Snow Leopard Malware Targets Apple Users

34 Comments

trojan

Not that any TheAppleBlog readers would ever try to acquire software in a less-than-legal manner, but just in case you know someone who would, tell them to watch out for web sites claiming to bear Snow Leopard (s aapl) gifts.

Like the Adobe (s adbe) Photoshop CS4 and iWork ’09 before it, Snow Leopard now has a super-special malware edition floating around the web. It’s a classic software honeypot scheme: You find a site advertising a free Snow Leopard upgrade, download a disk image file (.DMG), and it unleashes its trojan payload.

Trend Micro is advising folks to avoid any and all sites advertising free Snow Leopard upgrades, since what you actually get is a new variant of the DNS charger trojan known as OSX_JAHLAV.K. The Apple-specific malware, once it makes itself at home on your computer, will redirect your Internet browser to phishing sites and malware-infected web sites. OSX_JAHLAV.K has a particularly nasty trick up its sleeve — it sends you to a site that advertises fake antivirus software that will notify you that you have an infection until you pay to register and have it removed.

Trend Micro’s advice is to pick up its Smart Surfing for Mac malicious URL-blocking software, which will cost you $50 a year in subscription fees. My advice is to think long and hard about how much you’re willing to pay down the road just to avoid spending $29 upfront for the 10.6 upgrade.

No doubt this will give antivirus companies cause to raise the red flags once more, and spout on about how the end is nigh for the days of OS X being the secure choice, but as before, smart browsing and downloading policies are still your best bet for a happy, safe Mac.

Photo courtesy of Flickr user Darcy McCarty.

34 Comments

dave

Thanks for the helpful tip on viruses in my system articles. Keep up the good work,i will be back for more useful information on this very topic.

Elliott Bettman MD

I use a pc laptop loaded with jaunty linux. NO problems!

BUT I do not buy into Gates “security through obscurity” BS. ALL Windows versions are inherently more vulnerable to viruses and worms than Apple. Trojans are a different story but they won’t spread from Mac to Mac through email or texting. That’s a BIG difference.

Astrochimp

@Greg:
The issue of “bugs almost anywhere in the code base can get full privilege” died with MSFT Window 9x. Windows XP is built on an NT core, so that issue doesn’t exist – if I understand you correctly.

I agree, ActiveX can be a security issue if the end user pays no attention to warnings (e.g. who signed that ActiveX control?) or if some numskull turns the privilege warnings off*, but this is very old technology and the need to support it will ultimately go away. Microsoft makes sacrifices to make old business applications work, in a secure way – is that a problem?

*IMO Microsoft-haters often justify their animus by living in the past, and deciding that security measures are evil and nobody is every justified in putting up with them. But, that’s just like refusing to wear seatbelts in a car – “Seat belts? WTF? We never had to wear seat belts before” – and then, when your head goes through the windshield, blaming the car manufacturer.

Greg, I have no idea what you mean by “system of certificates and access lists, and incomprehensible questions asked of the user…”

You’re correct: if the Eclipse installer were signed, it still means you’re trusting the authors at some point, and since it’s open-source, there isn’t much of an organization to value its own online reputation. But, it would be better than what there is now – an unsigned, un-authenticated executable, given admin access rights to my client OS – which is rife with attack vectors!

“Seat belts – we don’t need no stinkin’ seat belts! The manufacturer told us that these cars never have accidents!” Hmm, sure sounds like Apple Inc. lying about how secure their machines supposedly are.

Greg

@Astrochimp. I’m not sure POSIX itself is directly related to ‘hard to use’, but it could be. In my view, the big issue with MSFT is not that they have bugs, but that bug almost anywhere in the code base can get full privilege to do whatever they like -.this seems to have been addressed in Vista, but from my experience with Vista I’m not sure it’s been thought out properly. Recently, as administrator, I wanted access to another user’s Documents to copy one file, a dialog popped up asking me for a password – happy surprise, expecting to get a temporary elevation of privilege – but, 10 mins of disk rattling later I had been granted access to all those files, individually, indefinitely. Not what I expected.
So perhaps there is some kind of security curtain now, where code on one side is less critical than the other. But it may be too complex. ActiveX is a perfect example – this was a nifty idea for integrating code within the box, but the idea of ActiveX on the ‘web’ has got to be one of the worst ideas in the history of computing, and a huge gift to malware writers. Now, instead of abandoning it, Microsoft has a complex system of certificates and access lists, and incomprehensible questions asked of the user, to try to make it secure, so that those few remaining web sites who don’t mind forcing their users to use Windows *and* IE can keep doing so. WTF.

Your Eclipse question is a good one. Most of the apps have md5 checksums on them, which are downloaded separately, and this will protect you from tampering post-publication. Pre-publication tampering is basically indistinguishable from malware in the code itself, so you need to trust the authors at some point, same as when you pay for software. There’s also the option of building the code yourself; even if you don’t, it may help to know that other ‘arms length’ users are doing that, so if there’s malware in it, it’s likely to get found. You can always create one login for development and another to do your banking and so forth — assuming that your OS has mechanisms to keep those separate, of course. That’s probably a good idea on any platform.

Astrochimp

@Greg, on “security by obscurity” –
Great point, and although I had fallen into the habit of referring to “security by obscurity” when I mean “security by small market share” and I can see references on the web that use the phrase in the same sense, I can also find credible references (e.g. on MSDN) that define “security by obscurity” as “security by keeping the holes secret” basically.

Apple does this, of course, as you can see if you follow the news (at least the shadow of this): Apple does it’s best to control the information around any security issues around Apple products, which is, they do it *very very well* because Apple excels at secrecy, controlling the information and controlling their brand. Sometimes the truth comes out, and you wonder, “How come we didn’t hear about this before?”

Apple has certainly been practicing security through small market share, because although – long ago, in the days of Windows 9x – MSFT security was pathetic ( Apple reminds us of that in their brilliant “I’m a Mac, I’m a PC” ads, in which universe MSFT is *still* shipping Windows ME) they surpassed Mac security with Windows XP SP2, and have been pulling ahead ever since.

Security by small market share (i.e. the blackhats might not bother targeting those machines, because of reduced returns) is not a type of security, but it masquerades as security. So, what to call it? Security by “we’re probably OK, because there’s a more lucrative target over there” ?

You are correct about the advantage of open source, in that everyone can see it and in theory the good changes outweigh the bad in terms of making it more secure.

You are mistaken about MSFT security strategy. Yes, MSFT has lots of proprietary code; that’s how this corporation fulfills its corporate obligation to make money. NO, MSFT never relies on this for security. MSFT employees have been extensively trained on security issues, and security is very, very important there and improving security is highly rewarded behavior.

Example (although I’m getting tired of trotting out this example repeatedly, it’s an important lesson): the Conficker worm. Conficker exploits a security hole that was found *by Microsoft* *by Microsoft’s security strategy* and patched in October 2008. When did Conficker show up in the wild? November 2008. Compare those dates. The only machines infected by Conficker were those victmized by bad decision making on the part of some admin, i.e. the default self-patching behavior was changed and those machines never got the patch.

Is that not proof enough for you? … I’d love to hear the cult-of-Jobs perspective on what those events mean.

Oh, actually, I know the cult-of-Jobs perspective: MSFT stopped improving when it shipped Windows ME, which OS is laughable by today’s standards IMO. That’s right, MSFT fired every engineer in 1999 after Windows ME, and has been selling the same thing ever since. NOT.

On the Posix standard: that’s useful if you want to run unix-based utilities or web servers, but there’s a reason that Apple is the only entity to have success bringing that to people’s desktops. Most people aren’t geeks; they want their computers to be useful and easy-to-use.

I remember testing an early Mac OS X and getting “Posix error 60” repeatedly. The only work-around was to reboot the machine. Obviously, Unix isn’t perfect either.

Greg, I have a favor to ask you, since you seem to be involved in the open-source community: Please help these people find a way to create responsible entities, and digitally sign their applications after a standard security procedure. I recently downloaded the Eclipse IDE and it wasn’t digitally signed. How do I know who built the binary, or who messed with it, or if there isn’t malware inside? I don’t! I took a deep breath and installed the anonymous binary anyway, but I’m pretty unhappy about that.

debohun

As they say, if you want to know the truth behind anything, follow the money. So, where is the money in these trojan scams? They appear to be mostly minor inconveniences. That means the money is being made elsewhere. Perhaps through the sales of anti-virus software, or perhaps through the sales of licensed versions of the software that supposedly carries these poisoned payloads. It would be very interesting if we could track back the source of this malware, very interesting indeed if we found that trail lead directly to anti-virus software companies, or the software companies of the products whose bootlegged versions are being used to carry the payloads.

Astrochimp

@Matt:
Oh, but Apple hard drives never, ever, ever fail, right?

Or, if they do, Apple Inc. will buy your silence and a new hard drive.

WHS can handle failure of any hard drive, including the one the WHS OS is installed on. It does many other useful things besides, which go way beyond a NAS or anything that Apple does.

“Time Machine” is just a sexy marketing name for what Microsoft already does.

Back to topic:
Look at the first two replies to the article, from Shrikee and Victor. They’re basically saying “Well, the morons deserve it” if you get the malware. Don’t lose sight of the fact that Vista *tells you* something that you can use to clearly identify the malware – unlike Mac. SN’s half-baked security doesn’t do nearly as much, and isn’t as reliable.

Enjoy your Apple Cult meeting tomorrow, folks. It’s good to feel good about yourselves, isn’t it?

Astrochimp

Obscurity is not the same thing as security. Obscurity can buy you time (e.g. the case of Apple) but it’s not security at all; the blackhats could choose to target your platform at any time. If I tried to tell my employer that their business IT security was augmented by some kind of obscurity, I’d get fired, and rightly so, for being dangerous and ignorant.

Greg’s argument that “obscurity is a kind of security” makes no sense, because it implies that a measure of whether your computer is secure or not is whether or not the blackhats choose to target it. Apple wishes to grow market share of course, because their business model is based on selling their very expensive and well-marketed hardware – and, to the extent that they succeed, they become a bigger target for the blackhats. They’re already a target now.

Here is backup in the Windows world (not at all like Greg describes it, unless you’re a very weak user):
I set up Windows Home Server on my home network (not a domain) and I never have to worry about it. It’s robust against failure of any hard drive, and I’m good for a few decades at least until something hugely better comes along.

True story: the only hard drive on my primary environment hosed itself a few months ago. It took me longer to drive down to Frye’s to get a new hard drive than it did to restore my computer *exactly* as it was the night before, when WHS did the automatic backup. WHS restored the OS, any configuration, installed apps, data, everything.

Matt

So, basically you’re saying that WHS does everything that Time Machine does, except that it comes in the form of a completely new server computer that you have to buy, rather than simply coming free with the computer you actually use. Wow, isn’t that just *awesome?*

Oh, wait…

Greg

@Astrochimp: perspective, dude. Obscurity is definitely not security, I was just pointing out a case where it would definitely have been ‘a mild form’, and better than Windows security. There may well be security issues in the comparatively tiny code base of e.g. QNX but if so I assure you they aren’t known to thousands of 14-year-olds. And the main point: If you think Linux people aren’t checking security issues and constantly improving things, you are very wrong.

OK, I like what you did with WHS. Wasn’t aware of that functionality, requiring another machine. Will you really be able to keep using that in 5, 10 years when your primary OS is required to be Windows 8.5 Plectrum or something, Vista no longer being supported in any way? And of course the machine you have hosting WHS won’t be able to run WHS Plectrum, despite being still perfectly adequate for the actual application you want to run on it. You’ll still be able put Linux on it, and run about 200 lines of python to do that backup server.
@marc will limit myself to that…

Greg

@Astrochimp – you’re actually on the wrong side of the ‘obscurity is not security’ argument — as applied to crypto, anyhow. Obscurity does not mean ‘little used’, it means ‘hidden from the bad guys’. This is one of the most important principles in crypto – you should assume the bad guys will know exactly how your machine works, and can see everything on the wire. You can only hope to protect keys and thus the data. So, in OS security terms, this means you should assume that everyone can see or reverse-engineer your source code – in fact, the more people who can see it, the more secure it should be (because white hats will report problems) and the faster you’re going to get nailed if it isn’t. Put another way, if everyone’s going to see it, you’re going to be pretty careful to design things so that only a small percentage of code is security critical, and then be extremely careful about that code. By contrast, since MSFT’s code is unpublished and huge, it takes a long time. Odd security quirks pop up (often by being exploited) from time to time in Windows code, which have been around for years; and even harmless-seeming things like the preview icon for animated cursors can be entry points for malware (this actually happened). So, in fact MSFT sells an awful lot of business ‘security’ code which is taken on (unearned) faith, and augmented by this kind of obscurity: not publishing the source. Will you get fired for buying that? People at Diebold should have been, IMHO. “Dangerous and ignorant” is exactly right.

Regarding the ‘security by rarity’ angle which you were driving at, Linux may have only a small percentage of all the machines on the net, but it has a pretty substantial percentage of the servers which would count as ‘high-value targets’. That wouldn’t happen if it was as leaky as you imply. Linux security is not perfect, but is not a delusion, my friend.

So, what about Apple? I was very pleased when they decided to switch to a POSIX-compliant base, thus leaving msft alone out there. Apple users: do the secure components make use of open source libraries (e..g OpenSSL), or is it proprietary like MSFT? Or a mix? How do people feel about that?

marc

Greg wins on points!
Astrochimp out!
And theappleblog.com?
Again, hijacked by a Windows fanatic & Linux lover in a classic discussion.

Greg

Yes, 30GB is wrong. It means nobody gives a [email protected] and next year it will be 50G. It’s more than 10% of a large laptop drive. If everything else was so bloated, that 240G drive would be way too small. Put it this way – if you put Rush Limbaugh i n a really big room, he’s still fat, he’s just fat in a really big room.

Bloat has all kinds of costs. When you push ‘hibernate’ on this laptop, the amount of stuff that has to be written to disk is far greater than it should be, so you wait far too long to save it and far too long to load it up again. It took a full hour to get the machine ‘in order’ after opening the box, and that’s a direct function of the sheer size and number of the files making up the OS.

Here’s another way to look at it: Figure out how much extra you paid for a bigger, faster drive, faster CPU, more ram, etc, to have all that performance chewed up by an inefficient OS. I.e. if Vista wasn’t so bloated, you could have saved $200 or something and had the same performance. Or you could spend the $200 and actually get the benefit of the extra performance and storage for your own advantage by running a more efficient OS.

An image backup is the only real backup. In microsoft land, ‘backup’ now means ‘back up your “Documents”‘ and if the machine fails all you need to do is spend hours reloading fresh OS onto a new one, and reloading all your apps from the original disks, and you can restore your “Documents”‘. Real backup means you get everything back the way it was, OS, apps, data. Microsoft has not been able to do that for some time (since DOS?) but they don’t care because they sell more copies of the OS this way.

I do incremental backup on the 700GB of ‘user data’, but the 40G system partition gets an image backup, because that will allow an image restore if needed. The trick is, you need to back it up when it’s not running, which Microsoft can’t do. Why? because you can’t boot windows from a CD drive. Because it’s bloated. Go back to say, 1995, and try to tell anyone, anywhere in the computer industry, that you can’t possibly create a OS with GUI, network and file system functions, and a few generic utilities, that will boot and run from a 700MB disk, and they will think you are completely, utterly insane. I don’t know of any reason why that needs to be so different in 2009.

And, maybe your grandma can’t use Linux but I have to keep kicking my 7 and 11-year-old kids off this one :-)

And to tell the truth, that Vista laptop is quite usable, but with 3G of ram it certainly ought to be.

Regarding linux security, it’s also wrong to assume that ‘obscurity’ implies complacency or inadequacy. Remember that the basic principles of unix security were worked out in era when no-one could afford individual computers, so all computers had to support multi-tasking with user-specific access rights. The system has some weaknesses but after 30 years we’re kind of all familiar with what they are and how to deal with them, and improvements are constantly being made. By contrast, security features in MS stuff – which would have been really, really useful for program developers – i don’t know if you remember the ‘compile/run/hang/reboot’ cycle – were not added until it suddenly came to light that the systems were under attack and were incredibly vulnerable.

But you know what? If I download something claiming to be a kernel upgrade, and I give it my root password to install itself, I can get gorked too.

Also, I’d argue that obscurity is in a fact at least a mild kind of security. ATMs built with Windows in them have caught generic windows viruses. In other words they have been infected by malware not even targeted at ATMS, just floating around in the wild. If they had been built with something ‘obscure’ like QNX, it’s pretty unlikely that infections would occur without anybody actually targeting the ATMS. For what it’s worth.

Astrochimp

@Greg …
On Linux: I’m happy for you.

On your wife’s Vista box: Good for her, it’s the most secure OS shipping (well, until Windows 7 ships) and may she enjoy it. I hate all the crapware that the hardware manufacturers put on it, though – kinda sucks, doesn’t it, but I guess it’s the price we pay for a huge array of hardware choices and competition for delivering hardware value at a good price. I prefer to use clean OS installations when I can, to avoid that stuff.

Why would you care if the setup takes 30GB? Is that a (giggle) problem? Storage space is very cheap these days, and if you do incremental, automatic backups, instead of full images that you’re wont to do, you don’t have problems. Get with the times and use Windows Home Server to handle that for you, and many other cool services besides :)

Unix is cool. I’ve worked with Solaris and VxWorks. It’s fine for hardcore geeks, and it works, but it (and Linux) fails miserably at being usable and useful for grandma.

Unix security is not good enough going forward, as even Apple quietly acknowledges by implementing ASLR (as Vista did, years ago.)

If anybody had to learn *one thing* about security, it’s this: perfect security doesn’t exist. If you have room for *two* things, get this too: obscurity (small market share) can masquerade as security, but it’s not a kind of security.

On using Windows XP: yes, it appears to be “good enough” for many people, but I wouldn’t recommend it now for security or usability. I think Microsoft leapfrogged over Apple for security when XP SP2 shipped, and remains ahead, but progress happens.

Matt

“On your wife’s Vista box: Good for her, it’s the most secure OS shipping”

“Get with the times and use Windows Home Server to handle [backups] for you”

Wait, you’re suggesting that he buy a completely separate *computer* to manage backups when he already has backup regimen that works just fine for him? OK, that’s it, you have to be either a paid shill and fantastically deluded moron.

“Unix is cool. I’ve worked with Solaris and VxWorks. It’s fine for hardcore geeks, and it works, but it (and Linux) fails miserably at being usable and useful for grandma.”

Totall bullshit. Out of the box, Ubuntu (to pick just one of many great Linux distributions) provides everything that your average, consumer computer user needs and there is an abundance of free software to cover almost every other need, with a mechanism that makes it very easy to obtain it. My 63 year old mother uses it just fine. Maybe it’s not the OS that’s the problem. Maybe it’s just that your grandma is an idiot. That would make sense, given the idiocy of your posts: the stupid gene is a strong one, after all.

Greg

@Astrochimp: so XP is ‘very old and outdated’? This is part of the problem. Surely the industry has reached the point where it should not be necessary to completely revamp the OS every 3 or four years, but that seems to be MS’s business model so we have no choice. XP is overall, pretty good, stable, far less buggy than previous efforts, why not just fix what’s wrong with it instead of replacing everything again? unless all MS’s stuff is so broken that you can’t do that? My wife recently bought a new Vista laptop, and after setup and update, there’s 30 GB used before any apps were loaded, that’s insane.

I’m using an OS which is by design much older than MS’s stuff and yet, strangely, not outdated at all .. when I was in university in 1984 I learned to use Unix, when I graduated I learned about MSDOS, and a lot of other microsoft stuff that became obsolete through their cycle of slowly and painfully evolving their OS, and eventually through Linux I was able to switch back. All the stuff I learned about Unix back then? still works! all the stuff I learned about DOS, VC6, Win9X SCSI APIs, and drivers, etc? Useless now. So ‘old’ and ‘outdated’ are relative terms. It’s nice to use something that hasn’t had to be redesigned over and over, because it was done right 25 years ago, and is now doing fine running apps undreamed of back then.

BTW, this 64-bit ubuntu machine has a boatload of apps on it, 4 browsers (including linux firefox, and Windows firefox via wine), Evolution mail, google earth, audacity, vmware server, apache, wireshark, full software development suite, blender, python, media software, midi editor, full OpenOffice suite, inkscape, photo organizer, bunch of games, etc, etc. System partition where all that stuff lives (along with the OS of course)? 7.7 GB. I can do an image backup in a couple of minutes. 30 GB is just insane, especially when you consider that Vista itself (like XP) provides nothing at all which is useful for software developers – not even a usable text editor or adequate command-line shell.

Andy

@Greg,

I’m just going to go ahead and call “BS” on the 30GB Vista installation. Vista isn’t taking up 30GB, but a lot of bloatware may be (that “Free Trial” of MS Office 2007, for instance, probably weighs in at a couple GBs).

Add into account your “rounding up” from 27.5GB or whatever, and Vista is a small(ish) portion of that. The minimum free space requirements for a Vista Home Premium installation is 15GB. Do the math.

Astrochimp

@ComputerUser – if you like to make your Mac community look ignorant about security issues and what is being shipped today vs. what was being shipped 9 years ago, keep posting :)

Your story is strange (why buy a new computer and not use it for web access?) but clearly your “friend” was running Windows XP, a very old and outdated OS.

And, you’re talking is if large market share should be equated with security issues. So, what if everyone listened to you and bought a Mac? The malware writers would target Macs exclusively (because they’re big, porous targets, relative to Vista) and Apple Inc. would have to do what Microsoft already did in order to survive.

I think your problem is that you believe the marketing from Apple Inc. This kind of gullibility could come back to bite you in the butt, when the keyboard-reader malware that is running right now on your Apple sends your credit card info to China and your credit rating is ruined.

Matt

“clearly your “friend” was running Windows XP, a very old and outdated OS”

In September 2007, Vista was the standard OS on Windows PCs. You could still get XP, but you’d have to hunt for it. The chances are a lot higher that his friend was using Vista.

The rest of your post doesn’t even make sense. The guy said nothing about security through obscurity and he also said that he has both Macs and PCs, so your painting of him as a gullible Mac fan only highlights the fact that you’re a typical fanboy who lacks the intellect to approach this topic rationally. Hopefully, you’re posting this from school and, therefore, you still have time to develop into a normal adult. If you’re already an adult then I hope you’re sterile so that your ignorant genes are unable to pollute humanity any further.

ComputerUser

Windows are a great piece of software.
2 days ago my friend got a brand new PC. He decided not to use it for surfing the web, never allow anyone to put a USB drive on it etc.
He got it with windows preinstalled. He installed Adobe CS suite, connected his photo camera and downloaded some pictures from it.
Guess what happened… when he rebooted teh PC, strange error messages started to appear. To make a very very long story short, he didn’t buy and install a third party antivirus before connecting his camera, so he got a virus from cameras memory card.
That is just awesome. Windows are really superb piece of software.

I wonder what would happen if he would surf the net for few hours without the third party antivirus software?

Just to let you know, I use both win and osx machines. Windows for CAD and 3D work, and OSX for all the rest (2d graphics, internet, video…). Works like a charm. I use macs for 1.5 years already. 0 hours of work for system maintenance wasted, 0 problems with viruses and malware. MS beat that.

Astrochimp

@Jocca:
so, Mac users do the same thing whether they’re installing a piece of malware (unknowingly, of course) or Adobe Flash? Just enter your admin PW – easy, and just as automatic.

Your statement about email attachments on the Mac applies equally to Vista and Windows 7 – oh, except that Macs have very small market share, hence obscurity, which is not to be confused with security.

SN includes an anti-virus – so, are you saying that Apple is wrong to include that in the OS.

Oh, about the “exe” files – I’m referring to executables, in the general sense. The actual file name doesn’t matter.

Vista’s UAC (and, even better, Windows 7) is a great tool, which will always do more than Mac as long as Apple finds insufficient pressure to adopt the technique. Sure, people on Macs and MSFTos’ both do stupid stuff sometimes, but MSFT gives people the better tools with which to make good decision.

Matt

“Vista’s UAC…is a great tool”

I was neutral and occasionally in agreement with you up until this point, but then you had to ruin it with an amazingly retarded comment. OS X has had a functional system of admin password entry, to prevent apps doing things they shouldn’t, since day one, back in 2001. Microsoft’s version of this, implemented five *years* later, is an amazingly insecure and fundamentally broken concept. UAC prompts appear so often in Vista that all the “feature” succeeds in doing is training the user to click OK whenever it shows up.

By saying that UAC is “a great tool, which will always do more than Mac”, you may as well run a flag up the pole that says, “Hey, MS fanboy over here! Come listen to me talk a load of crap!”

Jocca

Ever since MacOs X, every applications that is downloaded to your mac had to have an administration password in order for it to be installed in your hard drive. So it is up to the users to exercise caution and a certain level of logical thought before installing any files that you pick up on the internet, especially the free versions of commercial applications which normally cost a certain amount of money to buy. Downloading applications from a dubious site ought to trigger all kind of red flags unless one is too clueless to understand the danger of it. There has been no known infection on a Mac to this day caused by just opening a piece of e-mail because this route of infection simply is not open to the system.

As for me I prefer to exercise caution and run my Mac without these so called anti-virus programs, some of them having been known to cause a lot more headache than is worth the trouble.

Another point to be clarified. The mac operating systems have never handled .exe files, whether pre OS X or OS X systems, so it was always shielded from the thousands of .exe files which infected millions of window machines in the 90s and early 2000s.

Astrochimp

I’m not surprised that Mac fans minimize the utility of spoof-proof authentication of EXEs from identities who are generally trusted and whose brand is important, and maximize the stupidity of users when it is convenient for them to do so.

True – the only way that the Conficker worm ended up in the news is that there were a large number of Windows clients on the ‘net who did NOT accept the default Microsoft updates, and hence were vulnerable to Conficker, which was reverse-engineered from an October 2008 MSFT patch and showed up in November 2008.

Personally, I refuse to install anything that isn’t signed by an entity with a known brand. It’s a very useful security utility because it guarantees that, after the EXE was signed, nobody messed with it and man-in-the-middle attacks are impossible.

@Tom: Windows comes with firewall ON by default – and SN comes with a simple anti-virus built into it. Apple and MSFT are both doing some of the worrying for you – good for them both! – but MSFT still is more proactive and effective re. security. MSFT surpassed Apple for security years ago, and I’m not sure Apple will ever catch up, now.

Guys: don’t confuse obscurity (small market share) with security! They are two different things.

Also, don’t confuse a unix base with “superior security”. Complacent people could get badly hurt.

Michael Linehan

Please edit this sentence…
“You find a site advertising a free Snow Leopard upgrade, download a disk image file (.DMG), and it unleashes its trojan payload.”

To read
“You find a site advertising a free Snow Leopard upgrade, act like a complete moron, download a disk image file (.DMG), again act like a complete moron by inputing your password, and it unleashes its trojan payload.”

Astrochimp

Microsoft Vista users – and Windows 7 – are completely safe from this kind of stuff, assuming they heed the warnings that the OS puts up telling you who, if anybody, digitally signed the EXE you’re about to give admin privileges. This cannot be spoofed.

Apple Inc. would be doing the best thing for its users if it copied MSFT here – oh, but wait, it can’t, because that would be an obvious way of copying MSFT and Apple would look less “innovative.”

Apple Inc. is crapping on you people – did you notice?

Go with Windows 7. It’s safer, even given much larger market share.

Adub1979

Signed EXE’s are not the solution to slow down the average computer user from installing malware or other software. I would equate these safety measure to putting a stop sign out on a dirt road in a county with a population of 2. The drivers would just blow right by the sign on a day to day basis. There are no good OS level solution for users applying software to their computers, independent of the MS and Apple OS’s. The only solution is the antivirus route, which admittedly, apple users don’t contend with as much (for a variety of reasons, user size, Unix under body), which may lead to this false security idea with installing software.

My thinking comes from the idea that when I start a new windows machine first thing that goes on is firewall and virus protection, where as with the Mac, I start setting my preferences for user experience without concern about firewall or virus.

Tom

OS X also has signed executables, warning dialogs, and a battle tested user separation layer that helps to prevent these issues as well. They all do no good if the user gleefully clicks through them all, or in this case, downloads an OS image with the malware baked in.

Victor

Let’s think about this. A snow leopard dvd is 8 gigs… the likelyhood that the dmg you speak of is 8 gigs is nil. It’s probably like 4 megs. Anybody that thinks a complete operating system can be stored on a 4 megabyte disc image file is a moron.

SHRIKEE

Anyone who is careless enough to get these kind of viruses and trojans deserves them, i say.

Just watch out what you do and think logically about what’s what on sites that offer free software.

Orm

Funny thing is that any computer can get malware, regardless of the OS.

Anyone with a brain stem and a mind that they control can figure that one out. Alas, so many mac users are blind to this.

Astrochimp

@Orm:
Exactly! This is why what Apple does in order to sell computers is so evil: it makes Mac users complacent, and so puts them at risk of losing their personal information.

Even worse, the days of things like the “I Love You” worm are long, long gone. These days, you could lose your personal information and not be aware of it. This is probably happening to many security-complacent Mac users today, and they don’t know it and think that it can’t happen to them.

This is just one reason to go with Microsoft: The folks in Redmond are (these days) very proactive, honest and open about security, and they don’t control the media the way Apple seems to.

I suspect that if many Mac users were afflicted, and they didn’t know, but Apple did figure it out, Apple wouldn’t tell anybody. They sell more computers that way.

Comments are closed.