First Scareware For the Mac

I Don't Believe in Imaginary Property sends us news from F-Secure of what they claim is the first rogue cleaning tool for the Mac. MacSweeper is a Mac version of Cleanator, hosted from a colo somewhere in the Ukraine. The article points out that the company's About page is lifted verbatim from Symantec's site. With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years. The F-Secure author adds as a footnote that a journalist said to him something you don't hear every day: "I visited the macsweeper.com website. I know I probably shouldn't have but I used a Windows PC so I knew I wouldn't get infected."

gamespot gave it 11 out of 10

[User 956]

With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years.

I didn't realize Kane & Lynch had been announced for the Mac platform

Not the smartest journo

[MLCT]

The journalist should have visited using a linux livecd. If the site hosts mac malware then it is a pretty good bet they already have established "businesses" in the field of windows malware.

Re:Not the smartest journo

[Chyeld]

Real security experts telnet to port 80 and hand craft their HTTP requests. It's the only way to be sure!

Re:

[Max Littlemore]

Real security experts telnet to port 80 and hand craft their HTTP requests.

Pffft. Noone who knows anything about security uses telnet anymore.

Really real security experts ssh to port 80 and hand craft their HTTP requests.

Re:Not the smartest journo

[somersault]

at 56000 baud

Re:Not the smartest journo

[Gideon Fubar]

you can't get 56000 through an acoustic coupler..

Re:Not the smartest journo

[halcyon1234]

you can't get 56000 through an acoustic coupler..

Who needs that newfangled junk. I can whistle at 56k, and do the binary in my head

Re:

[ookabooka]

You know, in order to send 56K over the phone line you must have a digital hookup on the other end. So dial up customers can receive data at 56K because AOL or whoever has a digital hookup to the telco, but you can only transmit at ~33K. Aliasing frequencies and all that. I highly doubt you can transmit at 56k with an analog channel. Nonetheless, I'd like to see a benchmark of your. . erm. . mouth?

Re:

[hdparm]

through snow

Re:Not the smartest journo

[Phroggy]

Get off my lawn!

Re:

[jellomizer]

In theory if there is a vulnerability in the Live CD that will allow software to run as root (Which such vulnerabilities existed in the past and may still exist) Then once code is loaded as root it will mount your physical hard drive check to see what OS it is and install whatever code you want on the file system bypassing your actual OS Security Features and Anti-Virus and Spyware code. It could be darn devastating.
You will be much safer if that Live CD Loads and then Virtualized an other Linux Distribu

Re:

[pilgrim23]

Remember the Brit "journalist" who posted his own data to prove ident theft a hoax? Sounds like this fellow attended the same training seminars...
as to the crapware: gosh and golly gee! Now that I have expressed apropriate concern let us move on...

Re:

[Angostura]

Clarkeson is a presenter and columnist - not a journalist.

Re:Not the smartest journo

[MrKevvy]

re: "If the site hosts mac malware then it is a pretty good bet they already have established "businesses" in the field of windows malware."

If the site was detecting the user agent or using some other method of determining platform and delivering targeted malware based on it, I doubt they would have also been delivering a fake Mac scan to a Windows browser as they did in the article.

Re:

[Mr. Roadkill]

If the site was detecting the user agent or using some other method of determining platform and delivering targeted malware based on it, I doubt they would have also been delivering a fake Mac scan to a Windows browser as they did in the article.

Depends on their intentions, and they could have different plans for different targets.

With Mac users, their intentions might be to sell a product to remove a problem that the user doesn't have... or to give them a problem that can be removed through the purchas

Isn't any "cleaning tool" rogue on a mac?

[Anonymous Coward]

The category of "cleaning tools" was rather dodgy even before the trojaned ones started showing up. The notion that getting infected by god knows what, running a little wizard, and being all ok again is insane. Both the notion that one can reliably detect malware that has already had time to romp with your system and the idea that infection is so routine that there should be tools to be run every few days for it are pretty gross.

And now we have an example of this fine species showing up on a platform that doesn't really have malware. How could anybody trust a cleaner for a platform that doesn't, as yet, need cleaning?

Re:

[moderatorrater]

It's been my experience that 90% of the PCs that require cleaning got in that state because the owner's installed something they shouldn't have. In a way, this program is attempting to create an environment where one would be needed.

Re:

[Anonymous Coward]

The category of "cleaning tools" was rather dodgy even before the trojaned ones started showing up. The notion that getting infected by god knows what, running a little wizard, and being all ok again is insane.


Well, the notion that Snake Oil sold by a carnie could cure you of Quinsy and Polio and whatever else people back then suffered from is pretty crazy too, but people bought it in droves. Heck a few years ago I remember being in a health food store and seeing a large jar of shark cartilage pills next

Re:

[Atlantis-Rising]

I dunno, I'd say some recent switchers from Windows to Mac ("average" users, not the Slashdot know it all types) might feel a little naked without their antiviruses and all that. It's almost understandable, seeing as they've had years of conditioning that everything they do invites trojans and viruses. Kind of like how a New Yorker who moves to the suburbs is amazed he doesn't have to lock his car doors.

Which is ironic, because just as you should still lock your car doors in the suburbs, the principle of de

... and here's a Linux one.

[EmbeddedJanitor]

#!/bin/sh
rm -rf /

The point being that if you do dumb shit on any computer you can break stuff.

Re:

[TheLink]

I don't know about you, but most users running that on their desktops would be rather upset if they leave that script running long enough to wipe much of their home directory (backup backup backup :) ). On Linux desktops, most files owned by root are usually from the distro and can be reinstalled.

A similar script could have backgrounded and not shown any errors or warnings. In fact a deviously written perl script could do so many things it's not funny (and would work fine on modern Macs and Linux).

I use bot

Re:

[robi2106]

How could anybody trust a cleaner for a platform that doesn't, as yet, need cleaning?

Because good is dumb.

I just checked with linux

[Nikademus]

I just checked this using a PC with linux and clicking the "free scan' prompted me to download a .dmg program. I somehow doubt the dmg could have been executed on a PC...

Either they changed their website, either the article lies on some points.

Re:

[v1]

I rather doubt a DMG can be executed on any computer... ;)

Re:

[DannyO152]

Then they are relying on ensnaring a naive user who is running as administrator and has open "safe" downloaded files as preference, which is the (I don't know why) default for Safari.

fixed that for you

[joeyspqr]

"I visited the macsweeper.com website. I know I probably shouldn't have but I used a Mac so I knew I wouldn't get infected."

oh wait ...

Yeah and moon is made from..

[Fri13]

What, you need to download something to your mac and then INSTALL it?

This kind software has be there long time ago and there is nothing new to see here.
Market share is still smaller than GNU/Linux and it is not having this kind problems, wait, it has.

Come back again when F-secure and others have proof for worm or virus what works like windows platform, automatically.

Re:

[moderatorrater]

It's been my experience that 90% of the hosed computers in this world have had something installed that shouldn't have been. This is just the sort of malware that typically plagues windows computers.

Re:

[necro2607]

No kidding, I couldn't guess how many times I've written on Slashdot about how people used to upload trojan-horse programs to my server all the time and try to get me to run it. You know, malicious AppleScripts with a different application icon so it looks like something legit like a text doc or whatever. Except these days, Mac OS is designed with way more attention to these kind of possible "hacks", fortunately.

Re:Yeah and moon is made from..

[willyhill]

Come back again when you understand how Windows machines are largely compromised. Crapware vendors don't need to wait for the next IE vulnerability to target people, all they need is social engineering and lack of common sense. The last few major botnet herding attacks have been perpetrated like that. The fastest-spreading worms have been perpetrated like that. Coming a close second is exploiting vulnerabilities that people can't be bothered to patch. Yet all of this has somehow become Microsoft's fault, but in this case I guess it's the user's fault, right?

Idiocy can and will spread happily across platform boundaries. It really does not matter what OS you are using. And this article proves it. It's just that until now Windows was losing by the weight of sheer numbers. It has more vulnerabilities, sure. But those are irrelevant to the people who make big $$$ compromising machines. They simply don't need them.

Re:Yeah and moon is made from..

[postbigbang]

Your comment is somewhat disingenuous. For argument sake you can cite that there are probably an equal number of stupid people buying Macs and PCs, by percentage.

Now take a look at the architectures. A dozen years of Windows since Win95 has only progressively made Windows more secure, and while better than before, still full of a superfluity of exploits (for differing reasons, again, not counting user "stupidity"). You have to do a lot of work to iteratively get past the gatekeepers in both operating systems; it's not as trivial an exercise as it once was; all the really wide-open machines are 0w3d by someone by now.... as part of a botnet.

Given a 5-10% of the market for Apple, depending on whom you believe, you're only now seeing a MacOS ruse. Think about that for a moment. Think about both motive and opportunity. Motive we understand. Opportunity hasn't been very strong until now. The weapon? Two decades in to desktop operating systems (three if you count CP/M, UCSD Pascal and so on) we're only now seeing a MacOS exploit. A common denominator among the exploitable: stupidity. Now let's scratch off stupidity and talk about architecture. It's not Microsoft's fault that they used a root-level database (the 'Registry') that could be twigged by any user-mode app in pre-XP SP2? Hmmmm. Or the mindless ways that people found to explode IE? Or the TCP/IP stack? Or how long it took to get a WEP-128 parser and still longer for a WPA parser? Microsoft's sloppy code created an industry, one to fix the code, and another to exploit it. They didn't take security seriously, then paid it only lipservice. They're paying the price in disrespect for not being respectable!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[postbigbang]

Rather than exacerbate a flame war, I'll disclaim your belief. You're obviously an expert.

Re:

[postbigbang]

User idiocy aside, the inherent architectural differences, not the sheer number of idiots IMHO, have made Windows a vulnerable target at many levels. In a perfect world, we would train people on using things before we let them loose with them. But we don't.

For this reason, until four years ago (Windows early XP era), Windows and its myriad faults were untenable. MacOS X, by contrast, at least warned people before they were about to get a knife stuck in their operating system. FireFox, Mozilla before it, S

Re:

[v1]

Wow I think I invented TFA's idea of malware, I did this YEARS ago. Lets see if I can remember my leet skillz...

10 INIT A

wow, I can't believe I remembered that.

This is about the caliber of the "malware" on this site. Though I wonder if apple will react by pushing out their first clamav update?

Re:

[Nossie]

ahhh shit, how did this comment get here?

whoever thought this was aimed at you.. it wasn't... *rolls his eyes*.. now I need to hunt him down again.

Re:

[Nossie]

Ahhh for some reason it wasn't showing his post... nvm. I was right the first time :P

Looking at the screenshots...

[Lally Singh]

The screenshots seem to show that all it detects are evidence of viewing porn sites. Yes, you can view smut on the mac. Everyone go hide in fear.

Unfortunately, this is likely to become more

[ibbie]

common as Macs continue to grow in popularity. Malicious code tends to gravitate towards the largest user base (more targets), and Apple's market share (or perhaps, more importantly, positive PR) is growing at a decent rate. I'm surprised that it hasn't happened sooner.

The same could happen to Linux, (Free|Open|Net)BSD, etc. All it takes is an uneducated* user behind the console, and Linux's drive to take on the desktop makes that all the more likely.

* I mean uneducated in the security sense. You can be highly intelligent, have 3 PhD's, and still not know a thing about what downloads to avoid. We can't know everything about everything, after all.

Re:

[cromar]

The same could happen to Linux, (Free|Open|Net)BSD, etc.

What? A trojan [slashdot.org] on [symantec.com] Linux [symantec.com]? That's crazy ;)

Why Linux and Mac OS will be safe

[Anonymous Coward]

Linux and Mac OS will never get the malware trouble Windows does for a good reason - the communities behind them.

Windows has such a large userbase, there are many shady-looking shareware apps that work just fine and do what they're supposed to. The problem is that Windows has developed a culture of suckiness such that users can't readily tell the difference between a legitimate vendor and illegitimate software. I had a webcam where I had to obtain the driver on a website that looked ripe for hosting malwa

double digits?

[BeanThere]

There are now 10 or more Mac users?

Re:

[BeanThere]

Just kidding, seriously though, I presume they meant millions, but I'm pretty sure we're well past 10 million Mac users? Or do they mean new sales *per year*?

Re:

[BeanThere]

Ah, that would make sense :) But is that percentage of computer sales per year, or total installed base? I presume the former. There are some interesting stats here for anyone interested: http://www.appleinsider.com/articles/07/12/11/apples_leopard_to_boost_mac_sales_while_dell_hp_slump_report.html [appleinsider.com] ... according to that, around 30% of new home computer sales in the US, that's not to be sneezed at.

Re:double digits?

[mcpkaaos]

Practicing your base 2, I see.

Re:

[daVinci1980]

That was my favorite part: "With the Mac's market share closing in on double digits"

Market share refers to the percentage of total install base that are macs [wikipedia.org].

In all honesty, mac has been closing on double digits for the last... well, how long have they been in business?

They're definitely doing a good 'little engine that could' impression, though. Most companies that can only maintain a small percentage of the market place fold. I suspect that the reason Mac hasn't is due to the exceedingly large size and gr

Re:

[webmaster404]

That is true, however when you consider that Apple has much much more then just Macs with iPods, iTunes and just about anything else you can add a lowercase "i" to. Also, because Apple is into both hardware/software even though their marketshare may not increase much, they still get more profits anytime that a Mac user who has a machine that is too old wants to run the newest version of OS-X and spends about $1K to buy a new one and those that do have a machine new enough spend the ~$100 for the newer versi

Re:

[nmb3000]

Most companies that can only maintain a small percentage of the market place fold. I suspect that the reason Mac hasn't is due to the exceedingly large size and growth of the consumer PC business.

If you're making a profit it doesn't matter how many customers you have: you're still in the black. Sure, more customers then means more profit, but usually you hit a wall where you have to cut profits in order to stay competitive. If a company is happy with its single digit market share (what most would call a ni

Re:

[MBGMorden]

You have to understand though: Apple is a hardware company. Their OS and other software merely serve as a way of differentiating their hardware from the generic ones out there. When you look at it from that standpoint (competing against the likes of Dell and HP, not against Microsoft), Apple has a huge portion of their market and is doing quite well.

Eee PC outselling Apple

[flyingfsck]

It is funny, but Asus expects that the little Linux based Eee PC (typing this on one!) will outsell the Macintosh this year.

First Scareware?

[Macrat]

I thought Symantec released the first Scareware for Macs?

Contact Us page changed already

[caseih]

Looks like they read slashdot. Their "Contact Us" page is already edited now to remove the text copied from Symantec. Now the page doesn't say much of anything at all. No phone numbers, no addresses. Just a bare e-mail address. Hard to believe how scam artists can operate out in the open these days.

Okay, smarty-pants...

[ciaohound]

... any recommendations for the following:

Real cleaning software for the Mac, that you've actually used and deemed worth continuing to use?
Best web sites to learn about Mac security?

Re:

[pikine]

Real cleaning software for the Mac, that you've actually used and deemed worth continuing to use?

sudo rm -rf /

(cue after 10 seconds) Just kidding.

Re:

[theurge14]

I have on freeware app I use periodically. It is imaginatively called Maintenance [titanium.free.fr] and appears basically to be a front end for built in Mac OS X scripts the system already uses, but also allows you to do things like clean caches and such. It isn't really necessary, but I do like that it helped me determine that my HFS++ volume had some header corruption and advised me to reboot from my Mac OS X install DVD and run a disk scan. It did and it repaired the headers and now the disk access is just as fast as t

Hi i'm MacSweeper Developer, listen to me

[MacSweeper]

I would like to explain all the situation, about MacSweeper. We are really trying to make a good software, and you wont find any viruses/spyware/trojans/malware in MacSweeper (test it your self, if you don't believe me, you can use any type of firewalls, dissemblers, or other tools) . The problem is that we are using selling partners that forces us to use this marketing type. We would like to leave them, we don't want to completely destroy Good Name of MacSweeper application.
Personally I adore Mac Platform, and it hearts to here that the program you wrote is said to be some kind of "Rogue application" , i wouldn't like to destroy good manners of software written for it :((
I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application.

You can ask Questions, and i will try to answer them! Thank You!

Re:Hi i'm MacSweeper Developer, listen to me

[Lewrker]

Dear Sir,
thank you for make clear mistake. I find myself have found an inheritance of 50 BILLION DOLLARS (AMERICAN). I rely my confidence on your arm in relate your website macsviper.kom be legitimate business as of identity yours will be made clear as mine is, for this I will need your kindest help with transfer five hundred dollars of administration price, for which of as of now I am not in relation available.
Sincerely yours,
Ba Ba Baa, Nigeria

Re:Hi i'm MacSweeper Developer

[ncryptd]

Well... a quick disasm of your binary doesn't show anything blatantly malicious, which is good... but I also don't see anything really useful. Pretty much everything your program does (and much, much more) can be done with OnyX. For free.

Oh, and you mis-spelled "purchase" in two methods in MacSweeperDaemon. ;-)

(void) purchaise
(void) purchaiseThread

I also noticed you left a somewhat interesting TODO list [pastebin.com] in the app bundle.

The binaries have references to KIVViSoftware throughout them -- you wouldn't happen to be one and the same with these guys [kivvisoftware.com], would you?

Disclaimer: I didn't find anything blatantly malicious -- but I only took a quick look. Given the folders that it tinkers around with, any bugs could do some damage to your Mac, so be careful.

Re:

[mzs]

Oh dear LORD if this app will be deleting files in such a manner you will break SO MANY things. Just do the honorable thing, pull it before it does serious damage.

Re:Hi i'm MacSweeper Developer, listen to me

[MacSweeper]

Expecting you to be, next question.

Satisfaction guarantee!

[flyingfsck]

SATISFACTION GUARANTEE: Shop safely at MacSweeper.com with the MacSweeper 100% satisfaction guarantee. If for any reason you are not happy with your purchase, simply contact our customer support staff within 30 days, and we will refund 100% of the purchase price with no questions asked. At MacSweeper.com your security and satisfaction come first. If you're unhappy, we're unhappy... then MacSweeper's unhappy. And, that just simply will not do.

Copyright 2007 MACSWEEPER.com.

infection

[Tom]

I know I probably shouldn't have but I used a Windows PC so I knew I wouldn't get infected."

Right, because a baddie trying to infect your Mac will absolutely not ever get the idea to put some IE exploit on his page as well, just for good measure, you know?

Stupid, meet journalist, your brother.

Re:Cross platform spyware!

[Shados]

Write Once, Piss People Off Everywhere?

Re:the shit hits the fan!

[necro2607]

Yeah the difference is, you can't get spyware installed on a Mac by clicking a banner ad in a browser. The software doesn't even have permission to do software installation, so it would be asking for a password (unless some unknown vulnerability is exploited). Frankly if you're entering your password for your computer when some arbitrary website asks for it, you've already got have way worse problems than spyware on your Mac.

Re:the shit hits the fan!

[sqlrob]

It doesn't take special permissions to put stuff in ~/Applications. It's not done by default, but some users do do it, and Finder supports it.

Or heck, just put it on the desktop where the user can click it. No special permissions needed. Most .Apps don't need an installer, nor need to be in /Applications.

Re:the shit hits the fan!

[jmauro]

But the Applications folder does not run as root, but as the regular user. The malware can only screw up the current users session, it cannot access or modify anything that needs root permissions without asking for the root password. Without root, malware is annoying, but not difficult to get rid of.

Re:the shit hits the fan!

[GaryPatterson]

Yes, but if you ask a user what they care more about - the OS or their data - you'll find few who care that they'll have to reinstall the OS. It's an irritant, but easily replaced from the source media.

Our data is far more critical, making the ~/Applications folder (or the ~/Desktop folder) a dangerous place for executables.

Of course, in these enlightened days we all have regular backups now or Time-Machine-enabled external drives. Hmm...

Re:

[BeanThere]

True, although most malware that people actually have to worry about doesn't delete your data. Most commonly, the intent is to deliver popup ads, or steal e.g. credit card info or logons when you order stuff or do banking online ... I think these are probably the most common hazards. I guess to do that on a Mac, malware would probably have to at least modify Safari in some way, I'm not sure if an ordinary user logon can do that.

Re:

[sqlrob]

Depends on what version of OS X you're talking about. Drop something in ~/Library/Input Managers in Tiger and below, and every cocoa app is infected when you run it. Or put something in ~/Library/LaunchAgents and watch for Safari and inject code (non-root for PPC only,special group or root for Intel). Or rewrite plugins residing in ~/Library/Internet Plugins...

With some more thought I can probably come up with a pile more.

Re:

[Taevin]

I keep seeing people posting this concept... I have a hard time understanding it to be honest. Let's take a (very simplistic) look at Windows vs. OS X (and yes, I am aware you can make Windows nearly as secure as other operating systems, but I'm looking at base install here): Windows:

• User Data: not protected
• System Data: not protected

OS X:

• User Data: not protected
• System Data: protected

Ok, sure, OS X is not perfectly safe. Clearly it is the better choice though in terms of protecting system data.

Re:

[Kalriath]

In Windows, if you're running as a limited user (or are using Vista with Protected Mode on) then your system data is protected too.

Re:

[willyhill]

The malware can only screw up the current users session

I'm sure people care more about the contents of their /bin folder (or whatever passes for that in OS X) than the graduation pictures of their kids and their tax returns. So I guess that's OK. The OS was never compromised! Incidentally, you don't need root to turn a machine into a spam-spewing zombie. On any OS.

it cannot access or modify anything that needs root permissions without asking for the root password.

Well then, it will just ask for the ro

Re:

[Tacvek]

I'm sure people care more about the contents of their /bin folder (or whatever passes for that in OS X)

For the record, there is a /bin folder, but that is only for the low level Unix style tools. The main applications can be located anywhere in the hard-drive, but are most often kept in /Applications. Of course the bundle system that the apps use make browsing the installed applications as easy as browsing the /Applications folder, which is why there is no real need for a statr-menu like system. The Dock and desktop can hold shortcuts to the most commonly used applications, otherwise, you just browse /Appli

Re:

[crabpeople]

"Without root, malware is annoying, but not difficult to get rid of."

Maybe im just an expert on windows malware, but pretty much all of them install as root and they are for the most part not difficult to get rid of. You just have to learn where things can hook into, and have some common tools by your side. For joe user, I would argue that its just as difficult to delouse a PC or a mac. What about a polymorphic spyware that drops copies of itself everywhere, renaming itself randomly to mimic user created f

Re:

[webmaster404]

The thing though is, in a Unix-like system (like Linux) or a Unix system (like OS-X) the person logging in does not have root capabilities (or at least shouldn't) and thus keeps the possibility of attack low. In addition, Linux (OS-X can be configured to) have a centralized repository where most users download their programs that the source has been scanned for presence of malicious code (OS-X's version is called Fink I believe) this is one of the main reasons there is little malware for Linux, OS-X though,

Re:

[Mordaximus]

Exactly! There are too many Mac users all smug with the notion that their OS is super secure. Which is true, the system is secure - but the user is not. The first time they ignorantly run a malicious app that clean out the contents of their home they'll likely learn the distinction though.

Personally I've never fretted over having to reinstall an OS. I typically clean install with every major release. What I dread is losing my data.

Re:

[v1]

It doesn't take special permissions to put stuff in ~/Applications. It's not done by default, but some users do do it, and Finder supports it.

Actually it does. The /Applications folder is owned by root, and it is grouped to admin. Other has only read access. If you want to write to /Applications you have to be a member of admin, which is usually identical to the list of sudoers. Although probably 70% of accounts on macs are admins, (less than the 99% of windows...) not everyone is. If you are a parent

Re:

[sqlrob]

Did you read my comment? I did not say /Applications. I said ~/Applications

Re:

[sqlrob]

This is how I normally run. Unfortunately, it is buggy and still not completely effective. There are those user based locations I mentioned in other comments. Even worse, when you drag into /Applications, even after authenticating as the admin user, the permissions are for the current user with full access. So once it's installed, anything else running with your credentials can edit it.

Re:

[acb]

That is assuming that (a) there are no (as yet unknown to you) security holes in your web browser, media plugins, &c., which could be used to execute arbitrary code, (b) there are no (as yet unknown to you) security holes in OSX or any of its components that could be used for privilege escalation, and (c) crackers haven't discovered these and used them or traded them on "zero-day" forums. Which is a pretty big assumption.

Using a Mac is safer than using Windows, though using something like NoScript to di

Re:

[bigstrat2003]

imho, any user stupid enough (in a security sense) to click random banner ads is stupid enough to enter their password when asked for it, on blind faith.

I'm not saying that having a secure OS is an unworthy goal, by any means, but whatever OS is top dog will always be the most plagued by stupid users... and unless you lock them out of the system (which is just going to piss them off), there's nothing that can be done about it.

Re:Wait, why would you even use this?

[NewbieProgrammerMan]

Well, assuming Apple's market share is increasing (which I don't know for sure, just taking it as a given for making my point), some significant fraction of those new Mac owners are former PC owners. Many of these people will assume that all the crapware they "needed" for their Windows machine is just part of owning a computer. It's not that there's a problem with a Mac, it's that a lot of people just don't know any better.

Re:

[webmaster404]

Everything can get viruses that can run code on them. This includes the PSP, Linux, BeOS, the DS, ETC. However it is true that Linux/Unix have a much, much lower risk of malware then Windows.

Re:Oh no!

[webmaster404]

No, it has a couple of advantages.

1. Privileges, an ordinary user can't mess up the entire system. Unless the user is *really* stupid, they are not root and therefore do not have Write privileges on system-critical files. So even if you ran "rm -rf /" as a normal user, you would only lose the files you had access to and not break the system.

2. Most software is installed through a repository. Now, I realize that Mac does not by default (although there are projects to port apt-get and the like to it) but most distros of Linux have a way of installing via the repository.

3. Most first-party OS-X software is at least partly open-source including the key components of the OS such as the Kernel, Browser rendering engine, and some of the other utilities. This adds a layer of protection to prevent programming errors from not being noticed as anyone can look at the code and submit fixes to it. In addition, this adds security by having parts of Safari being looked at to prevent such flaws as drive-by-downloads which were a major problem of IE and a reason many Windows users got infected by malware.

While it is true that if someone really wanted to mess up OS-X or were just plain stupid they could. However, the chances of Unix breaking from normal usage are far far smaller then those of Windows.

Re:Oh no!

[Architect_sasyr]

While it is true that if someone really wanted to mess up OS-X or were just plain stupid they could. However, the chances of Unix breaking from normal usage are far far smaller then those of Windows.

You need to meet some of my designers. I spend more time rebuilding OS X machines and correcting privileges than I do with the windows users... incidentally this never happened on the OS 9 installs, so the additional power that having a Unix system around can give is actually what is causing me and my users the most grief here.

Your comments on OS code, whilst quite valid, are actually rather incorrect. Something that a lot of people seem to fail to remember with open source code is that the code IS available IF you wish to look at it. Personally I've never gone near the Kernel code, so I wouldn't have a clue if it is secure or not (perfect example of this: Firefox).

My $0.02 AU, Ignore at will.

Re:

[webmaster404]

For your seeing more OS-X machines, I think part of it could be the popularity of OS-X is way more then OS-9 ever was, and yes Unix sometimes is tempting to mess around with mostly with the strange names for files (fstab anyone?) that although are nice on a command line look obscure when looking at it in a GUI. But then again, I don't know your situation but if it is computer repair, part of it could be the Windows users who are so used to coming in for repairs switching to Macs and lacking the Mac or Unix

Re:

[Architect_sasyr]

I don't know your situation but if it is computer repair, part of it could be the Windows users who are so used to coming in for repairs switching to Macs and lacking the Mac or Unix skills to fix problems.

They're designers... they've been using Mac since before I was born. They also tend to stay away from the command line (that Terminal.app thing scares the hell out of them whenever I fire it up). The popularity has nothing to do with their usage of the system, as they were fine using OS 9 before hand.

Re:

[MachineShedFred]

As an administrator of 100-odd macs myself, used in advertising design and textile design, let me give you a foolproof recipe to making your life 95% easier:

1 Mac OS X Server, configured with all users in Open Directory, and policy to lock out users from system preference panes they have no business being in

1 FileWave server for application deployment and file integrity checking, obtainable from www.filewave.com (note, this will cost money, but will pay for itself the first time you don't have to reinstall

Re:Oh no!

[Garridan]

As a linux user, I am under no delusion that my system is "more secure" than a windows box or a mac.

For me, the worst thing that can possibly happen, is somebody destroys my home directory. Ok, that's easy, if a virus is logged in as me. If they hose my system, so what? I can always re-install linux, that isn't a problem. There aren't any other users. I allow myself access to the internet and to email, so if a virus starts spamming the world, well, that isn't stopped by security policy either.

What you're talking about is a linux server. There, it's hard to root the machine and cross-infect, sure. But what spreads viruses the most these days is users downloading shit in email and not knowing that their browser just executed something. Linux is *not* more secure. *I* am a user am less prone to viruses because I maintain a strict policy of which sites I use each browser for, where I take cookies from, and I browse sketchy shit only inside vmware and restore from a clean image frequently. But I'm still vulnerable to all sorts of attacks -- if google pushes an ad with linux-targeted malware, for example.

If you think linux is somehow inherently virus-proof, you're deluding yourself. Using linux on the desktop is the same as using any other desktop system -- if somebody else knows how to make an executable for your system, it's probably vulnerable.

Re:

[Just Some Guy]

I maintain a strict policy of which sites I use each browser for, where I take cookies from, and I browse sketchy shit only inside vmware and restore from a clean image frequently. But I'm still vulnerable to all sorts of attacks

I understand that meth addiction is difficult to kick, but I urge you to please consider it for your health, both physical, and - particularly - mental. With time the paranoia will subside and you will be able to return to rational, productive behavior. Remember, we're here for you.

OpenBSD is more secure...

[emil]

...here [openbsd.org] is why:

• strlcpy() and strlcat()
• Memory protection purify
  • W^X
  • .rodata segment
  • Guard pages
  • Randomized malloc()
  • Randomized mmap()
  • atexit() and stdio protection
• Privilege separation
• Privilege revocation
• Chroot jailing
• New uids
• ProPolice
• ... and others

Re:Oh no!

[dryeo]

1. Privileges, an ordinary user can't mess up the entire system. Unless the user is *really* stupid, they are not root and therefore do not have Write privileges on system-critical files. So even if you ran "rm -rf /" as a normal user, you would only lose the files you had access to and not break the system.

So you figure it is better to only lose your home directory containing everything you care about, email, pictures, personal documents, all your settings like bookmarks etc. As long as the rest of the system, which is easy as hell to reinstall, is not compromised?
As a desktop user I severely disagree, I'd rather lose everything but ~ and if I'm stupid enough to run malware that malware will have the necessary permissions to delete everything I care about.
And about opensource being better because people can look at it and find vulnerabilities. Have you ever looked at the Mozilla code? Lots of people have and yet regularly there are new exploits found, some that have been there since the browser was called Mozilla.
I monitor a few open source applications mailing lists and often when a security vulnerability is found, it has been there a long time. How many more are lurking in that mess of C++ code?

Re:Oh no!

[Tsiangkun]

I'd prefer to focus on the ZERO self propagating pieces of malware in the wild.

Re:Oh no!

[bigstrat2003]

Doesn't matter. Stupid users trump all possible security measures (except locking them out of the system for their own good, which isn't really feasible), and there's no shortage of them. Until the programmers can prevent stupid users from infecting their systems, it doesn't matter how damn many malware samples there are in the wild, and you have no right to be smug about the security of your OS.

Re:

[Anonymous Coward]

Until the programmers can prevent stupid users from infecting their systems,

This is an under-appreciated benefit of a less user friendly operating system: fewer "stupid users" will be interested in using it -- at least to any deep extent -- thereby leaving those that do in a safer community.

Re:Oh no!

[novakyu]

Stupid users trump all possible security measures (except locking them out of the system for their own good, which isn't really feasible), and there's no shortage of them.

It sounds like we need a friendly user helper agent that will remind users that what they are about to do could be dangerous for their data and prevent them from performing such actions. I am thinking that this agent should be enabled by default, cannot be deactivated except by calling customer support to get the deactivation key, and to inspire user confidence, it should look like something that they see everyday. Like a paper clip.

Who's snobbish?

[LKM]

While I haven't seen a Mac user claim that Macs can't be infected by viruses, I see morons complaining about supposed Mac snobs in each damn article about Mac security.

I'm not sure who's the snob here, Artie MacStrawman or you, who seems to think Mac users are dumb, deluded snobs.

"registry cleaner recommended"

[v1]

I have a fun screenshot of the Registry Cleaner web page, saying their software can fix problems in my registry which are causing all sorts of problems.

The first funny part is it desperately tries to look like an IE window with a close and cancel button etc which just clicks the download link, which is laughable since the browser is clearly firefox. Then next you notice the apple in the upper left of the screen...

Re:

[Sean0michael]

I'm seeing the same thing FF2/XP, though my URLs don't look any different than usual. For example, my URL for the Scareware article is:
http://it.slashdot.org/article.pl?sid=08/01/15/232258 [slashdot.org]
Not sure what it is, but I think Taco will save the day. He doesn't get to be a Commander for nothing.

Re:

[Jeremi]

This would seem to be yet another argument for ports, apt, etc. I've never feared any of the software installed through those routes.

What if somebody compromised the software repository you are downloading from? Or subverted DNS so that you aren't actually downloading from the server you think you're downloading from? Or simply included a subtle back door in their app, and waited a few months/years for it to spread before using it to launch an attack?

I'm not saying these things are likely, but I don't see