Silicon Valley Sleuth, an insider's view from Silicon Valley
 A blog from vnunet.com

May 2008
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31


Other blogs
PCW Inter@ctive
Your views, your comments, your say

Security Watchdog
Sniffing out IT security
issues

The test bed
The hottest products, news and gossip from PCW's
Labs.

IT Sneak
IT Sneak Blog rummages in the dustbin of IT events.

Backbytes
An irreverent and offbeat look at the lighter side of technology

InterActive Home
Your complete guide to home entertainment technology

Taking Stock
Gags and Gossip from Accountancy Age.

Gizmodo
The gadgets weblog.



« Symantec's harsh warning | Main | Digg – dugg - dugg »

A OS X myth is shattered to pieces

Mac users have proven that they are just as easy to fool as Windows users and other mortal human being.

Earlier this week a malware author posted the OSX/Leap.A worm on the MacRumors website, pretending to offer screenshots of the forthcoming OS X 10.5 Leopard operating system. Opening the file only resulted in users getting infected with a worm that would work its way to the iChat instant messaging application and send a file called "latestpics.tgz" to the user's buddies.

Behold: the first OS X worm.

The worm is clever enough to spread itself in a way that ensures a high infection rate. Mass email worms after all are less likely to infect OS X systems since most emails will end up on Windows machines.

The Mac faithful meanwhile are battling the facts with misinformation. It isn't a Worm but a Trojan, some argue. It requires non-adminstrator users to enter a password, others asses.

The first is pure fiction. The difference between a worm and a Trojan is self-propagation. In this case via iChat. Sure enough it is relying heavily on social engineering. But that's the case with most worms these days.

The second could be a valid point. Except that most users on a Mac are the  administrator. There will be exceptions of course, when several people share a computer and have taken the effort of setting up separate user accounts.

While most users willl simply ignore the prompt, a small percentage is bound to fall for this trick - just like a small percentage (15-20 per every million in fact) typically falls for phishing emails.

The worm underscores what security experts have been saying for years, and that the Mac cool-aid addicts have been dismissing as evil propaganda: there is nothing about the OS X software that makes it immune to worm and virus attacks.

Now can we stop the debating and start working on a real solution?

Tags: Apple, OS X, worm, OSX/Leap.A, security, RSA 2006, RSA conference

February 16, 2006 at 05:31 PM | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451b07469e200d83477d14d53ef

Listed below are links to weblogs that reference A OS X myth is shattered to pieces:

Comments

You come very close to nail on the head here. But I think you are approaching the administrator issue the wrong way.

It is not necessary to run with administrator privileges. Smart Mac users don't. It's not exactly a huge headache either.

Yes, some people disable the security made available to them in OS-X, and as a result were infected w/out being prompted in any way. However, there is little that Apple, or any other OS vendor, can do about that.

There's no patch for stupid.

Posted-by: Mark | 16 Feb 2006 21:36:09

For those who are keeping score:

Windows: 20000
Mac OS X: 1

Yep, you win! Happy now.

Posted-by: eigil Hansen | 16 Feb 2006 21:37:49

@eigil Hansen:

Isn't that about the ratio between Windows and Mac OS X users?

Posted-by: John Bokma | 16 Feb 2006 22:05:42

You equate that the administrator need to authorize the install as similar to a phishing email. It is in that way that OS X is more secure than MS Windows. Email viruses routinely propagate the Windows world on a simple download. This virus needs to be downloaded, then opened, then the user must decide to enter the admin password to install.

If nothing else, this extra layer of security will drastically slow the propagation of this worm. Isn't that the essence of security. No OS is 100% secure. But, at least OSX makes it hard to spread a virus. A lot of Windows users wish Microsoft would do the same....

Posted-by: Steve | 16 Feb 2006 22:10:53

My friend, that chip on your shoulder is looking mighty ridiculous (what's with the title of this piece, and setting up straw men, and crying disinformation?)!

Truth is, you are hitching your cart to a pretty pathetic little horse. To propagate this thing, a user has to click on what they are supposed to think is a JPEG picture. Instead of a picture opening up, a window pops up notifying that this program requires that you be logged in with administrator privileges. You have to enter an administrator password. Then, it sends itself to other people listed in my iChat contacts. (Oh wait -- I don't use iChat.) Oh wait -- the people who going to be infected have to be logged in to iChat, too, and have click on a button to accept the download of an unknown file, and then have to go through all of the above again.

Of course, actual, viable viruses may someday be written for OS X. Your glee at this discovery of this miserable excuse for a "virus" is downright embarrassing.

Yours sincerely,
Tim

Posted-by: Tim Yu | 16 Feb 2006 22:30:39


"Now can we stop the debating and start working on a real solution?"

LOL! I've never seen a story started by a Troll. Congratulations on that.

There is no real solution, because there is no real problem. A malicious App can be written for ANY operating system. So what? This proves nothing, shatters no myths, and more importantly doesnt indicate any problem whatsoever with OSX.

If you download a picture, and it asks you for an administrator's password to view it, then YOU comprimised your security - not the OS.

There is no problem here, except a bunch of chicken-little trolls who had nothing better to write about today.

As of 18:09PM Eastern 2/16/2006 Mac OSX still has ZERO viruses that affect it.

Try again....

Posted-by: Anon E. Mouse | 16 Feb 2006 23:09:58

"There is no real solution, because there is no real problem. A malicious App can be written for ANY operating system. So what? This proves nothing, shatters no myths, and more importantly doesnt indicate any problem whatsoever with OSX."

That's about the size of it. You can't make an OS impervious to malware that's run by a user with administrative privileges.

There are no security flaws being exploited here. Just user flaws.

Posted-by: PaulR | 16 Feb 2006 23:29:19

The impishness of this report aside fo the moment, exactly what myth is it that's ostensibly being shattered with the appearance of this trojan?

There certainly wasn't any pervasive expectation amongst Mac users that such a thing couldn't be crafted, simply that it hadn't to date, and an assertion that the reason for this was in part due to a better permissions and security model - one that Microsoft itself is finally adopting with the forthcoming Vista. As an IT professional, that's joy to me as it means that my Windows users will enjoy the uptime and productivity that my Mac users do now, and I can get on with my projects.

The only myth I can think of is the one I've read propogated throughout the Windows-centric press that Mac users are irrational, brain-washed zealots who will jump at Jobs' every word and think that Macs are infalable. Never met a one. In point of fact, every Mac-centric media discussion of malware, etc. has been careful to make and re-make the point that any general system is potentially vulnerable and that an OS X virus was just a matter of time.

So again - what myth have YOU been holding on to?

Also - in response to your charaterization of Andrew Welch's dissection of the trojan in question - that's called 'reporting'. Misinformation occurs when someone spins the facts surrounding an event in order to promote their own viewpoint. But of course, you are already personally aquainted with that practice.

Posted-by: M Burt | 16 Feb 2006 23:38:11

Two points, one for this article and one against.

First for. The trojan in question apparently only asks for a password if you are running a non-admin account. While everyone should be running a non-admin account, I suspect that most Mac OS X users will be running admin simply because it is easier. BTW, for those who think that an admin account is root, it isn't and you don't need root for this trojan to work.

Second against. The glee over this news is misplaced. OS X has not been shown to have a security flaw though we know that they must exist and have certainly existed in the past. This is a social engineering exploit only. If users where fooled into clicking on a file that has a JPEG icon then they may have gotten bitten. While there is little Apple can do to fix this there is little doubt that that the search for a solution will start in earnest now.

Posted-by: James Bailey | 16 Feb 2006 23:39:14

Whatever it is, it's hardly a software exploit specific to OS X. The only people who promote the so-called "myth" are those who are creating strawmen arguments. No OS is inpenetrable. And, any OS is subject to user-activated virii. Nothing special or unique there. What's the fuss, this could have been written back when v10.0.1 was released.

Posted-by: KenC | 17 Feb 2006 00:15:38

i agree with all the comments here (except the one claiming the ratio of windows to mac users is 20000 to 1, its more like 20 to 1)

a very lame article indeed.

Posted-by: Daniel | 17 Feb 2006 00:46:46

Clearly this person should use a mac before gabbing on about something he clearly knows nothing about.

First of all, how many casual computer users are on IM? Never mind that even if you double click on it AND clearly asked for a PASSWORD, all it does is fizzle out.

This would be calling an email from Nigeria a virii. I know all you know are Pc users and none too bright but this is clearly another virii writen by a PC user who had a $20 dolar gift card at Kinko's ... of course on the PC, this would infect 300,000 users and shut down SV Sleuth.

Posted-by: jbelkin | 17 Feb 2006 02:01:08

Sure, of course the anonymous idiot "Silicon Valley Sleuth" was bound to make a big deal of this. Asshole.

Posted-by: germ | 17 Feb 2006 06:37:17

Oh boy, I feel so old. Never in my dreams I expected one day being Window$ advocate or Bill Gate$ fanboy would be the default and so widely considered as a cool thing.

Posted-by: g | 17 Feb 2006 12:17:34

Go here to see how to ameliorate malware attempts with Macs:

http://www.macgeekery.com/tips/security/basic_mac_os_x_security

Posted-by: Robert Pritchett | 17 Feb 2006 12:57:29

Somebody said:
Truth is, you are hitching your cart to a pretty pathetic little horse. To propagate this thing, a user has to click on what they are supposed to think is a JPEG picture... a window pops up notifying that this program requires that you be logged in with administrator privileges. You have to enter an administrator password. Then, it sends itself to other people listed in my iChat contacts.

My reply:
Err... What's your point? Are you saying that this doesn't constitute a legitimate virus or malware? You have just described 95% of active viruses & malware.

As for protecting yourself by NOT running in admin mode... Err, Mac users, hate to tell you, but Windows users have this same protection, at least since Win2000 (probably since NT). For my especially click-happy clients I make their user account NON-ADMIN. Sometimes certain types of software won't run unless you have ADMIN PRIVILEDGES but there is a simple workaround in Windows (and Mac) for this, you just utilize a shortcut that employs a run-as-different-credentials scheme.

---

At the end of the day, it is just as easy to right malware for Mac as it is for Windows (the virus writer just needs a Mac to experiment on). The only reason you don't see as many is simply do to numbers. Less people use Macs, viruses and malware require high usability to gain the type of mass-infection that would garner attention. Windows targetted infections spread because everyone uses windows and most people still don't employ common sense security measures that have been part of Windows since NT, and made user-friendly and accessible to all since Win2000.

No network connected system will ever be infalliable, no encryption will ever be trully unbreakable.

As for usability, the current marketshare, based on INTERNET USAGE for october 2007:

Windows XP 79.07%
Windows Vista 7.91%
MacIntel 3.41%
Windows 2000 3.16%
Mac OS 3.14%
Windows 98 0.82%
Linux 0.81%
Windows NT 0.61%


http://marketshare.hitslink.com/report.aspx?qprid=2&qptimeframe=M&qpsp=105

Note - macOS has stayed stagnant for months while Vista has been rising (For all the hype, Mac's market penetration is rather meagre)

Posted-by: Ben A. Hilleli | 8 Nov 2007 17:07:49

Post a comment






 

Useful links: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503