details about when it was downloaded / received. Admin permissions or not don't even come into it.
At some point you've got to hand over responsibility from the OS (or anti-virus) babying the user's arse, and on t
Smells Like AV Flackery (Score:4, Insightful)
CITIZENS OF TROY!! (Score:2)
Trojan: (capitlized)
1. citizen/resident/native/inhabitant of Troy
2. well-known brand of condoms
trojan horse: (not capitalized)
1. A hollow wooden statue of a horse in which the Greeks concealed themselves in order to enter Troy.
2. A person or thing intended secretly to undermine or bring about the downfall of an enemy or opponent.
3. A program designed to breach the security of a computer system while ostensibly performing some innocuous function
just can't get yer shit straight, can you editors?
Who broke BSD? (Score:2)
A user space application can not receive a listen port on OSX now can it? If so, Apple needs to fix it.
Re: (Score:2)
So it isn't possible for malicious daemons to be started without permission. An application that needs a listen port should be started by root, with sudo, or a user:group specifically granted permission to start the daemon. Running daemons as a desktop user is security suicide.
Re: (Score:3, Informative)
Re: (Score:2)
Title, summary and article all fail. It's an executable who's name ends with ".pdf" and has a pdf icon.
Actually, as near as I can tell it is an executable with no extension at all, but with a PDF icon of some sort and MIME type included in the resource fork.
Re: (Score:3)
Actually, as near as I can tell it is an executable with no extension at all, but with a PDF icon of some sort and MIME type included in the resource fork.
Actually, if you skip all the journalism and follow links all the way to the F-Secure blog posting about the trojan [f-secure.com], it's a file "where the icon is stored in a separate fork that is not readily visible in the OS", which presumably means "in the resource fork". The F-Secure item for the trojan [f-secure.com] says "Trojan-Dropper:OSX/Revir.A drops a downloader component that downloads a backdoor program onto the system, while camouflaging its activity by opening a PDF file to distract the user.", which seems to indicate th
Re: (Score:3)
Re: (Score:2)
Actually, as near as I can tell it is an executable with no extension at all, but with a PDF icon of some sort and MIME type included in the resource fork.
The resource fork can hold MIME types?
It's not technically a MIME type (I used that term because it is actually familiar to a significant number of people), but it serves the same purpose, assuming the allusion in the article is correct. You can set the file type, system icon to use, and store a custom icon. Alternately they may be referring to similar functionality in an openstep bundle, which they refer to incorrectly as a fork. But yes, OS X can and will read this type of data stored in several formats.
Re: (Score:2)
How does this get past the download protection though? Any executable that is saved by Safari or Mail.app will have the source location saved in the metadata. When you first run it, the system tells you that it's an executable that you've not run before and asks if you meant to. It never shows this for pdf files[1] so you know that it is definitely something malicious.
[1] Depressingly, it does show this warning when you open a UNIX shell script in TextEdit if it has execute permission. It also shows wh
Re: (Score:2)
You know. I would know (I wouldn't even bother to read the email or save the attachment so it's kind of moot). The average user though? They're not so well clued up. If they've been as far as saving the file to their computer, I wouldn't have much faith in them not executing it.
Re: (Score:2)
Re: (Score:2)
Part of it, apparently.
Re: (Score:2)
What's depressing is that stupid tricks like this are even still possible in this day and age.
Helpful tip: In Mac OS X's Finder, if you choose "Preferences..." from the "Finder" menu, you'll find a checkbox that says, "Show all filename extensions". Check it. You will never again be at risk from these sorts of malware attacks (unless you or someone else goes back in and unchecks it).
I'm strongly of the opinion that this checkbox should be enabled on every computer in the world, and that a checkbox to hid
Re: (Score:2)
You mean the .pdf part, I assume.
Re: (Score:2, Informative)
Might want to learn the difference.
Re: (Score:2)
Well, as I understand this, it is simply an executable with a PDF icon and file extension. I presume therefore that when the user tries to open it they get the standard 'This is an application downloaded from the Internet do you really want to run it?’ alert.
Re: (Score:2)
And definitely don't run an antivirus to hog the system - which has to be *disabled* on Win7 and that's a bit annoying.
Huh? I have seen warnings like this from some installers, but I have never had to disable my antivirus. Also, don't get McAfee or Norton, and you don't get a system hog, Trend Micro is actually quite good (#3) and doesn't bog your system down.
Re:But... (Score:5, Informative)
This isn't a virus. It doesn't propagate; it's not even capable of communicating with its server once installed, so it's another one of these annual proof-of-concept social engineering attacks that anonymous Apple-haters latch onto and then promptly forget about a day later.
Re: (Score:3)
To quote Apple's own website: Mac don't get WINDOWS viruses.
(They get Mac viruses). --- not on the website.
If the world were the other way around, where 90% + of the population used Macs and a small minority used Windows... need I say more?
Re: (Score:2)
As Douglas Adams said, "it may only be ten percent of the users, but it's the top ten percent." That aside, being in the minority with a usable OS (read cli) is exactly where I want to be. Let Windows draw the flies, I say.
Re: (Score:2)
Wow, that is hilarious. So you are saying that Macs are more usable than Windows? For what? I can do everything on a Windows machine that you can do on Mac, plus much more. Therefore by definition, Windows is more usable. Just because you don't know how to use the command line in Windows does not mean it is less usable.
Re: (Score:2)
What version of NoScript doesn't show google-analytics?
I'm running 2.1.2.3 on the machine that accesses the net, and it still has it in the menu, maybe because it is in use and blocked on the site I checked.
Re: (Score:2)
As for this, http://blog.intego.com/2011/09/23/mac-pdf-trojan-horse-surfaces-threat-is-low/ [intego.com]
A Mac security company notes: 'threat to be very low, as this is not found in the wild."
Re: (Score:2)
Still technically correct: a trojan isn't a virus.
Though I'll admit it's amazing that anyone working at a Genius Bar got anything technically correct...
Re: (Score:3)
So...it's candy!
No need to worry Apple users, it "doesn't do anything when installed or propagate". You are safe and warm and don't forget to let iTunes save your password.
Re: (Score:2)
Maybe not, but its users are.
Re: (Score:2)
It's not a virus, but thanks for playing.
It's not even the first trojan for OS X - there have been several in the past.
Re: (Score:2)
No, it really does make a difference. Words have meaning. You used the term incorrectly.
I imagine what you meant to say was "malware", but of course no one is claiming Macs are immune to malware as a whole - that would just be silly. There's a long history of trojans on the Mac since they tend to reply on social engineering to work, and that's a platform independent problem. You can certainly attempt to minimise the potential threats, but ultimately you're only as effective as the user at the computer when
Re: (Score:2)
Oh I understand the meaning of the word context, however the context of this discussion is a Mac trojan, and you come wading in with some oft-repeated meme that "Mac users always claim they are immune to viruses". Whether it's true or not (and it's not), you're out of context quite clearly.
You also claimed that you were "pleased" to see that "Mac users are now joining the rest of the computing world" when as I explained, that train sailed a long time ago in the context of this discussion: trojans.
So, which
Re: (Score:2)
The slashdot of today reminds me of USENET after the AOL crowd was released from their cages. Minus the capslock of course. You'd think that at a supposed nerd hangout you wouldn't have to be arguing with someone about the difference between a self propagating piece of software and a social engineering trick. Yet that seems to be the norm, if evidenced by the bulk of comments on this article (and this article isn't alone in this).
Re: (Score:2)
In your opinion that's what you think it refers to.
In my opinion Linux is Unix. See how easy that is?