First Scareware For the Mac 301
I Don't Believe in Imaginary Property sends us news from F-Secure of what they claim is the first rogue cleaning tool for the Mac. MacSweeper is a Mac version of Cleanator, hosted from a colo somewhere in the Ukraine. The article points out that the company's About page is lifted verbatim from Symantec's site. With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years. The F-Secure author adds as a footnote that a journalist said to him something you don't hear every day: "I visited the macsweeper.com website. I know I probably shouldn't have but I used a Windows PC so I knew I wouldn't get infected."
Not the smartest journo (Score:5, Insightful)
Yeah and moon is made from.. (Score:5, Insightful)
What, you need to download something to your mac and then INSTALL it?
This kind software has be there long time ago and there is nothing new to see here.
Market share is still smaller than GNU/Linux and it is not having this kind problems, wait, it has.
Come back again when F-secure and others have proof for worm or virus what works like windows platform, automatically.
Unfortunately, this is likely to become more (Score:3, Insightful)
The same could happen to Linux, (Free|Open|Net)BSD, etc. All it takes is an uneducated* user behind the console, and Linux's drive to take on the desktop makes that all the more likely.
* I mean uneducated in the security sense. You can be highly intelligent, have 3 PhD's, and still not know a thing about what downloads to avoid. We can't know everything about everything, after all.
Re:Wait, why would you even use this? (Score:5, Insightful)
Re:the shit hits the fan! (Score:5, Insightful)
Re:the shit hits the fan! (Score:5, Insightful)
Our data is far more critical, making the ~/Applications folder (or the ~/Desktop folder) a dangerous place for executables.
Of course, in these enlightened days we all have regular backups now or Time-Machine-enabled external drives. Hmm...
Re:the shit hits the fan! (Score:2, Insightful)
I'm sure people care more about the contents of their /bin folder (or whatever passes for that in OS X) than the graduation pictures of their kids and their tax returns. So I guess that's OK. The OS was never compromised! Incidentally, you don't need root to turn a machine into a spam-spewing zombie. On any OS.
it cannot access or modify anything that needs root permissions without asking for the root password.
Well then, it will just ask for the root password. You're thinking here that the user won't provide it for some reason? They just clicked on a "Punch the monkey" banner, after all.
Re:Oh no! (Score:5, Insightful)
Re:Yeah and moon is made from.. (Score:5, Insightful)
Now take a look at the architectures. A dozen years of Windows since Win95 has only progressively made Windows more secure, and while better than before, still full of a superfluity of exploits (for differing reasons, again, not counting user "stupidity"). You have to do a lot of work to iteratively get past the gatekeepers in both operating systems; it's not as trivial an exercise as it once was; all the really wide-open machines are 0w3d by someone by now.... as part of a botnet.
Given a 5-10% of the market for Apple, depending on whom you believe, you're only now seeing a MacOS ruse. Think about that for a moment. Think about both motive and opportunity. Motive we understand. Opportunity hasn't been very strong until now. The weapon? Two decades in to desktop operating systems (three if you count CP/M, UCSD Pascal and so on) we're only now seeing a MacOS exploit. A common denominator among the exploitable: stupidity. Now let's scratch off stupidity and talk about architecture. It's not Microsoft's fault that they used a root-level database (the 'Registry') that could be twigged by any user-mode app in pre-XP SP2? Hmmmm. Or the mindless ways that people found to explode IE? Or the TCP/IP stack? Or how long it took to get a WEP-128 parser and still longer for a WPA parser? Microsoft's sloppy code created an industry, one to fix the code, and another to exploit it. They didn't take security seriously, then paid it only lipservice. They're paying the price in disrespect for not being respectable!
Re:Oh no! (Score:0, Insightful)
Re:the shit hits the fan! (Score:3, Insightful)
Protecting system data may not be the most important thing in computing, but it's a bit ridiculous to claim it's less important than user data. You're probably right: the affected Joe User probably cares a lot more about his photos that he's procrastinated on backing up for the last 3 years than whether or not his OS is functional. However, I'm pretty sure that the other users on that PC are very glad that they weren't affected by Joe's actions. And let's be realistic here: how often does a piece of malware destroy files wholesale? Save the occasional virus writer that hates the world, most malware creators are much more interested in profit (i.e. getting users to buy something, typically through inserting advertisements).
Re:Oh no! (Score:5, Insightful)
Re:double digits? (Score:3, Insightful)
If you're making a profit it doesn't matter how many customers you have: you're still in the black. Sure, more customers then means more profit, but usually you hit a wall where you have to cut profits in order to stay competitive. If a company is happy with its single digit market share (what most would call a niche) then there's no reason to change anything. If you look at Apple's products (especially their audio division), I imagine they have a significantly higher average profit margin than somebody like Dell.
Re:Oh no! (Score:5, Insightful)
For me, the worst thing that can possibly happen, is somebody destroys my home directory. Ok, that's easy, if a virus is logged in as me. If they hose my system, so what? I can always re-install linux, that isn't a problem. There aren't any other users. I allow myself access to the internet and to email, so if a virus starts spamming the world, well, that isn't stopped by security policy either.
What you're talking about is a linux server. There, it's hard to root the machine and cross-infect, sure. But what spreads viruses the most these days is users downloading shit in email and not knowing that their browser just executed something. Linux is *not* more secure. *I* am a user am less prone to viruses because I maintain a strict policy of which sites I use each browser for, where I take cookies from, and I browse sketchy shit only inside vmware and restore from a clean image frequently. But I'm still vulnerable to all sorts of attacks -- if google pushes an ad with linux-targeted malware, for example.
If you think linux is somehow inherently virus-proof, you're deluding yourself. Using linux on the desktop is the same as using any other desktop system -- if somebody else knows how to make an executable for your system, it's probably vulnerable.
Re:Yeah and moon is made from.. (Score:3, Insightful)
For this reason, until four years ago (Windows early XP era), Windows and its myriad faults were untenable. MacOS X, by contrast, at least warned people before they were about to get a knife stuck in their operating system. FireFox, Mozilla before it, Safari, IE, all of the browsers (sorry Opera, Ieft you out) have been vulnerable to one piece of malware or another. Microsoft's products (and I've been watching them from long before they went public) didn't button down their architecture. The registry has been eminently hackable in user space until XP SP2 locked it down.
Sure there are idiots out there. But that's why we have stop signs, yellow lines on the road, seat belts, and in some areas, vehicle inspections-- so that a common set of operating criteria can be used to insure safety of use.
The use of an open registry, easy access to system files, legacy exploitable executables, all of these cause(d) problems. If you expect civilians to uptake technology, then you have to ensure their safety, and Microsoft didn't do that, both in the quality of their code, and its basic architecture.
Re:Isn't any "cleaning tool" rogue on a mac? (Score:3, Insightful)
Which is ironic, because just as you should still lock your car doors in the suburbs, the principle of defense in depth is just as applicable to any *nix-based OS as it is to Windows.
Both switchers are getting exactly the wrong impression.
Re:Oh no! (Score:2, Insightful)
Re:Oh no! (Score:5, Insightful)
As a desktop user I severely disagree, I'd rather lose everything but ~ and if I'm stupid enough to run malware that malware will have the necessary permissions to delete everything I care about.
And about opensource being better because people can look at it and find vulnerabilities. Have you ever looked at the Mozilla code? Lots of people have and yet regularly there are new exploits found, some that have been there since the browser was called Mozilla.
I monitor a few open source applications mailing lists and often when a security vulnerability is found, it has been there a long time. How many more are lurking in that mess of C++ code?
infection (Score:3, Insightful)
Stupid, meet journalist, your brother.
Re:Oh no! (Score:2, Insightful)
Re:Oh no! (Score:2, Insightful)
Re:Hi i'm MacSweeper Developer (Score:3, Insightful)
OpenBSD is more secure... (Score:3, Insightful)
...here [openbsd.org] is why: