Two Trojans For Mac OS X 326
I Don't Believe in Imaginary Property writes "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user. The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer. Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password."
users (Score:5, Funny)
Let the flamewars begin!
Two Trojans For Mac OS X Users (Score:5, Funny)
One for you, one for your partner.
Re: (Score:2, Funny)
Seriously, OS X is a unix system, so anything that works on it will work also work on Linux. More slashdot readers should be concerned.
Re: (Score:3, Informative)
Thats a stretch, the APIs are completely different, as are most of the system services, the way the kernel works. In fact, most of it is different.
Re:Two Trojans For Mac OS X Users (Score:5, Insightful)
This exploit is done via AppleScript and the Apple Remote Desktop Agent, which should hopefully give you some kind of hint as to why this particular issue is not going to be a problem on Linux.
OSX is certified yes, and presumably some of the basic shell commands will be exactly the same at a source level as in Linux, but in the Linux world patches are uploaded to repositories pretty quickly and users can then download updates immediately. Apple users (of which I am one) have to wait for Apple to release updates, unless they compile everything themself. I don't know if there's an equivalent of apt-get for OSX, I haven't looked..
Then there's the fact that 99.99% (number pulled out of my ass obviously) of exploitable bugs will have already been patched in the common OS level commands by now simply because they are being used in so many different distros. Sure there is the odd high profile bug, I remember one a few weeks ago on /. about a bug in some file listing function, though I don't think it was actually a security risk as opposed to just an annoying bug.
Re:Two Trojans For Mac OS X Users (Score:4, Interesting)
I wrote this a few years ago. Can you see how it works?
#!/usr/bin/perl
use strict;
use warnings;
($,,$",$_,@_)=reverse qw(164 163 165 112),",\n",split '','\ ';
my $music='Art';
my($swing,$rock)=q
s/hacker/performer/; # another creator of art...
my $blues=~/^.(\w+).*#\s(\w+)/;
my $jazz=substr((grep m($music)=>qx($^X$,-v))[$[],$?,scalar @_);
my $pop=eval qq("\\@_");
print $pop, $rock, $jazz, $swing;
print;
ARDAgent on Tiger (Score:3, Insightful)
I've tried the ARDAagent on dozens of different people's computers now and it only worked on Leopard not on Tiger.
Has anyone seen this work on Tiger? If so what's the configuration where it actually works.
It also does not work on most Leopard computers as things like Fast User switching, or having remote desktop turned on (yes on) cause it to fail.
Now as for trojans. Well what can you say. All computers are vulnerable to trojans. The poker game would run on linux too.
in the case of the poker game downl
Re: (Score:3, Insightful)
Has anyone seen this work on Tiger? If so what's the configuration where it actually works.
My wife's notebook runs Tiger, and the exploit worked there. The same set of configurations for which it works on Leopard seem to work on Tiger, too:
User must be logged into the desktop environment (not just logged in through SSH). You must not have used Fast User Switching to log in. ARDAgent must not be running.
All computers are vulnerable to trojans. The poker game would run on linux too.
Yup. Of course, the main reason that Mac-using Slashdotters point to for why OS X is more secure than Windows is that you aren't running as administrator. Seriously, go look at any OS X/Appl
Worst. Trojan. Ever. (Score:5, Funny)
Hey guys, I've got a great new idea for a worm, I'm gonna start a e-mail chain letter that tells people they'll have bad 7 years bad luck if they don't forward the e-mail to 10 friends and send me their root passwords, IP address and their bank account and credit card numbers. It's sure to be a smashing success!
Re: (Score:2)
Are you trying to prove the concept, or something?
Re: (Score:2)
Agreed.
I received a 'proof of concept trojan' in Mac Mail a few days ago. It was an email telling me my university account was being updated and I should reply with my username and password to confirm it was still active.
Fortunately I received a 'patch' shortly after in the form of another confirming my suspicions that the first one was a hoax.
Honest question; aside from advertising for some security company and 'Macs aren't teh 100%%%%% sekure!1' flamebait, what purpose does this article serve?
Re: (Score:3, Insightful)
Re:Worst. Trojan. Ever. (Score:4, Funny)
Just like a Mac fan. Complain that 3rd party Trojans aren't good enough for them.
Re: (Score:2)
Worst. Trojan. Ever.
Oh come on. That has to be the coolest trojan ever. I almost want to give it my password!
Proof of Concept Slashdot Trojan (Score:5, Insightful)
We have detected your Slashdot account preferences have been corrupted.
To fix this, please post your user id and password in response to this message, and one of our customer service operatives will fix your account and recover posting privileges as soon as possible.
Yours Sincerely, Trojan
Re: (Score:3, Funny)
I need my preferences fixed. My password is 12345.
Re:Proof of Concept Slashdot Trojan (Score:4, Funny)
That sounds like a combination an idiot would have on his luggage.
Re:Proof of Concept Slashdot Trojan (Score:5, Funny)
1 2 3 4 5? That's amazing! I've got the same combination on my luggage!
Re:Proof of Concept Slashdot Trojan (Score:5, Funny)
Re: (Score:2)
Prepare Spaceball 1 for immediate departure!
Re: (Score:2)
Re:Proof of Concept Slashdot Trojan (Score:5, Funny)
User Id: Anonymous Coward
Password is blank.
I hope you fix my preferences soon, my karma never seems to go up, no matter how much I get modded up.
Re: (Score:2)
Re:Proof of Concept Slashdot Trojan (Score:5, Funny)
Re:Proof of Concept Slashdot Trojan (Score:5, Funny)
O/T but have you noticed how if you post sensitive information like your password here SlashCode filters it to X's. Very nice idea.
Re:Proof of Concept Slashdot Trojan (Score:5, Funny)
Re:Proof of Concept Slashdot Trojan (Score:5, Funny)
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
<AzureDiamond> you can go hunter2 my hunter2-ing hunter2
<AzureDiamond> haha, does that look funny to you?
<Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
<AzureDiamond> thats neat, I didnt know IRC did that
<Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
<AzureDiamond> awesome!
<AzureDiamond> wait, how do you know my pw?
<Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
<AzureDiamond> oh, ok.
(For those that don't want to copy and paste)
Re: (Score:2)
Well, my password is the prime factorization of my user id concatenated from small to large to one string.
Re: (Score:2)
Hey, nice primes!
Re:Proof of Concept Slashdot Trojan (Score:5, Insightful)
Re: (Score:2, Interesting)
Also, if you already know what will people respond to you, why do you ask your, fairly inflammatory, I might add, question, even if you intended it to be a rhetorical one?
Let me tell you a story. Fresh out of university I got my first full time job. I worked in an office. Worked was actually a bit of misnomer, we were all so bored the guy next to me confessed to being so concerned about not having anything to do he typed ps -aux on his Sun occasionally to 'make shit scroll past when the boss walked past'. Someone else said 'you pop a lot of brain cells working here'.
Everyone wore suits to work, no one did any work as far as I could tell, and no one trusted anyone else. One
Re: (Score:2, Insightful)
Local root is "business as usual" on out of the box Windows, and has been for a long time. (I'm about to be told a nag screen with a silly make-the-background-dark effect is a reasonable substitute for a real security hierarchy. )
J
Re: (Score:3, Insightful)
Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password.
What, is this insinuating that they're going to rudely ask for your password? Because the ARDAgent vulnerability is really easy to patch... you can easily do it yourself and I'm sure Apple will have a patch any day.
But it still comes down to the user. While there aren't any viruses in the wild for MacOS X, there are always going to be trojans for every OS. It's a
Lame (Score:5, Funny)
Apple spin (Score:4, Funny)
iTrojan, custom trojan, personally designed by Steve Jobs' evil twin Rodney Jobs, the UI would be beautiful, white, sterile. Mass infection through Starbucks WiFi.
Re:Apple spin (Score:5, Funny)
Re: (Score:3, Funny)
Re: (Score:3, Funny)
pssst; iSex is called "cyber" and there is NO protection that will stop your 19 y/o female bisexual cheerleader cyber-partner from turning back into the male 45 y/o laid-off McDonald's manager when "she's" done.
Yawn (Score:5, Insightful)
We go through this about twice a year with the same results every time. "Someone" releases a trojan, presumably as proof that Mac OS X has security holes. Then everyone gets whipped in a frenzy and ultimately no one is infected by the damn thing in the first place. Mac OS X does have its holes (some of which are quite unreasonable), but trying to scare the users (in to buying anti-virus software, perhaps?) gets tiring after a while. No one has yet to do anything that matters with these trojans and security vulnerabilities, the real troublemakers continue to target Windows.
Mac OS X's day will definitely come at some point, but if people keep crying wolf every time someone whips up a theoretical and entirely implausible situation, no one is going to believe the security community once some black-hat does finally decide to attack the Macs.
Re: (Score:3, Insightful)
The poker game trojan sounds pretty lame too. The program must be downloaded and run first which pops open a quasi-phishing "error: type your password here to fix" message. Infection vectors seem key to how fast these things spread. Having a file mac users have to manually download first is slow/weak and i doubt the downloaded file would be manually copied to another machine and run.
You'd be amazed how dumb users are (Score:5, Funny)
I swear, some people go out of their way to infect their machines. The one that stands out in my mind the most was a virus for Windows a number of years ago. Came as an attachment in a message that said "Hi I send you the file in order to have your advice." So never mind the bad grammar and such, but before campus got hit we got wind of the thing and sent out an e-mail message to all users saying "Don't open this shit it's bad news." One of the users called in saying she was having problems with e-mail, we came and looked. The "problem" was that she wasn't an admin and so, thankfully, couldn't run the damn virus.
Or somewhat more recently we had a virus that slipped by our e-mail scanner. It did so by sending itself in encrypted zip files, and then putting the decryption key in the message. That meant you had to open the mail, save the zip, open the zip, enter the code, extract the executable, and run it. Two users did just that and got infected.
So while it seems armature to do a "Download this then enter your password," kind of trojan, that shit works waaaay more than you'd think.
Re: (Score:2)
Shortly after that I got a panicky phone call. Apparently they didn't have a working system any more.
Re: (Score:2)
Re: (Score:3, Insightful)
I completely agree with you, and I too think that Mac OS X's day will definitely come at some point, and that will be the time Mac has a bit more market share. At the time being it just doesn't make sense to write a large scale virus/spambot/trojan for the mac platform.
But anyway, just to know that a Trojan is "possible" on the mac should make the mac users aware that if someone targets their machine they are just as vulnerable as a windows user (executing untrusted code locally is just bad on any platform)
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2, Insightful)
I think the point of TFA was to show that these things aren't theoretical and "implausible". Security isn't just about viruses: even if your so-called "troublemaker" virus-writers mostly target Windows machines, if there is a bounty on your Mac, it would be easy for someone to root it (in fact, some parts of the hack would be easier than on windows!).
Re: (Score:2)
once some black-hat does finally decide to attack the Macs
Unfortunately, there are already hundreds of Mac viruses. I have some super-spammed e-mail accounts, that get hundreds of infected e-mails per day, and more often than not, viruses come with ".hpx" extensions and other MacOS file extensions. Ignoring these threats could have severe consequences for a Mac user, if they would click on such file.
... but MacOS X is a Unix system, so the threat would be limited to the current user", but one should remember that MacOS X has a heavily
Someone could say "yeah
Re: (Score:2)
Re: (Score:2, Insightful)
Re:Yawn (Score:5, Insightful)
Re: (Score:3, Informative)
I have been one of the first to point out the same thing in each of these past cases but this is different. We have a scriptable application setuid to root. That's an obvious vulnerability on a sliver platter. What was Apple thinking?
The application in question is NOT suid on my system (Yes, I looked inside the .app too). I think it's likely that a third-party app or framework, like MacPorts or something, is responsible for making the change - "fix permissions" should take care of it - I don't think this is Apple's fault.
Re:Yawn (Score:5, Interesting)
Re:Yawn (Score:5, Insightful)
Except that worms for linux would find most servers on the net vulnerable- do you realize the potential for mischief?
In fact worms for linux were produced.
Re:Yawn (Score:5, Insightful)
Do you have any figures to back that claim up? Most servers are looked after by admins, and any admin worth their salt will at least put their machines behind a firewall, opening up only those ports that are absolutely necessary.
Yes, some will be vulnerable, but as another poster points out the number will be utterly insignificant compared to the number of networked clients running Windows. The target simply isn't big enough to be worth the effort.
Re: (Score:2)
Re:Yawn (Score:4, Insightful)
This made me very sad, and I stopped working in security. I came to the true realization that demolishing a moron's bad work only made the moron build it back exactly where it was. Lazy admins don't fix vulnerability, they make the path around them.
Disclaimer: I've met some brilliant admins in this world. Unfortunately, they were only a handful.
Re: (Score:2)
And server have soemthing called an administrator monitoring them usually
It depends entirely on the quality of the administrator if s/he is able to detect and/or fend off threats.
the amount of linux server compared to the amout of windows client on the net is nil.
That's true in principle, but just one infected server can infect all clients. It's no problem to write a virus that goes from a Windows client to a Linux server, and from there, to other Windows clients. An infected server (if it's a mail server, for instance) can send infected spam e-mail to all the mailboxes easily. An infected web server is even more dangerous, since it can serve infected web page
Re:Yawn (Score:4, Interesting)
You're almost right, but not quite.
Today there is government backing behind state of the art malware, and it is a lot more sophisticated than you give it credit for. Todays black hats are guns for hire, owning vast botnets, often they are only loosely affiliated with government agencies.
The effectiveness of botnets is primarily measured by their ability to infiltrate and function WITHOUT doing any detectable harm. The vast percentage of compromised machines are dormant, and do NO HARM, they are only a very occasionally test fired to assess their operational status.
The primary purpose of botnets is NOT monetary, it is political. They are rarely used to directly make money.
Just take a look at what happened to Estonia for example...
http://www.guardian.co.uk/world/2007/may/17/topstories3.russia [guardian.co.uk] [guardian.co.uk]
Back in the 60's when the components that make up the internet were designed, the main concern was designing a network of computers that could communicate even when under attack during a time of war. Today governments have the exact opposite concern.
The only defense mechanisms that work against todays malware are distributed ones, short of disconnecting themselves from the internet, individuals have no hope, you just simply won't suspect the mechanism that will be used to comprimise your machine.
This is something white hats are only just coming to grips with.
Todays hackers will be looking to gain deep penetration into aspiring OS platforms as early as they possibly can, to ensure they are in there from day one. Macs are easily popular enough to attract the interest of black hats, if you're on any machine directly or indirectly connected to the internet you should be worried about malware, Macs are definitely not immue.
Re:Yawn (Score:5, Interesting)
Even if you think of it, the potential for profit is just too great. If you can harvest 20,000 credit cards, and only take $5 from each one (call it a service charge or something), will the people notice? If you can do it with 20,000, why not a million? Can you not imagine that this would be tempting to people? It is. Horribly tempting.
Another example we had on slashdot here a few years ago was a story about botnets being used to DDOS offshore gambling sites, and then ask extortion money to stop the attack. Here, check it out. [slashdot.org] There are many ways to make money with a botnet. Of course spam is another common way. Hacking is big business.
Re:Yawn (Score:5, Insightful)
Mac's "I need your password" dialog is better done and, more importantly, a lot less common than windos UAC. As such, most Mac users don't roll their eyes and mutter "get on with it already, moron" when it pops up. In fact, when it pops up, I either expected it to, or it surprises me enough that I actually read what it's about.
Re:Yawn (Score:4, Insightful)
Re:Yawn (Score:4, Informative)
Re: (Score:2)
It's not that simple. If you want to attack ordinary people using their home machines (to get their credit card details and so on) attacking OS X would be a reasonably good idea. Everyone has seen those surveys which demonstrate that Mac owners tend to be wealthier than other computer users. Attacking Macs to make spambots, not so much.
It's been 7 years now without any significant threats in the wild for OS X. That's pretty good going.
Re: (Score:2)
Re: (Score:2)
Re:Yawn (Score:5, Funny)
"Maybe a boat of Tahiitian hookers shipwrecks on the island?"
So you're the guy with the device that can read my dreams. Please stop.
Grrr... (Score:5, Insightful)
The ARDAgent vulnerability is pretty serious and stupid, but social engineering is not OS specific. The "poker game" could just as easily be implemented on Windows or Linux.
There is nothing that any OS can do to prevent trojans. (At least not without seriously limiting the functionality of legitimate programs.)
Slashdot's own summarry of the ARDAgent vulnerability included a "proof-of-concept" it is trivially easy to exploit and should be fixed ASAP.
There is no news here.
Re: (Score:2)
Sandboxing could help.
https://bugs.launchpad.net/ubuntu/+bug/156693 [launchpad.net]
Re: (Score:3, Interesting)
However, once you have convinced the user to download and attempt to run the program, it is a short step to getting them to approve administrator access.
By "seriously limiting the functionality of legitimate programs" I was referring to systems such as Bitfrost [laptop.org] which, while providing strong protection against Trojans, also makes certain classes of application almost impossible to implement (i.e. a mass Flickr uploader or an FTP client).
Re: (Score:2)
Screensavers don't normally need network access or access to your personal documents or access to your webcam or microphone.
So even if a "screensaver" is lying about being a screensaver, the damage it can do is limited to what a normal screensaver can do.
Vista has sandboxing but it fails because it prompts so much th
Re: (Score:2)
To some extent, it actually is. Social engineering depends on the characteristics of the users being targeted, which includes their technical ability as well as how they choose to set up their environments.
What makes an OS like Windows more vulnerable than a Linux OS (say) is both the larger and more diverse user population, which increases the likelihood of catching the right kind of (gullible) user, and also the strong standardization in Windows which guarante
Re: (Score:2)
There is nothing that any OS can do to prevent trojans. (At least not without seriously limiting the functionality of legitimate programs.)
Nonsense. Of course there are things you can do. None of them are easy, or entirely without inconvenience, but there are.
You could, for example, get away from the "root == god" paradigm and add a user (or group) for more day-to-day admin tasks. Reserve the highest priviledge level for modifications to the core system, i.e. the OS and core tools. To install an additional screensaver shouldn't require those top-level priviledges. That way, you could alarm users very strongly when a tool requires top-level pr
Re: (Score:2)
But that won't stop a trojan from installing a spambot (since a normal user still needs permission to send emails) or stealing the user's data (since a normal user still needs access to their files and access to the internet).
What's really needed is a change from the "any program can do anything that the user can do" paradigm. Unfortunately, this can't be done without restricting the functionality of legitimate programs.
Society is not an OS X vulnerability (Score:5, Insightful)
For crying out loud people, the poker game one is applicable to any system you want to code it on! What does this have to do with being a Mac OS X security hole? It would work on Linux, BSD, RandomOSMadeUpOnTheSpurOfTheMoment (Infinium labs).
Re: (Score:2)
I don't know OS X at all but if most people log in with administrator or root permissions like they do in Windows,
1) Windows XP and previous default to administrator accounts. Windows Vista is more like Ubuntu, except it prompts you more often (mostly because tons of old XP and earlier software tries do things it really shouldn't need to do). There is a good REASON MS is trying to kill off XP.
2) OS X is like Vista and Ubuntu.
then it's a problem because the Trojan can do it's dirty work all over your system
Comment removed (Score:5, Insightful)
Re: (Score:2)
On the basis that as a good administrator you are already backing up user files regularly, then you restrict any damage to "just" those files meaning that you still will have a core working system to restore back onto.
1) The average PC doesn't have a good administrator.
2) The real damage malware will do to a user has nothing to do with damaging files, its related to identity theft and data theft. Backups don't get you very far here.
3) If you are doing proper backups, then a full system restore really isn't
Re: (Score:2, Informative)
Re:Society is not an OS X vulnerability (Score:4, Insightful)
FUDmeisters (Score:5, Insightful)
I wouldn't call this crying wolf (Score:5, Insightful)
More like warning that just because you live in a good neighbourhood, doesn't mean you should leave your door unlocked. Too many people who have Macs take the lax approach of "Well Macs don't get hacked so I don't have to worry." Ok well maybe they generally don't (though I've seen it happen due to immense user stupidity) but you should still assume that it can happen, and have security to prevent it.
I'm all about proactive security, not reactive. Don't wait until something is a problem, identify weaknesses and fix that shit BEFORE someone exploits it. If nobody ever tries, ok great. However if someone does, you are glad you set up security.
As I said it is the difference between living in a low crime neighbourhood and a high one. You live in a low crime neighbourhood and figure "Oh well there's no crime here, so I don't need to bother with a door lock or alarm." Ok, that's great right up until the criminals try, then you are screwed since you had no security. Well someone who lives in a high crime neighbourhood might have to put up with attempts more often but if they have their doors locked, windows barred, alarm on and so on it doesn't matter because their security stops it.
Computers are the same way. Just because you run a platform that isn't targeted much, doesn't mean you should just ignore security. Hope for the best but prepare for the worst, then you are ready no matter what.
It is like backups. Backups are a waste of time and money when your system has always been reliable... Right up until the moment when it isn't and you lose all your shit. You hope you never need the backups, and most won't computers are pretty reliable, but you make them anyways just in case. You prepare for the worst, even if it is unlikely, so that if it hits you aren't screwed.
Re: (Score:2)
What do you mean "Worry?" About what? Running crappy shareware?
Trojans and phishing are pretty solidly entrenched in the minds of the Mac userbase with some sort of clue, and those without a clue are generally unaware that there's such a thing as F-Secure, and are unlikely to download dodgy shareware apps anyhow.
I keep hearing alarm bells rung, and it always turns out to be much ado about nothing. The Mac uses a modern privilege escalation model, and Apple's taken some pains to make sure their systems come
The suggested fix for ARDAgent... (Score:2)
A lot of websites are now suggesting changing the permissions on the ARDAgent to remove the SUID bit on it.
This works until you repair the permissions (using disk utility which consults its database of permissions) and this puts it right back making you vulnerable again.
No, non-password variants won't appear (Score:4, Insightful)
Still nothing to see here. (Score:3, Insightful)
These trojans are purely payload. The delivery mechanism is still social engineering... not remote execution. We know that "once you're penetrated you're ****ed", pointing out again the ways you can be ****ed is not news (for nerds or otherwise) nor stuff that matters.
These are not the viruses you're looking for. Nothing to see here, move along.
Re: (Score:3, Informative)
I think you misunderstand how it works on OS X
When an application asks for a password to get admin rights, the user is presented with a dialog, but unlike in Vista, actually needs to type the password to continue. You can't just blindly click "OK".
Re:An unpopular opinion.... (Score:4, Interesting)
It's more the impersonation I was talking about.
In windows you can launch a process impersonating a windows user if you want to run under different credentials. So with the string value from the "Enter Pa33w0rd n00b" window, you could in XP, for instance run a new process under "root" privs, and hose the system however you wanted (assuming the password was ok). In Vista this is impossible.
Re: (Score:2, Redundant)
I don't really see the difference between OS X privilege escalation using a password prompt and sudo or Vista using UAC. If you allow the program admin privileges you're screwed, and I believe it's just as easy to implement this on Vista as it is on OS X. On linux it might be a little bit harder because different distro's use different sudo configurations.
As for the ARDAgent vulnerability: that's a completely different story, it's a serious security flaw that needs to be fixed very, very fast.
Re: (Score:2)
Sorry for copy & paste, but I just tried to clear what I meant above....
It's more the impersonation I was talking about.
In windows you can launch a process impersonating a windows user if you want to run under different credentials. So with the string value from the "Enter Pa33w0rd n00b" window, you could in XP, for instance run a new process under "root" privs, and hose the system however you wanted (assuming the password was ok). In Vista this is impossible.
Re: (Score:2)
I don't really see the difference between OS X privilege escalation using a password prompt and sudo or Vista using UAC. If you allow the program admin privileges you're screwed, and I believe it's just as easy to implement this on Vista as it is on OS X. On linux it might be a little bit harder because different distro's use different sudo configurations.
Once the trojan runs, you are quite screwed anyway, whether it has root privileges or not. It's different if you have a server with hundred users; as long as root isn't vulnerable, only one out of the hundred users can get hosed. But if you are using a home computer with a single user, even with user privileges only the trojan has access to hundred percent of all user data and can delete it, modify it, encrypt it and blackmail the user, or mail it somewhere else. In that case I don't care about the system;
Re: (Score:2)
Yep, well, actually that's another thing UAC does too - critical file & registry read/writes are virtualized into something stored in just the users directory, so apps that try get round UAC still work & the system is still secure.
But ultimately, root stuff is still necessary, and it's only the user that can ultimately decide whether or not to allow each request.
Re: (Score:2)
Interesting. Care to provide any examples?
Re:"Politely request your password"... Meh (Score:5, Insightful)
Re:"Politely request your password"... Meh (Score:5, Insightful)
That is exactly what a trojan is!
A trojan is a piece of software that appears to be benign or otherwise safe or desirable, but in fact is malign. It may or may not also act as advertised.
A virus is a piece of software that piggy-backs on other executables, "infecting" them with its own code and modifying them so that when they are launched, the virus code is also run. They spread by searching for and infecting other executables on the machine.
A worm is self-propagating, and does not require user intervention. It actively seeks out and exploits a given vulnerability or vulnerabilities, using them to covertly gain access to the machine.
Of the three broad types of malware, the only one that does not require the user to manually run it is a worm.
And if a program requests the root password and the user gives it, is this the OS's fault?
No, of course not - but you'd be amazed at the number of people who blame Windows even for such social engineering tricks, or believe that if we only all switched to Linux malware would be a thing of the past. The weakest link in any computer system is the user, and there's little or nothing an OS can do to protect itself from a naive or malicious user armed with the root/admin password. While this is a non-story, it does at least demonstrate that the same is true of other OSes than Windows.
Re: (Score:2)
trojan
Re: (Score:2)
Re:OS X has no functional root (Score:4, Informative)
Root on OS X is off by default out-of-the-box, isn't it?
It's not "immunity", it's "resistance". (Score:3, Insightful)
I'm so damn sick of people going "oooh, aaah, I thought $software was immune to $threat" when no credible commentator has made such a claim.
Just quit it, OK? It just makes you look like an utter twit.
And it's not just a lack of being targeted. It's a smaller surface area for attack, as well. OS X has nothing comparable to the rich viral petrie dish that the tight desktop-browser integration in Windows provides. Before 1997, Windows viruses were virtually all a matter of tricking people into running software
The real "Next Step for Mac (& Windows) Users" (Score:5, Informative)
History shows us that even the smartest of users can catch malware.
It's been 17 years since the last time I had to remove a virus from my own computer, even when that computer's been unpatched Windows 2000 connected to the Internet. In the years that I was network and security admin and had control of the network, the only time we had any systems infected was when a user had either downloaded and run a file (that is, they were social-engineered, and in 10 years only one person came to me with an infected laptop after doing that twice) or they had violated my policy banning IE and Outlook at our location.
The potential for infection if you avoid software that supports automatic execution of remote content is very very small, even on Windows. The reason that Windows has a high infection rate is because of IE and Outlook, not simply because it's popular.
If you're on a Mac, and use Safari, here's the next steps you should take:
(1) Go into preferences and make sure "Open 'Safe' Files after Downloading" is disabled.
(2) Get a standalone FTP client and use one of the third-party LaunchServices editors (look for internet access preference panes) and change the default application for FTP: URLs from Finder to something else.
(3) Use Tinkertool or equivalent to disable Dashboard.
#1 is the most important. #2 and #3 don't allow automatic execution of untrusted content, but they do make social engineer ing easier.
If you use a Gecko-based browser like Firefox or Camino, you don't need to worry about these.
If you're on Windows: avoid using any application that uses the Microsoft HTML control to access untrusted content. That includes IE, Outlook (not all versions, any more, but I believe you have to accept the Vista-style UI to avoid it), Windows Media Player, Realplayer, and some Firefox plugins and some versions of Netscape.
In Firefox, Windows or Mac or Linux, always clean out the whitelist for installing extensions after you install an extension... the installer is an autoexecution mechanism, and there have been exploits that took advantage of that even if you don't approve the install dialog.
The scary part is that most Mac OS users think they can't catch malware because they're smart enough not to install it.
At the moment that's not far from the truth. You can avoid catching malware by being smart enough to avoid running it, on Windows or OS X, if you exercise some care in the applications you use, and how they're configured. It's harder on Windows, but it's still possible.