It doesn't matter what system it is...
...if you execute a program as root / admin / whatever, you're screwed. It's why I prefer personal firewalls with a reporting / logging function to anti-virus.
Less than a week after researchers spotted new malware targeting naive Mac users, two additional titles have been spotted. Security mavens at Mac anti-virus provider Intego say Trojan-horse software dubbed OSX.Trojan.iServices.B hitches a ride on pirated copies of Adobe Photoshop CS4 for Mac that are being distributed in warez …
just to kick off the arguments :)
99% of attacks exploit the users gullibility/idiocy rather than actually attacking the operating system's security. it doesn't matter if you're using windows, linux, osx, whatever, if you actually intend to install and run iamavirus.exe that you've been mailed, you will, no matter what credentials it asks for while installing.
so far linux is generally only used by techies who don't install any old crap they are sent so it's relatively immune until it spreads widely and all the numpties adopt it. OSx has a couple of exploits kicking around, but while it has a minority market share, targeting windows will always be more fun/profitable for the script kiddies.
I don't think anyone has claimed that it's harder to write Mac Trojans than Windows one. The claim is that it's harder to write Mac viruses. Trojans require the user to install them manually. Viruses can copy themselves to other computers without the knowledge or permission of the user. In both of these recent cases of Mac trojans, the user might not have known they were installing malware, but they did download them from warez sites, and then manually ran the installers.
....deserve to be picked.
If you can't be bothered learning a legitimate open source option (which abound on Macs) and you don't want to pay for commercial software, well, then, I guess you're nailed.
I'm no Mac hater either; I have been using them since before the days of Scores, nVIR and WDEF..........
Maybe this will shut up 'holier-then-thou' mac users. I use both, but I'm sick of those idiots popping up everytime anywhere mentions anything going wrong with a Windows machine. A good proportion of Linux users are the same. It's time people realised that OSX is no better than any other OS and with the attention it's now getting, the proof is coming. And the fact that it happens to dirty, theiving pirates is just gravy. There's no need to steal Photoshop when GIMP is out there. There's no need to steal iWork when Open Office is out there. Professionals need the top end stuff. Professionals can afford it. This is thieving gits downloading software they don't need and can't afford therefor shouldn't have. Ironic that malware developers are providing poetic justice.
Now, is this jacket flame retardant...
So glad my Windows machines won't be affected by this emerging threat. Expect this to be the beginning of the mactard onslot by the purveyors of malware.
Anonymous because the Mactard extremist and fanticists, who live in their own wee sheltered and rose tinted spectacle world, hate everyone outside of it... particularly "Windows lusers"!
Let the flames begin!
Admittedly every time I have been seriously infected with a trojan was via dodgy warez (hence the AC). Its very much a case of caveat emptor (um, though of course without the buying bit) with these things and the increasing popularity of macs means a less tech savvy section of the population are increasingly owning them and taking their share of ripped software. The golden age of Mac security appears to be at an end, and about time.
seems to always be the only A/V outfit that publicizes the recent trojans. Perhaps because they give it a risk rating of 'serious', while Symantec, McAfee, Trend Micro, and Sophos rate it at 'low'. I wouldn't go so far as to say that Intego is distributing or writing them, but they're definitely trying to scare people into buying their products.
This was always a poor defence and the on often clung to by mactards. In more recent times they've clung to the illusion that somehow it was simply invulnerable to virii - probably an even more naïve attitude. Both of these forget the average skills of a user. Mactards following these lines instill overconfidence in none techie users who then do daft things like download and execute Trojans, often without realizing they've done so. The very fact mac Trojans are on the rise means that the misplaced smug attitude needs to be replaced with one of awareness and consideration. Apple need to lead the charge by recommending AV protection now, before a really difficult problem arises.
Welcome Apple to the real world.
I think my mac is pretty safe:
Router firewall, OS X Firewall, Virus Barrer x5, Little Snitch, Firefox with No Script.
But more importantly I do not download stolen software, use torrents or other illegal file sharing network.
And do not enter your admin password without thinking you MORONS.
Anyone who got this trojan deserved it.
So let's get this right.
Some clowns have downloaded several gig of data. They're not entirely sure what it is but it claims to be Photoshop. Then they run a little program that came with it to get a key.
Now, everyone who has half a brain and who deals with warez on their mac will have better ways of getting a key than trusting to some stupid proggy they've downloaded off the net.
That doesn't eliminate the problem that the actual program which has been downloaded could also be a trojan with several gig of bloating to make it look real...
I demand my browser hijacks, viruses and endless, endless bloody "[INSERT SOFTWARE TITLE HERE] wants your attention! DIDN'T YOU HEAR ME? TALK TO ME NOW, SCUM!" notifications interrupting me while I'm working.
(Guess which of the above actually made me stop using Windows. Hint: it wasn't the malware.)
Well, if it's just another trojan that relies on gullible users to execute it, then i'm sure it won't have a massive....
What? It's targetted at mac users?
those turtle-neck cuppercino drinking types that fancy themselves as a bit 'arty'?
As in, the computing platform designed for those without opposable thumbs?
(the singular mouse-as-a-button designs are clearly to minimise the effect of webbed digits)
Why have the words barrel, fish and shooting sprung to mind?
"Feed the trolls, 'tuppence, an bag..."
Mine's the one with the 15 button 4D Wacom mouse in the pocket
The point about trojans is most mactards are much less technically informed than windows users (they have no choice) They buy much more expensive machines and make great targets.
I work in IT support and the ONLY infections i've seen on customers machines for the past 3 years have been trojans/bribeware/spyware that the user has installed by accident.
Obviously this doesn't happen to Register readers but the general public are even emailing and recommending these trojans to their friends.
A really smart Trojan writer would add a defrag and reg clean to their backdoor so the user actually likes having a virus "it made my machine so fast"
>> I bet the sale of Mac anti-virus products starts creeping up.
Surely you mean, I bet the number of people pirating Mac anti-virus products starts creeping up.
>> I work in IT support and the ONLY infections i've seen on customers machines for the past 3 years have been trojans/bribeware/spyware that the user has installed by accident. (Dave Simpson, never, never, never)
What makes you so sure that these trojans/bribeware/spyware were installed by the user? I can't believe that you haven't seen the likes Antivirus XP (which can drive by install from a legit (but compromised) website) - admittedly if you have never witnessed it install itself, you could be forgiven for believing that the user chose to install it.
I'm afraid I'd have to agree with David Simpson there (title: never never never) .
AV software may not be perfect, but after working with Sophos Enterprise on 3 different networks (and later Symantec enterprise - not my choice!), the only viral infections I have seen even get close to a foothold have always been from user instigated actions.
The blaster/sasser worm never got through our firewall, and even if it had, the student machines were locked down tight as a drum. I tried deliberately infecting an unpatched machine, and all that happened was the exe crashed as it attempted to access a disabled resource.
The teachers and admin staff had elevated privileges (never full local admin), but still the only infections were all those bloody browser toolbars which I promptly evicted from their machines using a software restriction policy. (if you're unfamiliar with this group policy element, have play, it's an incredibly powerful security tool)
The only evidence I saw of the internet nasties was the various "Quarantined" reports that used to occasionally crop up, and required no intervention from myself.
The only worm that did propogate through our network, AND cause problems was the [MULTIPLE EXPLETIVES DELETED] Windows Desktop Search!
That was thanks to my assistant getting lazy, and setting auto approval for all critical WSUS updates.
XP is pretty darn secure if managed correctly. We're seeing an ever greater shift from security exploits to social engineering because of this.
Windows machines used to ship sans AV software, to ill-informed customers nigh on 10yr ago. Unfortunately, this is precisely where the mac community is right now.
Once a REAL virus shows up, id est, self replicating then there might be something to worry about. My Windows machines (Windows for Profesionals on up to todays Vista) have never gotten any infection or trojan, EVER, so I don't expect I'll have to worry one bit about my Macs.
Where I do see this as being a problem though is that with the main OS's out there you're not likely to know you have a trojan since machines are so stable anymore.
Now, it would be nice if the basic firewall currently on Leopard was more configurable and it would alert you if a service that isn't Apple verified has started. That would be a nice start. But seriously though, I worry about getting compromised on my computers about as much as I worry about getting in a fatal accident in my car.
Does it cross my mind, yes. but I don't write articles about 'Oh NO, you might get in a fatal crash going to work, STAY HOME FOR THE LOVE OF GHOD'!
Nope, I don't : )
"The golden age of Mac security appears to be at an end, and about time." I just love seeing all this Apple hate (no doubt sponsored by the Microsoft - pay for stories group).
MDN sponsors a web page that lists links to all kinds of Apple and MS stories. No firewall or virusware for the last 2-3 years... And no virus problems. Of course there are currently NO viruses in the wild for Apple but why let a small thing like reality stop a writer, writing for anti-virus companies, write a great scare article.
If you really want background, try roughlydrafted.com for good articles with meat. If you like scary fat floating on top, I hear there are many good sites around. :-)
Just a thought.
en
PS I use both PC and Apple. However, lately, I keep the PC off the internet. Its way to dangerous out there for such an exposed machine.