General discussion

Locked

osx trojan

By Jaqui ·
--Trojan for Mac OS X Released
(16 February 2006)
A link to proof-of-concept malicious code for Mac OS X has appeared on
the Internet. The Trojan pretends to be screenshots of OS X "Leopard"
10.5. While it tries to send itself out to other machines through the
iChat instant messaging system, it does not harm the system it has
infected.
http://www.securityfocus.com/brief/142

update:

it has now appeared in the wild.

so, the os with the fewest number of users has a new virus.
yet this virus doesn't affect the bsd operating systems that osx is based on.
hmm.. seems apple created an exploitable os when they propritarised a bsd os into osx.

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Thought

by BFilmFan In reply to osx trojan

Apple is now joining the Axis of Evil software....

Collapse -

I've found the vulnerability

by mjwx In reply to osx trojan

It's the user.

1. the user must download the file
2. the user must decompress the file
3. the user must run the file
4. the user must give the admin password

none of my mac users would give any of this a second thought to doing this and they know the root password (ok thats my fault I know, I just got sick of their whinging every time I went to enter it in).

They are certain that there system on it own is invulnerable. Seeing as their sense of invulnerability can?t protect them how do I teach a mac user to be watch out for viruses. I should just change the root password.

P.S. our virus scanner (eTrust antivirus) doesn?t run under OSX 10.4.

Collapse -

Why....

by brichpmr In reply to I've found the vulnerabil ...

would ANY of your users need to know the ROOT pw or have any reason to go into NetInfo Manager and enable ROOT? The Mac is not immune, but OSX users running as Admin are NOT in a continual authenticated state. It's trivial to have your users run as Standard User with controlled access to an Admin pw if you determine that they need it.

Collapse -

Have you ever tried doing tech support for a graphic designer

by mjwx In reply to Why....

Giving them the root pw was more of a measure to shut them up. They complain constantly about having to be on a domain. I don?t have time to enter the admin password every time they need to change a setting or install software. Above that they complain to my boss every time and its not as if my boss doesn?t understand the need for security but its just became a major pain in the *** that they whine about "this didn?t happen when we were at <insert old company here>".

Lack of a continual or persistent authentication is one of the biggest problems I have with a Mac. I?ve said this before but I?ll say it again, I spend more time giving basic functionality to a Mac than repairing windows boxes. I have 30 - 40 windows boxes in use at one time and 2 - 3 Mac?s in use at one time

Collapse -

Basic Functionality...

by brichpmr In reply to Have you ever tried doing ...

for OSX is superior out of the box. Make your employees Standard Users. If they have to take 10 seconds to enter an Admin password occasionally, that's called prudent security. There's no reason to give any employee the root user password....that's simply poor security management. That would be like letting all of your XP users run as Administrator...not necessary.

Collapse -

Out of the box

by mjwx In reply to Basic Functionality...

OS X does not work on any windows domain let alone a win 2003 SBS domain. Mac's cant communitcate using SMB/CIFS until SMB signing is deactivated (this makes the entire network more vulnerable to man in the middle attacks). Mac's do not play well with any other OS making it usless in a corperate enviroment, thats why it has never (and probably will never) been adapted by mainstream society or business (4% of the market).

If OS X would behave in a domain I would be able to control it with group policy, Just like an XP box.

Mac OS X superior out of the box? debatable, Superior to XP in use? most definitely not. To further prove my point, here is a problem I am currently having with a mac (I know it's with office but I've never had this problem in windows).

http://tinyurl.com/pspuk

Collapse -

Not work on a Win SBS 2003 domain!? What!?

by mkleinpaste In reply to Out of the box

I use my Mac to support our Windows network beautifully and with no headaches at all.

Much to everyone's astonishment here, I have no problem with SBS 2003 (which we run), SMB connections or any other functionality over our network. In fact OS X just works more reliably than the Windows laptops and desktops I support. It's not OS X that doesn't work well with other OS's it's Windows that takes that stance.

For instance, take the iPod and it's hard drive mode. When originally connected to a Mac, it get's formatted in HFS+, which is more superior to the Fat32 formatting (can we say Windows 95?) windows applies to USB connected drives. An iPod that is originally connected to a Windows machine (and thus formatted to Fat32) can be read by the Mac. Conversly, Windows specifically does NOT read HFS+. HFS is not a "new standard" either, so there's no reason to not include except to hobble it's ability to communicate with other OSs.

As far as the Trojan goes, no OS is invulnerable to viruses. Any *nix based box is inherently more secure due to it's compartmentalized security which you have to remember OS X is founded on. No virus scanner in the world can completely protect users from their own stupidity, which this latest Trojan relies on. With Windows this would be a serious threat, because of it's complete integration at the application/OS level. You don't have to be admin to install a virus in Windows, you DO have to be admin to install it in OS X.

Here's a nice objective investigation into the differences. http://www.xvsxp.com/

Collapse -

If You...

by brichpmr In reply to Out of the box

are having AD issues with your network, go to: www.centrify.com and check out their third party helper solution.

Collapse -

Very True

by rkuhn In reply to I've found the vulnerabil ...

Given 1-4, wouldn't you say this is as much media hype as it is a real threat?

For that matter, 1-3 usually apply to the Windows world as well.

Collapse -

Yep...

by brichpmr In reply to Very True

In OSX, a major benefit of running as Standard User is to restrict a user to Read Only to the Applications folder, preventing changes without admin authentication. It's also very trivial to add a folder action to alert the user if anything new attempts to write to the \Library\InputManagers folder.

Back to Desktop Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums