Flashback Trojan Hits 600,000 Macs and Counting 429
twoheadedboy writes "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."
Macs don't get hacked (Score:5, Funny)
Re:Macs don't get hacked (Score:5, Funny)
Is it just wrong if I laugh a little?
Try to keep it to a low chuckle. The reality distortion field might break under greater strain.
Re:Macs don't get hacked (Score:4, Funny)
Is it just wrong if I laugh a little?
Try to keep it to a low chuckle. The reality distortion field might break under greater strain.
It just works!
Re:Macs don't get hacked (Score:5, Insightful)
Re:Macs don't get hacked (Score:5, Insightful)
To be fair this is a Java exploit, and it's already been closed by Apple.
The dullard users are probably receiving security updates automatically, and so they'd have been updated as of Tuesday.
Aside from this, the general public does not seem vulnerable:
Security researchers have uncovered yet another Mac Trojan in the wild, this time hiding inside pirated versions of the Mac OS X image editing application GraphicConverter.
The pirated copy of GraphicConverter 7.4 is being actively distributed on file-sharing networks and torrent sites like Pirate Bay and contains the DevilRobber Trojan, Sophos researchers reported on 29 October. Once on the Mac OS X, DevilRobber creates a backdoor for remote access and installs a Bitcoin miner that uses up spare system resources and steals the content of the user’s Bitcoin wallet, according to Sophos.
Re: (Score:3)
(after reading more closely, that appears to be a trojan that exploited the same vulnerability.)
Re:Macs don't get hacked (Score:5, Interesting)
Security researchers have uncovered yet another Mac Trojan in the wild, this time hiding inside pirated versions of the Mac OS X image editing application GraphicConverter.
This general method, by far, is the quickest and easiest way to create a botnet. Package up some wanted software with your trojan that you checked against the top 20 malware checkers, and upload away to all the public trackers you can find, and some private ones.
Yet weeks later when your trojan gets added to the malware definitions, you'll continue to see Windows morons download, run a scan, and pronounce "LOL FALSE POSITIVE"
There is no anti-malware for stupid.
--
BMO
Re: (Score:3, Informative)
Indeed, this is one of the reasons that got me into Linux in the first place - that I am not nickel-and-dimed for a workable computer.
By the way, since the Gimp handles RGB images better than Photoshop, it's better for astrophotography processing. ImageMagick is also quite the program.
Come for the free beer. Stay for the freedom. Use Linux.
--
BMO
Re:Macs don't get hacked (Score:4, Funny)
Agree totally. There's no need to pirate closed-source software when good open source solutions exist.
Re:Macs don't get hacked (Score:5, Insightful)
To be fair this is a Java exploit, and it's already been closed by Apple.
The dullard users are probably receiving security updates automatically, and so they'd have been updated as of Tuesday.
To be fair, that's true of almost all malware that propagates in the wild on Windows-based systems too. Zero-days that haven't been patched by Microsoft/Apple/et al. are very rare on any platform, and usually only available to organizations with resources on the level nation states or the like for espionage/cyber-warfare purposes (c.f. Stuxnet).
Re:Macs don't get hacked (Score:4, Insightful)
Certainly these things are true.
For the novice user, they are safer with a Mac, I don't think that is any less true than it's been for a while. There are less vulnerabilities overall, there's less malware overall, there's no chance they are using IE when on a Mac, the process of keeping updated is more dummy-proof... dummy users are safer on Macs.
And this is just for people using full PCs. Increasingly these novice users are spending all their computing time in iOS which is even less vulnerable.
Re:Macs don't get hacked (Score:5, Informative)
the process of keeping updated is more dummy-proof... dummy users are safer on Macs.
It is? Last time I checked, the default update mode for Windows will install updates the next time your shut down your computer after Windows detects an update has been released.
This is a bit different in a corporate setting, but I assumed you meant for home users.
Re: (Score:3)
And not only will Windows automatically update, it will also automatically restart to install that update if you wait too long to do it.
It seems to wait until the wee hours of the morning to do this, which makes the most sense.
Re: (Score:3)
This doesn't work as well in today's non-desktop world. Most people's laptops are sleeping when the lid is closed, which it often is at night.
I think for the most part you'd find that people have the laptop asleep unless they're actively using it, which makes updates annoying and more likely to be canceled by the user.
Re: (Score:3)
Zero-days that haven't been patched by Microsoft/Apple/et al. are very rare on any platform, and usually only available to organizations with resources on the level nation states or the like for espionage/cyber-warfare purposes
Wow, absolutely not. (Incidentally, "zero-day that hasn't been patched" is redundant. Once the vendor knows about the exploit it is no longer a zero day). These guys find zero days [wikipedia.org] every year. Every iphone jailbreak is a result of a zero-day exploit, unless you are saying Apple purposely hides vulnerabilities in the system to make them easy to exploit.
Zero day exploits are still pretty common, and it's worth taking extra steps to be prepared for them (like regular backups, running certain software in a c
Re:Macs don't get hacked (Score:4, Insightful)
Yep, idiots doing idiot things because they're idiots. The OS doesn't protect you from yourself., when you tell it to install something it does it.
Re: (Score:3)
To be fair this is a Java exploit, and it's already been closed by Apple.
To be fair, most Windows exploits have also been Java/Flash/(Insert 3rd party vendor here) exploits too. It's been a long time since a remote Windows OS vulnerability has been seen. XP service pack 2, perhaps? But then again Windows has never made claims about being inherently "more" secure, either.
Re:Macs don't get hacked (Score:4, Insightful)
600,000 computers didn't get infected because someone downloaded some pirated software loaded with the malware. This is not the DevilRobber trojan, this is Flashback. The Java vulnerabilities used to download and run the virus are exploited via the good old drive-by-download method, which does not require user interaction (thanks, Java!).
According to the Dr Web blog posting, “systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit.”
This is the exact same method that Windows machines get infected. The top 3 infection vectors are Java, Acrobat, and Flash because all 3 of them will load whatever the server tells them to in a hidden iframe if necessary. Vulnerabilities in IE itself account for less than 10 percent of Windows infections, the vast majority are from insecure third-party browser plugins. Those plugins do not all of a sudden become secure, and the vendors don't all of a sudden start using good security practices, just because the target OS runs on Apple-branded hardware.
About the users too (Score:5, Insightful)
Market share has something to do with it, as does a pretty good track record of security, but the type of users that use Linux is also a significant reason that we don't see widespread malware affecting desktop Linux. Your typical Linux user is generally more nerdy, computer literate and security concious.
If you did a survey of how many users clicked on pop-up banners, opened PDFs from spam email, granted permission to untrusted Java applets, etc, I bet the percentage of Linux users who fell in the traps would be smaller than the other OS users.
Re: (Score:3)
Re: (Score:3)
Well, here goes.
My grandfather indeed does use Linux. He doesn’t know the difference because he’s never used Windows anyway.
Whenever I take a look at his PC, I’m glad I gave him Linux; the amount of “codecs” he downloads when searching for porn alone would make a common Windows antivirus commit suicide.
My father also uses Linux. He does have Windows on his computer, too, but he mostly uses Linux nonetheless. He’s more savvy, but I still keep an eye on things.
Also, neit
Re:Macs don't get hacked (Score:5, Interesting)
It's not just about market share, although that does play a large part. For malware you spread you need a large or sufficiently interesting target for someone to bother writing it (an OS with only a dozen users, all of which were major banks that used it for Internet-facing transaction processing systems, for example, would be an interesting target even though it would have a tiny market share).
Then you need an attack vector. Operating system vulnerabilities aren't that uncommon (check the CVE database for the Linux kernel), but most of the time these attacks come through userspace applications. From there, it depends on what the attacker wants to use. Desktop operating systems tend to be more vulnerable in this regard because very few applications are properly sandboxed, so once you've compromised one you've got complete access to everything the user does. Server software tends to be a bit more careful with privilege separation, so a Linux server may be a lot more secure than a Linux desktop.
Finally, you need some mechanism for it to spread. This is often related to market share. For example, Windows worms used to be very common because if you look at any random IP on the local network you're likely to find a Windows machine. If you've got some Windows exploit, you can spread to every machine on the network very quickly. The same was true of email worms - a worm that compromised Outlook Express could send a message to everyone in the address book, and at least some of them would be running Outlook Express and so it would spread. In contrast, if the lone Mac in the corner of the office is infected then it's harder for it to find another Mac to infect before someone spots unusual traffic patterns and cleans it up.
Re:Macs don't get hacked (Score:4, Informative)
Actually, the vulnerability used in OS X is also in Linux. So yes, it can infect Linux!
However, the payload only currently runs on OS X, so infecting Linux is a minor point since it does nothing.
It's a Java vulnerability. Which is interesting since Apple stopped supporting and shipping Java since what, Leopard (10.5)? Heck, we can blame Oracle for the mess...
Re:Macs don't get hacked (Score:4, Informative)
Apple stopped supporting and shipping Java since what, Leopard (10.5)
That's patently incorrect. Java is alive and well on OS X, and is still supported on Lion, Snow Leopard, and IIRC there was a Java update recently even for Leopard.
Re: (Score:3)
It's not *just* about market share. It's about a lot of things, including non-technical issues like the kinds of users the platform attracts, the kinds of work the computer is being used for, and the environment in which the computer is being used.
Re: (Score:3)
Also, Linux has roughly the same market share as Mac; with a 5%-6% share.
I would certainly question the number of humans using OSX every day being roughly equal to the number using Linux.
Re: (Score:3)
where every user was the equivalent of root at all times,
2006 called. It wants its argument back.
You know that UAC thing people who use Windows like to complain about?
Re:Macs don't get hacked (Score:4, Insightful)
You know that UAC thing people who use Windows like to complain about?
I have to laugh when I see self-proclaimed 'experts' disable UAC, solely because they're smart enough to know where the option to turn it off is; but apparently not smart enough to realize no matter how smart, competent, and safe of a user you think you are, it's never a good idea to run as root, even if you think you're Electronic Jesus who never makes mistakes. (There's considerable overlap between this group of 'experts' and the group of 'experts' who refuse to install MSE because they're 'too good' to need it.)
Microsoft can only go so far to protect its 'expert' users from themselves. At some point, the user's own stupidity is at fault. And a user's stupidity doesn't go away just because they're using a different OS.
Re: (Score:3)
Re:Macs don't get hacked (Score:4, Funny)
Who targets less than 1%?
The 99%?
Re: (Score:2, Interesting)
Apple should advertise OS X to hackers:
Instead of stuff like "Robust Kernel based on Unix" hackers would surely be attracted towards "Familiar Unix-based Kernel with guaranteed fewer security measures than Windows or many Linux distros"
Re: (Score:2)
"Familiar Unix-based Kernel with guaranteed fewer security measures than Windows or many Linux distros"
Uhhhh. what? Fewer than Windows?
Don't get me wrong, I use Windows a lot, and almost never use MacOS... but I'm not sure that is accurate (Mac having fewer security measures in the kernel than Windows.) Mind you, the most important security measure are done via the gray matter between your ears in how you set up and use your environment, but I don't think that necessarily affects either platform particularly. Both have a shitload of lemming users who just expect things to work, and assume that some technica
Re: (Score:3)
I didn't mean security features in the kernel, I meant more visible stuff like UAC (first one that comes to my mind).
Let me introduce you to sudo. UAC's functionality is very similar to the "sudo" command. [wikipedia.org] Incidentally, if you think UAC is what's needed to make a system secure, you need to spend a few weeks messing around with metasploit. It will open your eyes.
Re: (Score:2, Offtopic)
"I'm givin' ya all she's got, Cap'n!! She cannae take any more punishment!!!"
- Tim Cook
Re:Macs don't get hacked (Score:4, Insightful)
The reality distortion field might break under greater strain.
That collapsed the second Jobs died. It's just a matter of time before everyone notices it and you start hearing hipsters and Macheads all saying some variation of:
"Apple just isn't the same since Steve left. They sold out. It used to be about the MUSIC, man!"
Re:Macs don't get hacked (Score:5, Funny)
Re:Macs don't get hacked (Score:5, Funny)
No, college kids love them. They use them to tweet out messages encouraging their fellow students to fight evil corporations.
Re: (Score:3)
You can buy Apple stuff from Brazil - that's manufactured locally [pcmag.com].
Re: (Score:3)
Hilarious...so servers outnumber desktops now? (Score:3)
Only on slashdot.
Re: (Score:3)
Re:Macs don't get hacked (Score:5, Funny)
Re:Macs don't get hacked (Score:5, Informative)
Re:Macs don't get hacked (Score:4, Informative)
Re: (Score:3)
App Store si not a trusted repo. A trusted repo compiles its own binaries from (community or self) reviewed and vetted source. Apple never sees the source for apps in their store, just the binaries. It would be trivial to throw a bit of sleeping malware into an App Store app, set to activate on, say, 9-11-12 or 12-21-12, that would sneak you past the review process and keep you in the App Store for long enough to build up a decent install base, then BAM, malware activates. Even then, your app won't be pulle
Re: (Score:3, Interesting)
Please provide reference to a recent study that a windows 7 box with default install will get "629 viruses and trojans a day" - Or did you mean a windows 95 box?
Re: (Score:3)
Re: (Score:3, Funny)
Everybody knows us nerds are suckers for a pretty face with a bit of rouge.
Re:Macs don't get hacked (Score:5, Funny)
... I tried to find where I should insert the Prozac. I tried the optical disc tray, but that didn't fix it. How do I unsad my Mac?
Re: (Score:3, Funny)
Nobody ever claimed Macintoshes were bulletproof.
Hi, I noticed you are new here, and just thought I'd welcome you.
How to check (Score:2, Interesting)
Is there any way to check whether your Mac is infected?
Re: (Score:2)
Re: (Score:2, Informative)
How to tell whether you are infected (Score:5, Informative)
See here: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml [f-secure.com]
Summary:
If you open Terminal and run
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
and
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
and see:
The domain/default pair of [...] does not exist
for each, you are not infected. Also, if you run nearly any AV software or other tools like Little Snitch, you are not infected as it checks for these and deletes itself if found.
Also, no sensible person ever said "Macs don't get [infected/hacked/whatever]." It just a lot less likely, and has historically been, even accounting for differences in marketshare. As Mac share increases, it only makes sense they'll be targeted more with malware. But Macs, as a whole, are indeed "more secure", in that still, to this day, you are far less likely — even with the complacency or, if you prefer, ignorance, of Mac users — to become impacted with any malware than with Windows. Maybe someday this will change. But it's never been true to date, and isn't true now. The fact that single instances of Mac malware get so blown out of proportion, STILL, is ridiculous. (Though, Apple could do better with patching known vulnerabilities in Java on Mac OS X...)
The same advice and best practices for avoiding malware apply to Macs as well as any other desktop platform, and Mac users would do well to run current AV software. The Sophos free edition [sophos.com] is nice.
Re:How to tell whether you are infected (Score:5, Funny)
Summary:
If you open Terminal and run
This just offended or confused 90% of the MAC users
Re: (Score:2)
Oh, 10 % not offended. I'm impressed!
Re:How to tell whether you are infected (Score:5, Insightful)
This just offended or confused 90% of the MAC users
If you think 90% of Windows users are any less confused by the "Command Prompt", you have not had to give them technical support.
Re: (Score:3)
Re:How to tell whether you are infected (Score:5, Funny)
This just offended or confused 90% of the MAC users
The fact that you wrote Mac as MAC offended or confused an even higher percentage of Mac users.
Re:How to tell whether you are infected (Score:5, Insightful)
Not to mention the network technicians.
Re:How to tell whether you are infected (Score:5, Insightful)
However, I have to disagree with you on one point:
The fact that single instances of Mac malware get so blown out of proportion, STILL, is ridiculous.
I don't think it's blown out of proportion, and, rather than being ridiculous, I think it's essential. Mac users generally share a believe that their computer "just works" and that they don't have to be concerned with-- or even aware of-- security. For the good of the community, that should be corrected.
Re:How to tell whether you are infected (Score:4, Interesting)
Also, no sensible person ever said "Macs don't get [infected/hacked/whatever]."
Actually, Apple writes [apple.com] quite a few things that make me (and I'm a Mac user) cringe. For example:
Download with peace of mind.
Innocent-looking files downloaded over the Internet may contain dangerous malware in disguise. That’s why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, OS X alerts you, then warns you the first time you open one.
Yeah, when you download a file and click on it, a dialog pops up that tells you that the file was downloaded from the internet and may be dangerous. That's all. And after you had to click on that a couple of times for harmless files of all sorts, you just click on it automatically. And, boom, trojan infection ...
Re: (Score:3)
There's not really any way to protect users from themselves. If a user is technically able to download and install unknown applications, then the user can fall victim to a trojan.
The only question in my mind is whether it's a good implementation-- making it prompt you too often will result in users always hitting "OK", so you have to use this sort of thing judiciously. That was the complaint about the early implementation of UAC in Vista. It prompted you *constantly*, and so it was both annoying and ine
Re: (Score:2, Funny)
You know, when you claimed that "no sensible person ever said, "Macs don't get infected"...", I got a little ticked off, because based on my experience, it seemed that NEARLY ALL Apple users had claimed this.
Then I realized, we're both right.
Re: (Score:3)
Another simple precaution Mac users can take is to make sure they are not
Re: (Score:3)
Yes.
From instructions here: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml [f-secure.com]
It basically boils down to running two commands in Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If both of those come back as "The domain/default pair ... does not exist" then you are ok.
Although even easier, if you have MS Office 2008, MS Office 2011 or Skype installed you are not infected - the Trojan checks for these (for
Re: (Score:2)
Making it look like a Flash install is sneaky - because they pop-up uninvited. I've got everyone I know to not install Flash on Safari, and only use the one packaged with Chrome.
Ah so. The trojan actually presents an install dialogue? Funny how this isn't mentioned in TFA, which to me sounds like it is tinged with propaganda. Macs aren't perfect, but the simple feature of asking the user for his or her password at the right time is likely worth more for security than many of the subtle kernel protections referred to here.
Fight over the definition! (Score:4, Insightful)
Re: (Score:3)
Not quite accurate. A Trojan Horse is malware of any type that gains privilege by misrepresenting itself as something else, so the user will authorize it.
That said, can we PLEASE go back to calling them Trojan Horses and not Trojans? I don't want to keep thinking of condoms while talking about computer security.
no more Spirit of Steve protection? (Score:3, Informative)
it used to be magic pixie dust protected Macs but in the last 6 months i've been using the Spirit of Steve
time to find some new protection
Re: (Score:2)
Java update does it.
It's not apple's fault... (Score:4, Informative)
The users just surfed wrong.
But seriously, Apple screwed the pooch really good on this one. Looks like it's time that their corporate culture goes through the same "trustworthy computing" initiative that Microsoft went through over the last few years.
Re: (Score:2)
It's their own fault, instead of using sun java, they used their own java and that has caused headaches for nearly a decade as they have ALWAYS been behind.
Re: (Score:2)
Why IS that anyway? Was it because Apple insisted on rolling their own, or because Sun wouldn't make one?
Re: (Score:3)
Looks like it's time that their corporate culture goes through the same "trustworthy computing" initiative that Microsoft went through over the last few years.
They've been adding [tuaw.com] security to their system [tidbits.com] for a while now. You may not remember, but back in the day Microsoft security was extremely bad. Everyone running as Administrator was merely one symptom. OSX has had separate user accounts from day 1.
Re: (Score:3)
Perhaps not waiting for 6 weeks after everyone else had already patched the code?
Until Apple formally hands over management of their version of Java to the OpenJDK project, it's still their responsibility to patch vulnerabilities in a timely manner.
This is only going to get worse. OSX's overall virus protection is quite good and IMO is, at worst, on par with Microsoft's best. But that's only because Microsoft started so far behind that they've only now caught up. But in many aspects Microsoft is starting
Detection and Removal Info (Score:2, Informative)
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
Check if you're infected (Score:2, Informative)
Gizmodo's article shows how to determine if your machine is infected. http://www.gizmodo.co.uk/2012/04/mac-flashback-trojan-find-out-if-youre-one-of-the-600000-infected/
now (Score:5, Interesting)
Can we please end the madness where people claim that since an OS is a variant of unix it can't get a virus? Users do stupid things, stupid things have consequences, doesn't matter the make of the car you are driving if you are a drunk moron soon enough you'll crash into something. Similarly if you are a horny moron eventually you'll browse to a site that will find a way to get you to install some junk that will trash your computer all in the name of some desperately needed friction motivation.
Re: (Score:2)
Looks to me like this was entirely Apple's fault. It was a known exploit for Java, and Apple just didn't get around to releasing a security update with a patched Java.
Re: (Score:3)
Can we please end the madness where people claim that since an OS is a variant of unix it can't get a virus?
It does not help that Apple itself is telling people that their OS will protect them from malware:
https://www.apple.com/macosx/what-is/security.html [apple.com]
Re: (Score:2)
That's because they generally *don't* get VIRUSES (see what I did there?). The security settings on unix based systems are usually more strict than on windows machines.
That being said, there is no system in the world that can block a TROJAN (which is what this is) because trojans don't target computers, they target the users. It would be like someone living in Fort Knox, but then getting robbed blind because someone came by and said, "I'll give you free pr0n if you let me in!"
That being said, there is no
Re: (Score:3)
Can we please end the madness where people claim that since an OS is a variant of unix it can't get a virus?
Funny, because in this thread I currently see zero (0) fanbois desperately trying to defend Apple wailing "....but its not a virus, its a trojan, and its all Oracle's fault anyhow!" c.f. any number of haters saying "Ha Ha! Macs can so get viruses!!!". Methinks some people are just a bit too desperate to knock Apple.
Actually, although this one is technically a trojan, it sounds quite nasty in that it can apparently [f-secure.com] infect your mac even if you don't fall for the "enter administrator password" dialog. Presum
Haha (Score:2, Funny)
HAHA HAHAHHAHAHAHHA Hahahahahahhaahha
hahahahahhahahhahahahhahahahh
HAHAHAHAHAHAHahahahahahahaha
Yet another Drive By Attack (Score:3, Insightful)
This is the problem with the web. When the first DBI ( Drive By Infection ) happened the code that allowed this sort of thing to happen was not ripped out "with extreme prejudice" and in an old /. post I asked why and there was damn little in the way of a response.
So I ask once again, why has this not been fixed? Why are there so god damn many ways to do this and how come that ability has not been removed?
It seems to me that in the insanity of try to make the browser everything instead of a piece of software that renders text, there is nothing but vulnerability after vulnerability and I really don't see any end in sight since in trying to make the browser do everything it needs more and more access to the core functions of the OS it is running on. How can this not lead to more and more attack vectors?
Re: (Score:3)
Because web developers love those flashy bits. Stuff like JavaScript just offers them too much to not make use of it. And it would kind of be like tossing the baby out with the bath water.
One of the problems with Window for more than a decade has been that explorer could be exploited to gain administrative access, even if the user didn't normally have that level of access. Explorer was a core part of how Windows worked and so they couldn't do a whole lot to fix it until they redesigned for Vista.
Personally
Let this be a lesson (Score:2)
No fix for Mac OS X 10.5.8's Java? :( (Score:3)
I would assume so if Apple doesn't support Mac OS X 10.5.x anymore. I hope disabling Java in web browsers is enough since there's no way to uninstall it because Mac OS X came with it. :(
Re: (Score:2)
So, Linux has NEVER had a java exploit?
Re: (Score:3)
Wrong.
Here, step by step directions on how you can make one:
http://www.offensive-security.com/metasploit-unleashed/SET_Java_Applet_Attack [offensive-security.com]
As I said, there is no such animal (Score:3)
Re:Linux (Score:5, Insightful)
And actually I do see linux boxes with old vulnerabilities pretty often. One of the problems with OSS is that updating often breaks libraries... which if you have compiled 3rd party software installed can be a real barrier to updating. We have one machine that has not been updated with any patches for 2-3 years now because they will break installed apps.
Re: (Score:3)
Unfortunately 'sandboxing' sometimes requires so much of the system that the only solution is to set up a VM, which puts you right back in the 'old distribution' category'
Re: (Score:3)
Which gets back to the issue with OSS in this specific domain. OSX and Windows do a pretty good job of maintaining backward binary compatibility. You install an app, that app will probably keep working across many updates. OSS tends to assume that you have the ability to rebuild form source or your app is being m
Re: (Score:3)
I hope for your sake that you're not living in Arizona.
Re:It doesn't get PC Viruses (Score:5, Insightful)
OSX has not had a single virus in the wild since its introduction. The first person to get a virus to spread from machine to machine on OSX will be world famous. And it's not like people don't try.
Viruses are self replicating code that spread themselves via the network or sneakernet. Since OSX, Linux, Solaris, FreeBSD and all other sane OSes strip the execute bit from files coming in off the wire, this is a major hurdle to get over, and is why virus and worm propagation on OSX, other Unices, and Unix like OSes like Linux sucks.
This was a trojan. Trojans are different. They typically need to trick the user into installing them, and they do not self-propagate.
But the distinction is lost on people, such as yourself who refuse to believe there is any difference between the Bagel worm and a program that tricks the user to deltree c:\*.* or rm -rf /*
With that said, there is a way to make certain well-behaved Windows viruses and worms spread cross-platform, and that is to run wine. But then the requirement is that the virus or worm be well behaved and not depend on undocumented Windows features. These are few and far between, and even then, it runs in userspace and the cure is to rm -rf .wine.
"even if you want to write a virus for iOS you can't" and "there is zero malware in the app store".
That's because your code is up for review if you want Apple to sell your program for you in the Apple store. They check it for bad stuff and vet the program. The Apple Store is much like the trusted repositories you see in the Linux world. The repo system for Linux has proven time and again this is a good way to go. The only difference with the Apple store is that there is only one repo, theirs.
>implying that third party software vulnerabilities are suddenly the OS vendor's fault
This is not even true in the Windows world. Nobody blames Microsoft for an Adobe Reader or Flash vulnerability. Adobe certainly does attract enough blame themselves.
--
BMO
Re:It doesn't get PC Viruses (Score:4, Insightful)
I said [trojans] do not self-propagate.
You said Sorry to break your bubble, but this was a drive-by exploit using a hole in Java.
That's not self-propagation. It also pretends to be a Flash update. That's not a virus. That's a trojan.
Hope this helps.
--
BMO
Re: (Score:3)
examine the claim of 600,000 infections?
F-Secure say that each infection uses the MAC address as a unique User-Agent, so it's easy to count individual infections.
I'm more than a little skeptical about the distribution of infections.
Yes, that is interesting. The register reports that Dr. Web only managed to compromise and "sinkhole" one of the Command and Control servers, so they are only seeing one segment of the network (600k is therefore the lowest bound). Dr. Web say "Over 550 000 infected machines running Mac OS X have been a part of the botnet on April 4. These only comprise a segment of the botnet".
Flashback
Re: (Score:3)
Re:User accounts (Score:4, Informative)
A bootable image is just an OS X install disc. If you lost yours, you can get one off eBay (or copy it from someone). As soon as the installer starts, you have an option of restoring a time machine backup. It was quite easy last time I tried it (1 year ago or so).