The Macintosh and OS X are finally being taken seriously...

[robkelk]

... by the virus writers. According to http://www.cbc.ca/technology/story/2009 ... rojan.html]CBC News, there's enough virus-infected Macs running OSX out there to make a botnet.

Anybody who's running OS X, you now have to be sure to update your anti-virus software regularly. And if you don't have anti-virus software, you need to get some.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

[Wiregeek]

I'm glad I don't suffer from schaudenfreude, 'cause this is hilarious.
"No can brain today. Want cheezeburger."
From NGE: Nobody Dies, by Gregg Landsman
http://www.fanfiction.net/s/5579457/1/NGE_Nobody_Dies

[Rev Dark]

I don't suffer from it - I rather enjoy it...

[jpub]

The fact that there's no real removal tool for this yet is why we have a semi-permanent ban on OSX machines at my workplace. I enjoy shoving that in the
face of the MacLovers a lot.

[Sweno]

It doesn't matter what OS you are running, if you install a piece of malware voluntarily (or are socially engineered into doing so) you are boned.

The fact that Macs make up a large enough segment of market to be targeted is something I view as a good sign.
-Terry
-----
"so listen up boy, or pornography starring your mother will be the second worst thing to happen to you today"
TF2: Spy

[CattyNebulart]

No matter how good the OS (and I dislike MacOS personally, but it's not bad) it will always be vulnerable to social engineering attacks. However in
properly engineered systems the solution is simple, don't give them root accsess, they shouldn't need it for anything anyway. Unlike windows where a
lot of software requieres Administrator accsess. That way the only thing they should be able to wreck is their own account and it is easier to just create a
new account rather than reinstalling the OS.

There are very few worms for non-Windows OSes due to a vareity of factors, but one of the reasons is that the systems are properly engineered and both the
attack vectors and the damage the vectors can cause are limited. It doesn't help the user if he does everything from the root account but if he is not
being an idiot like that damage will be contained.

Unix based OSes also have a much easier time recovering from a reinstall if they are set up properly (IE: Seperate /home partition).

Sure antivirus software is still needed but the need is not nearly as acute as it is for windows systems.
E: "Did they... did they just endorse the combination of the JSDF and US Army by showing them as two lesbian lolicons moving in together and holding hands and talking about how 'intimate' they were?"
B: "Have you forgotten so soon? They're phasing out Don't Ask, Don't Tell."

[robkelk]

OS X is based on BSD, and as I recall one doesn't run in superuser mode (or whatever Apple may have renamed superuser for OS X) in day-to-day operations.

In this case, the main security problem exists between the keyboard and the chair. That particular problem is never going to go away; it's best to take
steps to mitigate it. The typical Apple fanboy's thought that "viruses don't affect Macs" is the biggest stumbling block in the way of proper
security on Macs. (Likewise, the typical Linux fanboy's thought that "viruses don't affect Linux" is the biggest stumbling block in the way
of proper security on Linux boxen.) The platform is sufficiently popular that it's worth some malware-writer's time to create malware for it;
that's all the incentive they need to crack the platform's security.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

[khagler]

It's a trojan horse, not a virus. Those aren't unknown on OS X, just rare--I remember maybe ten or so over the years. The last Mac virus was SevenDust, which was for the original Mac OS. When I was doing QA for Norton AntiVirus for Mac in 1999 I had to test with it, and I still remember it very well because it was such a nuisance to work with. The darn thing was buggy, and wouldn't infect reliably.

[CattyNebulart]

Rob I mostly agree with you, though as always the devil is in the details. The popularity = cracking argument is mostly wrong, it has to do with payoff not
popularity. Say there are a few computers that banks use for transfering money and they use BankOS which is used no-where else. I think we could all agree a
disproportionate number of cracking attempt would go towards BankOS.

Tanget: For the same reasons I find the argument that there is less malware for linux just because it has fewer desktops suspect. Linux is after all quite
popular as a server OS and payoff for controlling a server tend to be higher than payoff for controlling a desktop. Some desing decisions have made *nix more
secure than windows and windows can't fix them without breaking backwards compatability. There are similar fundamental problems with *nix, that can't
be fixed for the same reasons, though thankfully fewer than in windows.

I'm not sure what Apple does with regards to the root user but I would not be surprised if it does make the user run as it all the time. Disappointed but
not surprised. Any mac users to shed some light on this?
E: "Did they... did they just endorse the combination of the JSDF and US Army by showing them as two lesbian lolicons moving in together and holding hands and talking about how 'intimate' they were?"
B: "Have you forgotten so soon? They're phasing out Don't Ask, Don't Tell."

[Sweno]

Macs are following the same user model that everyone else is nowadays.

Admin users aren't admin except for some very short periods of time when the effectively sudo to a more privileged account.

I could get into the nitty-gritty, but I don't think it needed.

And yes, the popularity = cracking argument is an oversimplification. But it works in most cases.

As Catty said it's all about ROI, the fact that most end users are less educated about threats than they need to be means that the more popular OSs have a
larger target pool to phish from.

correlation doesn't imply causation, but there is normaly some sort of link between the two

And if anyone needs proof of the fact that macs could be hacked just like windows boxes, feel free to google "pwn 2 own" where safari on the mac has
fallen on the first day every year.
-Terry
-----
"so listen up boy, or pornography starring your mother will be the second worst thing to happen to you today"
TF2: Spy

[khagler]

Not only do OS X users not run as root all the time, the root account isn't even enabled for user login by default. Enabling it requires action on the part
of the user which non-technical users wouldn't know how to manage.

[CattyNebulart]

Excellent I'm glad that Apple did the right thing. The most modern Mac I have used was the Classic II, and this was in 1997-1998. Needless to say
performance was underwhelming.
E: "Did they... did they just endorse the combination of the JSDF and US Army by showing them as two lesbian lolicons moving in together and holding hands and talking about how 'intimate' they were?"
B: "Have you forgotten so soon? They're phasing out Don't Ask, Don't Tell."

[LynnInDenver]

The problem that the MacOSX botnet shows is that social engineering still works, it's just harder. Why will it be hard to fix?

Because you'd have to get so stringent on computer ownership versus training that people would have to have a license to use a computer at all, just to
ensure that they have a minimal amount of security awareness to prevent this from happening.
--

"You know how parents tell you everything's going to fine, but you know they're lying to make you feel better? Everything's going to be fine." - The Doctor

[VladimirTherin]

FTA: "Researchers at Symantec say the Trojan, called OSX.Iservice, hid itself in pirated versions of the Apple application iWork '09 and the Mac
version of Adobe Photoshop CS4 that were shared on a popular peer-to-peer bittorrent network"

Yeah, this type of trojan is about 10 seconds younger than the first pirated software.

Assuming that it asked for superuser escalation as part of the install and the system might be well and truly pwnd. Time to reimage the disk.

This isnt a virus though. A real honest-to-god virus is MUCH harder to write on a *nix box. Userland processes simply are not allowed to modify system files
without manual input on a properly configured/updated system.

The thing is, windows has not traditionally made this distinction. Even now that their newer OS's are trying to enforce it, they have to make such a hash
of things with exceptions to allow legacy code to work that it is pretty much meaningless.

Windows is going to be a joke as far as security goes until the day they actually implement some kind of vmware style sandbox for legacy code, instead of
trying to back-patch support into their libraries.

/geekrant over

[Sweno]

From what I have heard about windows 7 (Nothing I have bother to research or confirm, so take with a large grain of salt) that style of vm sandbox is exactly
what they are doing, called Med-V.

Rather than deal with trying to import and support legacy code natively in 7, they are including a vm that run all that in-house legacy company software that
Microsoft needs to support if it wants upgrades to sell.

The added benefit of MS doing this built in is that they can roll this VM so that it appears to be a native app.

It's one step from there to hook all the risky apps (anything that talks to the internet) into a vm to minimize the attack surface.
-Terry
-----
"so listen up boy, or pornography starring your mother will be the second worst thing to happen to you today"
TF2: Spy

[VladimirTherin]

Unfortunately Microsoft let the marketroids get involved in that, and they are withholding that as an addon, meaning that they still have to support most of
their legacy code in the kernel.

link:

http://www.infoworld.com/d/windows/app- ... nities-971

Microsoft was initially going to try a lot of things to address their traditional weak points with winodows7

Being able to run headless without a gui, a robust shell/command line, better file systems , etc.

A lot of them have slipped out or will only be available in their most premium versions however.