Apple Quietly Goes After Mac Trojan With Update 321
Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
If they're trying to keep it secret (Score:2)
Re:If they're trying to keep it secret (Score:5, Insightful)
Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?
I would hardly call release notes for a bugfix "shoving it in their face."
It makes a lot of sense to say what you fixed in a bugfix, so people clearly know if a system needs a bugfix, or is safe.
Hiding it makes a lot of sense if you don't want to look bad, but is unhelpful to users who want to know if they need to update their systems or if it can wait.
This is probably more of an issue for enterprise users, and in that case their are fewer macs for sure, but its a good practice to be honest about what you're fixing, and covering that up is dishonest.
-Taylor
Re:If they're trying to keep it secret (Score:5, Interesting)
Hiding it makes a lot of sense if you don't want to look bad,
It's really hard for me to believe that's the reason they did it, given the number of ugly things they did announce [apple.com], including a few bugs that give complete control of the computer just by opening a web page. They could have added a line about updating malware signatures, and if they worded it right, avoided the bad press (I mean, it's not like it's the first time there has been a trojan for OSX).
It is more likely that the internal communication processes at Apple got mixed up, and the people in charge of updating the malware signatures haven't gotten in contact with the people in charge of writing the release notes. I don't think that is an uncommon thing in large (and even small) companies.
Re:If they're trying to keep it secret (Score:5, Insightful)
Hiding it makes a lot of sense if you don't want to look bad, but is unhelpful to users who want to know if they need to update their systems or if it can wait.
I think you run too much windos. The only reason I've ever hesitated installing an OS X update right away was when it required a restart and I had something running I didn't want to interrupt. I've never seen an update break anything. I shake my head when I hear the windos admins at the company test a bugfix update. Why'd the need to do that? Isn't that what the vendor is supposed to do before sending it out?
I think you run too much Mac.
Vendors are supposed to test their updates before sending it out, but who knows if their tests were comprehensive? The best way to see if an update will work with your specific combination of hardware and software is to test it on your hardware and software. Are you using a custom app written in-house? Did your programmer rely on an outdated program interface that finally got phased out in this update? The vendor may have given plenty of warning that they were going to phase out that interface, but your programmer may have missed that, or been an idiot. In that case, the vendor *DID* test and considered it functional, but it could still break stuff.
Or the vendor thought they tested it, but screwed that up. Are you willing to trust them to always get it right 100% of the time?
Your cuddly image of Mac computers always working is great, but *NO* system is infallible, and if you have 1000 computers and you can't afford to have them all stop working on you, you have to test *EVERY* upgrade. That's just common sense.
-Taylor
Re: (Score:3, Informative)
Yes, I begin to understand. Mostly, I understand that:
* the driver mess on windos can cause your system to fail if you upgrade it, because... well, because the library management system is so stupid, there are no proper words to describe it
* Microsoft is at the same time totally lost and bound in their needs for backwards compatability and can't move forward because of it, and then on the other hand breaks it with minor updates
* even if you don't touch the drivers, different hardware can mean your non-drive
Comment removed (Score:5, Informative)
Re: (Score:3, Informative)
I've never seen an update break anything.
iTunes 2.0 erased partitions [xlr8yourmac.com] due to a nasty directory expansion bug. I wasn't bit by this, but I would have been if I downloaded the update right away. Since then, I've been happy to wait 2 weeks for folks like you to be my guinea pig. Please keep posting your reaction to updates, I need to know if it's safe for me to dl! kthxbai.
Re: (Score:2)
Re: (Score:2)
Re:If they're trying to keep it secret (Score:5, Funny)
many people go their whole lives without visiting tech sites
They don't? What an unintresting life they must lead with their travels and friends and social life. Repulsive.
Re: (Score:3, Funny)
Ahem...
Security as it should be (Score:4, Interesting)
This is a good opportunity for the world to rethink its perception of what viruses, trojans and the like are. Due to the vast and never ending list of problems and software defects that plague the dominating platform (i.e., microsoft windows) since it's inception and continue to affect it up to this day, the world has been conditioned to think that having a base system with so many profoundly serious defects is somehow acceptable. I mean, these bugs are so serious that they even let other people take over your system, a system that you've paid with your hard-earned money to be able to use as you use fit. Why exactly should this be normal, let alone acceptable?
In this instance we have a very rare glimpse of what the issue of software vulnerabilities is and how it should be handled. A very serious software bug could be exploited by malicious people to be able to gain control of the system and that problem was fixed by fixing the software bug. That is exactly how it should be. Yet, what Microsoft forced us to believe it is the right way of handling this thing is let that security hole stay wide open. What Microsoft forced the world to believe is that you solve the problems arising from any security bug by paying some third-party vendor for a piece of software that monitors your system for a hand full of instances of malicious code that made it's way into your system through those security holes. And this has become acceptable why? It's as you've bought a house with so many holes that could be used by malicious people to enter your house as they see fit and take over it. The problem lies in those holes being there and the problem doesn't go away if you employ security guards instead of plugging those damn holes your incompetent builder left there.
Re: (Score:2)
How 'bout the fact that UNIX- from which OS X and Linux are both derived- was designed from the start to be a multi-user system and therefore had system security in mind, and that DOS- from which Windows is based- was designed to be a single-user system and security was less important?
Re: (Score:3, Insightful)
Re:Security as it should be (Score:5, Informative)
So what are the architectural differences in OSX or Linux that would protect everyone from malware if they were the dominant platforms?
While the previous poster may be a bit vague on the details, this is not a point without merit. OS X and most desktop Linux variants do, indeed, have some significant security as a result of architectural choices. In other areas Windows has the upper hand, such as how much access control is applied in userland. Services, are a good example. Windows tends to have more open services and because of the proprietary nature of those closed services, more redundant services. A good example is Autodetection of local network services. It's a good type of service to exploit and a common target for malware on all platforms. Microsoft implements UPnP and exposes it by default, but by most accounts does not adequately sandbox it. Further, because it is proprietary, all cross-platform software has to either forgo the ability to link up with other versions of their own software running on other platforms, or they have to implement a different service. The upshot is, if you're running Adobe CS suite or any one of many other software packages on Windows you're running two services (UPnP and Zeroconf) that do the same thing, both of which have to exposed to hackers and neither of which is as sandboxed as it should be. If you're doing the same on OS X you have only one version (Zeroconf) and it is happily sandboxed so an attacker has to exploit not only the service, but also break the sandbox somehow... a very difficult task. This is all the result of how Windows handles services in comparison to OS X or Linux. On Windows more are exposed by default, they're easier to exploit, and they are usually proprietary; all of which leads to less security regardless of market share.
Comment removed (Score:5, Insightful)
Re: (Score:2)
agreed.. but I'm not holding my breath. Apple has just never really shown much interest in the enterprise market. If they had, they would undoubtedly have more... enterprise features... the tools are certainly out there, and Apple really wouldn't have that hard a time implementing them, I wouldn't think...
It is kind of a vicious circle in a way.. lack of tools prevents wider enterprise acceptance, lack of acceptance means the company has less reason to focus on the category and make improvements...
But I re
Re:When will we get automatic patching? (Score:5, Informative)
"man softwareupdate" for info on one way to auto install updates.
And OS X out of the box has ran software update at first boot since 10.0. Yes, a user has to click install now, and they may just ignore it. But it will come back and prompt again later.
Comment removed (Score:4, Insightful)
Re: (Score:2)
I'm confused (Score:2)
While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
How exactly are these two objectives different from each other?
It must be true... (Score:2)
...because it was mentioned in a blog.
Viruses? (Score:2, Interesting)
iPhoto? (Score:2)
Re:iPhoto? (Score:4, Informative)
Whatever the current version of iPhoto is comes with your Mac. To upgrade you have to buy the latest version of iLife.
Re: (Score:2)
I don't get it. Why would anyone pirate iPhoto? It comes with every Mac sold, already installed.
The current version comes with every new Mac. If you have an older Mac, you may not have iPhoto, or you may have an old version that doesn't have some of the new features you want. iPhoto cannot be purchased separately; it's part of the iLife suite which sells for $79 and there is no discount for upgrading from a previous version.
The reason they kept quiet, is of course: (Score:3, Interesting)
That if any Apple user would have heard anything about it, they would have preferred to keep the Trojan installed, so they could use it to sneak out of the walled garden once in a while. ;) ;)
Also, fanbois wouldn’t be able to parrot how their system has no known viruses at all. And we all know that Apple relies nearly completely on...ehrm... viral marketing.
Adding a 3rd malware to the blacklist is not news (Score:3, Interesting)
The malware blacklist has existed since Mac OS v10.6.0, and has always had 2 Trojans on it. Now Apple added a 3rd because there is a new one. That's how it's supposed to work. If this is news, it says really good things about Apple because it's man bites dog. New malware on Windows is dog bites man.
The Mac is not invulnerable to malware. No system is. That would be like saying a building is invulnerable to graffiti. However, if you paint over graffiti the instant it appears, you remove the entire incentive. Apple's Software Update patches 75% of the community within a week or so, and the rest within a month or so. There's just not much to be gained with Mac malware. Whatever you exploit will be replaced almost immediately by Apple. Snow Leopard is not one version of an OS, it's 10 discrete versions. There were 11 versions of Leopard. Each lasts only 2-3 months. A typical Windows version lasts 2-3 years or more. It's a very different situation.
Another thing to understand is that Sophos and other companies who make their living solely because Windows is mismanaged always want to expand into the Mac market and so they like to pretend that it's not a question of platform management but rather that malware is a fact of life and their services and scanners are necessary. No. The 10-20 built-in security systems of Mac OS are superior to anything you can bolt on to Windows.
Re: (Score:3, Informative)
I think you don't know what a trojan is. A trojan is a simple program that pretends to be something that it isn't. Any OS is vulnerable to such program because OSes are designed to, guess what, run programs, no OS is that smart to identify if a program is not doing what is claiming to do. (not getting into details, there are way to limit the damage and heuristics, but the main idea is that a trojan is a program that the user is running because he/she doesn't know any better).
Actually the big part of the pro
Re:Trojan for Mac had to appear some day... (Score:4, Funny)
> I think you don't know what a trojan is....
I think you do not know who you are talking to ;-)
More seriously, I agree with what you say although. The best way that I know of to protect against trojans is to verify digital signature as I posted here:
http://apple.slashdot.org/comments.pl?sid=1691914&cid=32627744 [slashdot.org]
Then again, the line is slim between installing a trojan because you think it is iPhoto and installing a program because you are misguided into clicking onto something while browsing the web.
In modern times, the distinction between trojan, virus and spywarre and what not is harder to make. The iPhoto trojan is basically a rootkit. It doesn't matter if you get that rootkit installed by making the user believing he is installing iPhoto or by exploiting something else in the OS, you still end up with a rootkit installed on a remote machine.
As a matter of fact, the hackers will probably find another way to install their rootkit if they haven't already found one. Security is a global topic, punctually plugins holes isn't the way to go although it is required sometimes. Punctually plugging holes is part of a good security policy but it is no policy in itself.
Re: (Score:2)
"It doesn't matter if you get that rootkit installed by making the user believing he is installing iPhoto or by exploiting something else in the OS, you still end up with a rootkit installed on a remote machine."
It does matter how the stuff gets installed, it matters if malware gets installed only by browsing a site that has a malicious ad that distributes malware, or the "hacker" needs to convince the user to install a fake iPhoto program. Just like it matters how you get a disease, by having sex or by drinking water, a disease is still a disease, but it matters a lot how it spreads. Wearing condoms won't protect you against water-related diseases.
Re: (Score:2)
Well, you should have mentioned digital signatures anyway. "Well vetted sources" means nothing.
I have no time to argue further whether "how it is installed' matters more than the end result.
Re: (Score:3, Funny)
I also lack time to discuss every time I cannot come up with good arguments for my position :)
Re: (Score:2)
I also lack time to discuss every time I cannot come up with good arguments for my position :)
Not me, only when the argument list is too long for both side and that arguing would be futile because the viewpoints are too closely interrelated.
Anyway, my point was that a malware can have several means to install itself. So, that rootkit, which is according to you a trojan, would become a virus if it could exploit a hole in one of the daemon running as root to install itself without user intervention. Once installed, the way to detect it and remove it would be sensibly the same although.
Re:Trojan for Mac had to appear some day... (Score:5, Funny)
Wearing condoms won't protect you against water-related diseases.
That depends on where you wear the condom.
this is anything but new (Score:5, Informative)
There's been malware out for mac for well over a year. The big one I run into is a self-decoding shell script that installs a root cronjob to redirect your dns servers. The machines get brought into me because their web browsing has gotten slower, due to the malware dns server the machine is now using being a lot slower than their ISP's.
I've actually ran into ONE example of a mac that was back-door'd, but thought it was an isolated targeted attack. (the victim was "high profile") But maybe it was just an early version of what's discussed in this thread.
BUT, tossing my hat into the ring as to whether or not Apple should be "hiding" the fix... check out the latest security update from Apple. HUGE list of security patches. (over 40?) All with accreditation to the people that brought the issues to Apple. It's not like they don't have issues, and it's not like they systematically hide them. They just tend to fix them very quickly, and have very few (relatively speaking) to fix in the first place. Apple is well-known to include security updates and fixes in their OS updates, they don't all land in security updates. That's all this one was. It's very likely there were a dozen other security-related fixes made in the 10.6.4 update. This one they just happened to notice. Apple just doesn't usually put a security-fix accreditation readme in with their OS updates. Is that the real issue here I wonder?
Re: (Score:2, Insightful)
Fix them very quickly? Not true. They fix the ones made public very quickly but they are often as slow as Microsoft used to be at fixing the ones that don't make a splash. Microsoft in the meantime has gotten much more agile and serious about fixing bugs when they're reported all the while bitching if someone dares go public too quickly for their taste ala Google. Microsoft has gotten good at keeping researchers from telling anyone anything while Apple has simply been happy that no one has noticed. As Apple
Re:this is anything but new (Score:5, Interesting)
Microsoft in the meantime has gotten much more agile and serious about fixing bugs when they're reported all the while bitching if someone dares go public too quickly for their taste ala Google.
Too quickly for their taste?
I don't know what world you live in where you can patch something as complicated as windows in five days.
Do you know how many versions and language combination of windows there are? Testing and QA that goes into it? Documentation?
It's not like your small little project where you fix a couple of lines and call it done you know.
And also, it wasn't "Google" per se, one of their security researchers did it, and according to his tweets he claims that this was done on his own time.
But sure, let's ignore the facts and label this as a clash of the titans.
Re: (Score:2)
Where in the world except for microsoft the languages is relevant for fixing up bugs or securing the CODE?
Re:this is anything but new (Score:5, Interesting)
Where in the world except for microsoft the languages is relevant for fixing up bugs or securing the CODE?
The world where you have to deal with RTL languages like Arabic and Hebrew where no matter how simple the patch is, something is bound to get broken.
That's not even considering that the bug was in the hcp:// protocol that's directly related to help/remote assistance and the control panel. How will the patch affect hcp://[slashdot ate my UTF-8 Arabic characters that spelled help]?
That said, I do not have access to the code and I do not know for sure if there are any il8n issues to consider, but make no mistake about it, Windows is not your freaking weekend project that you can fix/QA and push live in five days.
Look, I dislike Microsoft as much as the next guy, but Google's security researcher really didn't give them any chance here.
Had he reported it and it went unfixed for 3 months then I'd be rooting for him and bashing MS like there's no tomorrow. But any bug in a code base as complicated as windows cannot be humanly fixed in the time-frame he gave them.
Re: (Score:2)
Interesting. Although I find it hard to believe that even a malware DNS would be slower than my ISP's DNS...
Re: (Score:2)
Use Google Public DNS [google.com]. Easy to remember too. 8.8.8.8 and 8.8.4.4
Re: (Score:2, Insightful)
Re: (Score:2)
Re:Trojan for Mac had to appear some day... (Score:5, Informative)
Re: (Score:2)
It isn't even the first one that apple's built in "detection" looks for in downloaded files, this is the 4th or 5th i think.
Re: (Score:3, Insightful)
So how does Mac "detects" it ?
Does Mac have a built-in anti-virus or do they rely on something simpler like checksums or something like that ?
Anyway, as said in TFA, I guess all MAC users should install anti-virus software. I use clam on Linux although I run no daemon process. I only scan emails or other very suspicious downloaded files and I run a full scan every week during the night. I also rely on common sense and digital signature when I download/install software.
Re:One does not have to wonder (Score:5, Insightful)
So you like it when the OS vendor pushes some software onto your system without any mention in the patch notes (which is the point of the article)? If so, you're posting on the wrong website.
Re: (Score:2)
But this isn't "software" this is just "updated contents of an XML file".
Re: (Score:2)
but they did have it in the notes. the article is wrong.
Uhm.. can you point to where you see that? Here are the notes: http://support.apple.com/kb/HT4188 [apple.com]
Re:One does not have to wonder (Score:4, Informative)
anti-virus is for the user, not for the OS (Score:4, Insightful)
On one hand, Apple could have very well done the same with other parts of the software, providing fix without disclosure. This goes on to say that vulnerability disclosure is a very poor indicator of software quality. However, in this case, it could have said something as trivial as "updated malware signature database." It's not fixing a vulnerability.
On the other hand, this article highlights the very interesting fact that there *is* a market for anti-virus software, even when the base OS is robust and secure. The base OS could be immune to virus and malware attack when there is no user action involved. However, the user could become the weak link to compromise their own system. Anti-virus software prevents high-risk users from being affected by their reckless action.
It's just like how only certain people need to be HIV tested regularly. You only need to worry about HIV infection if you received blood transfusion, or if you engaged in promiscuous sexual act (willfully or as a rape victim). If you did neither, then you don't need to be tested, hence you don't need to spend money on the pharmaceutical products for the HIV test. You should definitely be tested regularly if you know what you do carries a high risk of contracting HIV.
You may still need anti-virus software, depending on if what you do online carries a high risk of contracting malware. It has less to do with whether your operating system is secure.
Re: (Score:2, Informative)
Re:Trojan for Mac had to appear some day... (Score:5, Informative)
Part of writing serious malware, the sort that uses shellcodes and relies upon particular calling conventions and memory layouts, is very platform-specific. That kind of thing has to be learned anew for every platform one wants to target, often including different architectures of a given OS.
Trojans, on the other hand, are literally nothing other than programs that the user doesn't realize he is installing. They may attempt to hide themselves using platform-specific tricks, but at the end of the day, it's a program written like any other. OS X may emphasize Objective-C and de-emphasize its UNIX underpinnings for many things, but at the end of the day it uses a POSIX API very similar to the one found in Linux.
Hell, I've written software for the POSIX subsystem of NT on x86, and successfully ported it to Linux on ARM, with fewer than one #ifdef per KLOC. I strongly suspect that OS X is a lot closer to Linux than SUA (Microsoft's NT Subsystem for UNIX Applications) is to Linux, yet it wasn't hard at all. It wasn't malware, but if I'd wanted to I could have invisibly slipped it into an installer for some other program and then it would have been a trojan.
Re:Trojan for Mac had to appear some day... (Score:5, Funny)
Re: (Score:2, Funny)
Re: (Score:3)
OSX is based on UNIX (and is a certified UNIX OS) Linux is Not UNIX and although compatible is quite different to OSX
Slightly OT, but amusing:
Linux Is Not UniX ia a (near-perfect) recursive acronym.
Re: (Score:3, Funny)
You might even say backronym
Re:Let's get this out of the way, shall we? (Score:5, Funny)
Anyways even if there was mac malware, They would be forthcoming, and quit claiming to be malware free... I mean they would never lie or mislead us right.. RIGHT!?!?
Disclaimer to the mac fanbois, if you cant take a joke, don't bother replying.
Re: (Score:3, Funny)
Yes, it's like coppery.
Re:Let's get this out of the way, shall we? (Score:5, Insightful)
If you're just starting to wonder now then you're gonna be in for a shock. Apple has never been a really transparent company about what they do, and they've always just pushed and bundled things however they like.
Re: (Score:3, Interesting)
Well, I've run into several covert Apple "pushes" in the (thankfully) short period of time I've had to deal with their cobbled system. I seem to recall two stealth pushes of Java in particular which broke the platform we were using: anyone watching upstream would see security issues being discovered (and fixed), but Apple made no such disclosure and just installed them. That's really nice on a server. (Microsoft, you're an ass for doing same with 'new' packages like the latest version of IE, even when SUS h
Re: (Score:3, Informative)
Re: (Score:3, Informative)
Golly, other companies have done this before so it must be ok for apple to do it too, and anyone that criticises them must just be a hater. tee hee hee
You're a tool.
Comment removed (Score:5, Insightful)
Re: (Score:2)
and thus are more likely to have AV and Antimal.
Ive never understood this. Can anyone explain why there is a significant difference between virus and malware, and why anyone would recommend 2 security programs running simultaneously? Doesnt this run dangerously close to the "2 antiviruses will wreck your machine" line?
Really just sounds like an attempt by security vendors to convince you to pay twice TBQH, last time i checked most of the free AVs made it clear they cover viruses, trojans, worms, malware, etc.
Re:Let's get this out of the way, shall we? (Score:5, Informative)
A virus attaches it's code to programs and spreads itself to others when you run an infected execuable on a system. Viruses are pretty much old school and are easy to detect because they modify the code of executables. They also can't infect programs outside of the priviledge level of the infected software and also cannot do a lot of crazy things outside of the user's access level. They are pretty much old school and are not very profitable, just destructive or annoying.
Malware spreads through an exploit vector or social engineering. It installs software and drivers to the system which it attempts to hide through various tricks and obscure OS functionality. Malware can often have a rootkit driver which make them invisible or impossible to remove when booted normally. Malware is designed to make a profit too (like making your machine send spam, logging passwords or other info, popping up ads...).
The reason for the two different levels of software is because malware initially was difficult for vendors to define. Some software for example, presents it's negative aspects in the EULA and it's assumed to be valid software if you install it. Who's to say that WGA isn't spyware or any software that reports activities back to a central server? Malware is also hard to detect heuristically and antimalware apps instead rely on lists of file/registry locations and hashes.
But the two AV programs shouldn't be an issue because they do their blocking and checking at different points. Antivirus needs filter drivers so it can scan files for attached virus code or activity. Antimalware just needs to periodically scan a set of locations and ensure no malware is there. But yeah, most of them can be integrated pretty easily and it makes sense.
Re: (Score:2, Interesting)
The difference with Windows to OSX is Windows has a lot of backward compatibility with older software that weakens it. Renaming an installer to a specific filename defeated the protection in Vista.
To to mention autorun from USB sticks and other braindead convenience features (which are being removed or have been).
Security in OSX is mostly based around sound Unix principles. There's no awful backward compatibility in the Unix underpinnings.
Re: (Score:2)
Exactly, Windows XP could actually be very secure but that would break a lot of big-name programs that were written so they can't run without administrative privileges. So the default settings of a typical Windows install is rather insecure. Windows 7 and server versions are much more secure, but it can be painful and de-securing getting things to run.
Re: (Score:3, Interesting)
Re: (Score:2)
thats real good advice, Ill keep that in mind.
Re: (Score:2)
""Unsinkable" modern passenger ship with no lifeboats or worn African ferryboat with more lifeboats than seats?"
++ for marine analogy. (A chubby is sprung forthwith!)
I'll go for an Open Source Coast Guard cutter that is fully equipped but requires I become a crewman instead of a passenger.
Re: (Score:3, Interesting)
Classic case of PR over practicality.
We don't need as many lifeboats because the ship can't possibly sink. Just put em on to keep the officials happy.
And as the ship is unsinkable, no lifeboat drills.
Oh.. and a few lower grade rivets will be fine, cos' the ship is unsinkable remember... No harm saving a few quid eh?
Of course, a PR driven product couldn't exist like that today, because so many technical people would point out the flaws, and the company wouldn't get away with it. Right?
Re:You have to wonder? (Score:5, Informative)
Re: (Score:2)
Don't malware writers turned over to writing malware for profit AND mischief instead of just mischief?
Do non-trojan viruses even exist anymore? Isn't all malware today some kind of trojan?
Re: (Score:2, Informative)
The kind of person who would buy a mac because they "don't get viruses" would be very pissed after stumbling upon this article and especially this condescending, duplicitous thread.
People from the Windows world know this - the average user dosen't give a shit about the differences between viruses and trojans. If it makes their AV software blink red, it's bad.
Re:You have to wonder? (Score:5, Informative)
The kind of user that buys a Mac probably doesn't care about "details".
A virus is called a virus for a reason. It's called a virus because it
shares an important characteristic with biological organisms.
It can replicate itself.
A Trojan is just a stupid program that doesn't do what it says.
Similarly, a Trojan is called that for a reason. You have to go outside
the city walls and drag it back inside your perimeter before it does you
any damage.
Yes, these little "details" like words and terms that have actual specific meaning are important.
Re: (Score:2)
The kind of user that buys a Mac probably doesn't care about "details".
I'm probably going to be accused of being an Apple fanboy here but the same argument can be used for people who buy computers with Windows preinstalled because most computer users really don't care about such "details" but there are definitely Mac users who do know the difference between a virus and a trojan (I've actually tried my hand at constructing both types of programs, a small harmless asm virus back in the DOS days and a C#.NET trojan that just annoyed the user and always tried to spawn a new proces
Re: (Score:2)
It depends on the user I'm talking to what terminology I use. For someone with a clue, I'll state virus (very rare these days -- people don't share executables), worm, Trojan/Trojanized program (the most common attack), browser/add-on exploit, drive-by download, logic bomb (like a disgruntled sysadmin keeping a file that if it doesn't get a touch in x amount of days, causes a rm -rf /net), or use the generic term, malware.
For Joe Sixpack who does not care about the difference, I just use "virus" for all ma
Re:You have to wonder? (Score:4, Funny)
Beware of Greeks bearing gifts! And in all seriousness, using the proper term might cause a few more users to think twice about clicking "Ok" and instead thinking about ancient stories and their modern parallels.
Re: (Score:2)
Re:You have to wonder? (Score:5, Funny)
Sometimes a trojan prevents a virus.
Re:You have to wonder? (Score:5, Insightful)
Trojans aren't viruses.
Please list off all the viruses that will run on Snow Leopard.
Mac users are very fond of pointing out this distinction, leaving out that trojans and malware, and social engineering, these days are the overwhelming majority of Windows issues as well. The traditional virus is mostly a thing of the past.
Re: (Score:3, Interesting)
...except Windows is automated to the point that "trojans" become viruses.
That is the whole problem that Windows has created and magnified. They
have taken situations that previously didn't have any risk of viral
infection and added automatic execution of random untrusted programs.
It's like having walls that pull through any Athenians or Spartans that happen to standing outside.
Suddenly, the Trojans are wondering WTF is Achilles doing in the middle of the Palace.
Re: (Score:2)
So, what? It's okay to twist terminology to make it look like Windows is full of holes and Macs are vulnerability-free?
The same types of vulnerabilities and same types of malware exist on both; less of either have been found on Macs, but that's explained by the lower market share. The architecture of Mac OS X may make cleanup easier, but viruses stuck in user space aren't harmless.
Re:You have to wonder? (Score:4, Insightful)
He's not saying that Macs are immune, he's saying that Windows had some bad design concepts at one point. Microsoft went through a phase where they integrated things like scripting and COM into everything they could, but there was very little consideration for security. It wasn't until worms and malware started rampaging across Windows machines that they actually started considering and working on security.
Take Outlook for example. E-mail was normally safe because it's was only text and images. Then add VBA scripting capabilities and embedded ActiveX controls to the mix...suddenly there are huge vectors for hostile software to use in plain old e-mail messages. Internet Explorer would ask if you wanted to install an ActiveX control, if you said yes it would have full access to your system to do whatever it wanted. NT based systems ran will a full compliment of services exposed to the internet and ready to use.
No one considered that people on the internet might be assholes and take advantage of those handy features for completely hostile purposes. Even if they did Microsoft had no clue where to begin and would take years of hard lessons to get Windows into a decently secure state.
Re: (Score:2)
"This may be news to you but trojans are not viruses."
This may be news to you but I've written several trojans for DOS that were indeed viruses.
You might wish to rethink that statement you just made.
Re: (Score:2)
I know a guy who made a car that also works as a boat.
Therefore cars are boats. Anyone who says differently is lying,
A Billion Monkeys (Score:2)
Re: (Score:2)
This may be news to you but I've written several trojans for DOS that were indeed viruses.
A trojan is a program that appears to do something the user desires but instead does something malicious behind the scenes. A virus is a self-replicating bit of code that attaches to executing code in order to replicate.
You may have written a trojan that released a virus but that doesn't mean that a trojan is a virus.
There are currently no viruses in the wild for Mac OS X. Trojans are another story.
Re: (Score:2)
Re: (Score:2)
You an really only go as far as saying "There are, in fact, no known Mac OS X viruses in the wild".
Of course! Just like you can say "There are, in fact, no known Flying Spaghetti Monsters in the wild."
Re: (Score:3, Insightful)
Bad example. Many people know in their hearts that there _is_ a Flying Spaghetti Monster.
Re: (Score:2)
"Saying that Mac OS X does not have any viruses at this point in time is 100% true."
I'm sure that will be great comfort to the victims of OS X malware.
Re: (Score:2, Informative)
Only problem being, by that definition, Windows nowdays doesn't have viruses either. They just have spyware, adware, and trojans.
Oh really? You mean these aren't viruses?
These all fit the definition of a virus and there are tons more in the McAfee Threat Center.
Re: (Score:2)
Re: (Score:2)
Being open about one's shortcomings is a prerequisite for trust.
I'd rather drive a car that underwent several public recalls instead of a car with defects that the manufacturer kept silent about.
it's a trojan, not a Mac defect (Score:2)
Trojans work because of faults in the human operator, not because of faults in the OS.
It's not a Mac fault, and to carry your allegory forward, it'd be like if car companies recalled cars because it was possible to get in a wreck if you drive them into a wall.
Re: (Score:2)
This is an event in a way. For ages security folks have told Apple to do something about the vector of attack - at least somehow protect against malware which pretends to be Apple's own app (what is easy: just copy-paste an icon and no-one would be able to tell the difference). There were rumors about trojans on Mac OS for ages. Some of pirated Mac software on P2P networks is said to be infected. As that was probably the source before, Apple might have been reluctant to act.
Apple acknowledging existence
Re: (Score:2)
"I was back up and running in two hours where as to do the same with a PC would have cost me a day or two."
Two hours beats usual Windows + apps install time from standard media, but a day or two is a bit much. If I had a Windows machine with that much...stuff on it I'd image the thing and back it up frequently.