back to article Mac spyware infiltrates popular download sites

A spyware application that surreptitiously scans chat logs and hard drives of unsuspecting Mac users has found its way onto three of the more popular download sites, security researchers said Tuesday. Dubbed OSX/OpinionSpy, the spyware is distributed through software available on sites including Softpedia, MacUpdate, and …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Linux

    Right

    So now all fanbois can finally shut up about how wonderfully secure they're platform is, right?

    Lol. Of course they won't. They're Appletards and don't have a function to shut up because Apple didn't think they'd need that ability so didn't provide it.

    1. Maliciously Crafted Packet

      Coincidence?

      Google dumps Windows for security reasons.

      Employees can only use Linux or Mac OS X.

      Later that day new OS X malware announced.

      Go figure.

    2. Dalvik
      Alert

      It is more secure

      I am an Apple user, and like any computer system we are all well aware there are security risks no matter how secure or stable you may feel your operating system is.

      The thing I always come back to is:

      Microsoft has been well aware of issues with their OS for many years, and in most cases they are still there today. They just don't seem to take security seriously.

      Apple takes feedback and actively improve the system and removing risks as they are found.

      Why would I load MS Windows just to be plagued with bugs that are 4+ years old, when I can load a MORE secure OS (MACOS X) today?

      1. MDR

        Apple takes security seriously

        ... so is that why the Safari "carpet bombing" flaw is unfixed?

    3. Anonymous Coward
      FAIL

      Social Engineering

      Typical Winfag not getting the facts right.

      This is a social engineering attack. The user must authorise the installation of the malware* by supplying it their password. If you granted software access to your Linux root password, do you expect the inherent security of that OS would protect you? No OS can guard against user stupidity.

      * the malware disguises itself as market research software, which you have to install if you want the stupid screensaver or whatever it was you downloaded from one of the compromised sites

      1. DryBones
        Stop

        Pot, meet Kettle

        This is actually how the majority of attacks work these days. Something you didn't want gets put in with something you did, both go in. Oh hey, the computer got pwned. Cooler heads have been saying for years that it's a case of which target will give a miscreant more bang for their buck. Once it becomes worth it, attacks on OSes other than Windows will pick up, and they will get through. Period. It's just a matter of finding the right packaging.

        Put down the Kool Aid, and step away from the keyboard.

      2. Doogs

        Re: Social Engineering

        So what you're saying is that Microsoft make stupid software, but Apple have stupid users?

      3. Anonymous Coward
        Troll

        Winfag?

        Winfag?

        Grow up. When exactly did it become acceptable again to use 'fag' and 'gay' as slurs? If you're over 14 years old you should be ashamed.

        1. chr0m4t1c
          Stop

          If my memory is correct

          The term "gay" started to enter the mainstream as an insult around about four years ago, although it has been in use on the street for some time prior to that.

          I can't see how one section of society who sequestered the word from its original meaning of happy or merry into meaning homosexual can complain when another section of society does the same thing to them.

          Living languages have a tendency to evolve meaning over time.

          I this case I think the original poster is using the term in an "enforced" situation rather than voluntary. Again, because one section of the community uses a word one way it doesn't mean that another section's use is any less valid.

          I'm reminded of a story that the late great Humphrey Littelton told about when he was being interviewed on American prime time TV:

          "I made the mistake of saying that I was Lord Carrington's fag when I was at Eton. Coast to coast on network television. Liberace was on the phone before I left the stage."

          In case you don't know, in this case "fag" is roughly the equivalent of "dogsbody" or "skivvy". In much of the UK "fag" is a slang word for cigarette.

          So, time to take a less blinkered view of the world.

          1. Anonymous Coward
            Stop

            Streetwise

            Lol, 'on the streets'. Ha, looking at your post history can I suggest you've never been near 'the streets'.

            In the case in point, 'fag' was not being used to describe a 'dogsbody, skivvy or cigarette'. Time to be a bit less pretentious, and don't ever let us catch you using the word 'sequestered' in a Reg comment ever again.

  2. Rob Beard
    Linux

    As a Linux loving 'freetard' I'd laugh...

    ...but I know all too well that it could hapen to folks on Linux too. I guess the usual advice should be heeded, make sure you have security updates installed and run a decent anti-virus package (last Anti-Virus package I looked at on the Mac was McAfee Anti-Virus, or was it called Virex? Ahh can't remember, it's been such a long time).

    Rob

    1. Macka

      Wrong focus

      The first thing to note is that this isn't a virus it's a Trojan; and you're right, any OS can get infected with one of these. The real story here is not that someone's written a nasty Trojan, but its method of delivery. If Intego are to be believed then Softpedia, MacUpdate, and VersionTracker are inserting malware into downloads of otherwise sane and safe software. So either they've been hacked, or they have become hives of scum and villainy who will sell your systems down the river for a silver penny or three from a dodgy sponsor. THAT is the real story. Not that Intego want you to think about that, they just want you to get frightened into buying their product.

      1. ElReg!comments!Pierre
        Troll

        Focus

        Title: «wrong focus»

        First line: «The first thing to note is that this isn't a virus it's a Trojan»

        Wow. Bang on.

  3. blackworx
    Jobs Halo

    Let the Reg-bashing commence

    Why oh why oh why must the Reg continue to publish these rabidly anti-Apple stories? Not a day has gone by recently without you lot laying into Apple for one reason or another.

    As for the so-called "substance" of this story... Everyone knows that Apple users are inherently more intelligent than the Microsoft users^H^H^H^H^H bottom-feeders and therefore malware is simply a non-issue. I ask you - screensavers?! Ha! What self-respecting Mac user is going to be downloading *spit* screensavers?

    Do your research better next time Reg before you start spouting that anti-Apple vitriol, at least get a quote from Apple's PR department for BALANCE. Sheesh. Just cos you don't get invited to their parties doesn't mean you're allowed to go around spreading LIES.

    I hereby cancel my subscription.

    Yours disgustedly etc. etc.

    1. Nightkiller

      Please.

      The last place I would expect a BALANCED response if from the manufacturers' PR Department. Counterbalancing your rant about ElReg's bias cannot be countered with a rant from Apple.

      Your statement reeks of naivete or simple kneejerk defensiveness.

      1. Red Bren
        Happy

        @Nightkiller

        Psst, I don't think Blackworx is really an apple fanboi...

        Posted from my (currently uncompromised) macbook.

        1. blackworx
          Happy

          Lol

          Seems I disproved my own point about wintards being less reactionary/having a better sense of humour.

    2. Anonymous Coward
      Anonymous Coward

      Why?

      Because you get amusing comments like yours, of course!

    3. Anonymous Coward
      Linux

      Screensavers?

      > screensavers?! Ha! What self-respecting Mac user is going to be downloading *spit*

      > screensavers?

      Oh, I don't know. The very same group who bought After Dark when it was first released?

      1. Mike Flugennock

        Big difference...

        ...between paying actual money to an actual reputable developer for a product guaranteed to be free of skeezeware, and clicking on a strange download link promising me a REELY K3WL SCREENSAVER!!!!111!!111!!!

    4. sandman
      Happy

      Nice

      Good use of sarcasm - sadly a bit subtle for some commentards.

    5. Mike Flugennock
      Thumb Up

      Seriously, man...

      ...I honestly only remember a bare handful of times in my entire online life -- going back to when I hung out on local BBSs in the late '80s -- when I _downloaded_ a screen saver for my Mac; it was always from a known local board, and usually my local MUG board. Almost everything else I had was cheap, simple, elegant stuff that I _bought_ from known, reputable outfits,

      I sure as hell wasn't logging onto strange ftp sites and willy-nilly downloading every goddamn' screensaver posted there. Even waaaaayyy back then, I had the common sense to look the hell out for that shit.

  4. Anonymous Coward
    Welcome

    Let me be the first to say

    I, for one, welcome our new Virii-writing Mac overlords, and welcome them to the Walled Garden that is Apple.

    Because there's no Viruses on a Mac....

    1. Danington the Third
      Flame

      Virii

      it's viruses. Virii might be an STD, it ceertainly sounds like one.

      1. ElReg!comments!Pierre
        Flame

        Viruses

        It's virus. Viruses might be a STD, it certainly etc... but a virus-writing overlord is an overlord who writes viruses. A cigarette smoker smokes cigarettes, a truck driver drives trucks, a document processing system processes documents, etc.

        I for one welcome our $FUNNY_HAHA_PUN overlords.

  5. Trevor_Pott Gold badge
    Unhappy

    Anti-malware for OSX

    It exists. For the love of $deity, USE IT. (I am getting so sick of cleaning Macs...)

    Welcome to the big time boys; after years of slogging in obscurity, Microsoft ****ed the pooch and gave Mac an opening. Because Jobs is no one's fool he took advantage of this and the end result is that as a platform, Mac is finally relevant. Relevancy bears a cost; and that cost is being a valid target.

    For systems administrators, it is now that the really hard work begins; convincing all those Mac users that their nice period of obscurity is over, and it’s time to start learning some basic desktop security principals just like all the Windows users have to.

    If I get one more worm-ridden Mac in from some user who smugly states “that’s impossible; Macs don’t get viruses” I think I might just compress into a microsingularity and evaporate.

    1. Barry Lane 1

      @Trevor Pott

      If you get one more worm-ridden Mac? Is that what you tell your customers, that their Macs are riddled with malware? Sounds like you should simply point them towards the Disk Utility or Disk Warrior.

      Some of us Mac types who don't like passing on any nasty surprises they receive from their PC drone colleagues, have been using anti-virus software for years. We are not smug, we are not naive and we do not buy computers that have to be tinkered with endlessly to make them work properly.

      That is all.

      1. Trevor_Pott Gold badge

        @Barry Lane 1

        I know Mac users who actually run anti-malware apps on their Macs...strangely these are also the kind of people who never get any malware. They are too alert to do things like download some trojan and execute it.

        Most people whom I see with Macs use them because they don't have the first clue about computers, but someone told them, (with chest thumping confidence) that Macs simply can't get viruses, so they would /never/ have to worry.

        This translates into smugness and then incredulity when faced with the actual evidence of it.

        Personally, I'd prefer to never have to deal with the things at all, but...friends and family, eh? Not seen that many infected copies of Windows 7 lately though. The excptiong being some nasty strain of fake AV software that i think is related to the crud I've been seeing pop up on these Macs recently. It looks like the same crap, and seems to defy virtually every defence you can toss at it.

        Also; Macs don’t get “riddled with Malware.” Windows systems get “riddled with Malware.” When a Windows system get a virus there is a flashpoint about 0.3 seconds later as it downloads a bunch of friends, and your system suddenly has somewhere ein the neighbourhood of a thousand infected files and at least 15 variants of different terrible viruses.

        When a Mac gets a virus it’s a VERY different story. Current Trojans present themselves as something delicious to their users. They then execute this for whatever reason, and it barks at them for privilege elevation. Wanting to execute whatever it is that is in the package, the user agrees…and seconds later this doohicky has functionally rooted the Mac. It then goes on to download something very singular; a fake antivirus or an IRCbot.

        I find more Macs infected with IRC command and control nodes than anything else. Yes; Mac infections tend to require user interaction. Drive by downloads do happen on Macs, but they are ****ing RARE.

        Macs are *NOT* immune to malware; and they are gaining market share at a fast enough rate that they are starting to become huge targets for the kind of Malware Trojan scams that Windows users are inured against. Mac users tend to think it can’t happen to them and most of them simply can’t conceive of it…until it hits them.

        Ask me this time last year how many infected Macs I had seen, and I would have said one, maybe two in my entire career. Now I am seeing one every other week. There was a ceremony held a month back when I added, for the first time, a suite of Mac anti-malware tools and install CDs to my CD binder for the first time.

        This is moving out of the shadows and into the mainstream now.

        I hope you guys are ready for it.

        1. Mike Flugennock
          Thumb Up

          Thanks a ton...!

          This is probably THE best reply on this thread so far. I've been using MacOS almost exclusively since 1985, and when I saw the first Mac exploit appear in the wild around 1988 or '89, I knew that I should keep a current set of anti-malware tools for that very-rare occasion that I'd actually need them and f'cripesake, _don't_do_stupid_shit_.

          (Anybody here remember that old Ren&Stimpy episode, the one with Stimpy and the "History Eraser Button"? It was so shiny, so red, so candy-like, that poor old Stimpy just couldn't resist.)

      2. Dan 55 Silver badge
        FAIL

        @Barry Lane 1

        Neither Disk Utility nor Disk Warrior are antivirus programs.

        If you take an absence of warnings from these two programs as proof that you're not passing on nasty surprises, then you might be mistaken.

        1. Barry Lane 1

          @Barry Lane 1

          Hi Dan 55.

          I know they're not antivirus apps, but I do know that my Intego VirusBarrier is. I was simply suggesting that most people's problem with Macs stems from no one telling them where their copy of the Disk Utility is stored.

          I always have my trusty Disk Warrior with me, too, as an additional guarantee (for want of a better word) of Mac loveliness.

    2. Mike Flugennock

      THANK you SO much, man...

      I've been a Mac fan since The Beginning, but since 1989ish, I've not been so foolish as to think that the whole "security through obscurity" thing was a smart way to go.

      Remember, fellow Mac freaks: LittleSnitch is your friend.

  6. Blain Hamon
    Boffin

    Random letters and numbers

    As of this posting, the malware is no longer listed on either Version Tracker or Softpedia, but is still on MacUpdate. What's more, apple.com/downloads itself has two 7art screensavers (I sent feedback to Apple pointing this out).

    This hasn't been the first Mac malware, but it may be the first in a long while to successfully be indirectly distributed by reputable names. What happens next will be very interesting, in terms of security on the Mac.

  7. J 3
    Pirate

    Why did it take so long?

    Well, probably it didn't really, who knows.

    But I don't buy this "small target" logic. Macs have been around forever and they are NOT, and have never been, in negligible numbers. Among some demographics Macs is nearly all that had been used for a couple of decades.

    For worms, it makes more sense that a small installed base is a problem. For trojan horse, not so much, I suspect. After all, you go looking for a Mac version of a program, right? The audience comes to you, not the other way around like in a worm. And of course trojan horses don't depend on the (in)security of the platform, since the user is actively (if inadvertently) installing it. That's why I don't understand why there aren't news of much more trojans for Mac.

    So yeah, even if it is a much smaller target than Windows running machines, it is still a lot of Mac machines. And belonging to people more likely wealthier than average -- given the cost of the Mac ecosystem in general compared with the stripped down cheap PCs most people buy.

    That's why I don't buy this excuse.

    1. DryBones
      Coffee/keyboard

      Re: Small Target

      Here, give this link a whirl.

      http://gs.statcounter.com/#os-ww-monthly-200905-201006-bar

      I'm estimating, but it appears that MacOS makes up around 6% of all operating systems in use. That's a little more than 1 in 20 computers is a Mac. Call all the others besides Windows including Mac... oh, 9% perhaps. I don't know about you, but I wouldn't write to reach 10% of the available market, if I want to make money. Hint 1: Criminals want to make a lot, fast and easy. Hint 2: Even if Mac folks are considered wealthier, the credit cards that are targeted generally have a lot more limit on them than the average Joe has disposeable income. Hint 3: Why expand to Mac when they're still working on getting market penetration on the Windows machines that make up the majority?

      Mobile things look a bit better...

      http://gs.statcounter.com/#mobile_os-ww-monthly-200905-201006-bar

      32% for the iPhoneOS, which doesn't multitask that well and has things compartmentalized, plus there's the advantage of centralized acquisition and removal to allow fast and global response to poisoned applications, thereby limiting infections to a matter of hours unless a way for the app to cripple the OS's app revocation/removal can be found. Thus popularity is offset by the short life of the exploit. Again, decreased motivation to put in the time to make it work.

  8. Anonymous Coward
    Unhappy

    What a day!

    At last we have our very own malware. I feel so proud that the platform has reached enough people to make it worthwhile for the scumbags to make it a viable target!

    Seriously though, when are Apple going to stop this cods-wallop that OSX is inherently secure? Mac users are brought up to believe that the platform is safe and they can go about their business in blissful ignorance of the nasties that lurk out there.

    I came from DOS, through Windows to Mac, I have had my share of nasties over the years and so I am very careful about what I run and how, but the biggest security threat will come from those brainwashed by Jobs' PR army to make them believe they cannot be harmed.

    It was a great platform once, but now as the popularity grows and we leave Jobs' Garden of Eden, it will only spur Jobs to turn the OSX platform into something locked down like the iPhone/iPad. We will have no control over what we can and cannot run without having first bought our apps from the online app store.

    It's coming, mark my words...

  9. Matthew 17

    it's in warez though

    If you download warez, hit the install button and enter your root password to install it then you are taking a gamble that the software hasn't been altered.

    Not really a security issue if the user deliberately bypasses it.

    1. Anonymous Coward
      Boffin

      Thing is

      This isn't warez. It's distributed on what's purported to be freeware that does something useful.

  10. ratfox
    Go

    Better jump to Linux, then

    It's going to be a while before anybody deems it interesting enough to hack...

    Then FreeBSD, then... BeOS?

    1. Anonymous Coward
      Anonymous Coward

      You're right

      Linux is not an interesting target for pirates. After all, it only runs, what, a mere 75% of the web-accessible servers on the planet? Most routers too. Definitely of no interest whatsoever.

  11. windywoo
    Troll

    But it's not a virus

    So Mac users must be safe. Because OSX is inherently safer than Windows, always.

  12. Anonymous Coward
    Linux

    How to get `infected' on a Mac

    The user accesses compromised sites, downloads and installs malware using the admin or root password.

  13. twunt

    Not Warez

    Matthew - unfortunately those are legitimate download sites.

    I expect the rogue downloads will be removed pretty soon though, if not already.

  14. Anonymous Coward
    Anonymous Coward

    How come...

    ...that Apple users are perceived as the wealthier end of the market (and have to be to afford Macs) and thus their bank accounts would be fatter, are there not a whole lot more accounts of Mac trojans stealing bank account details?

    And seeing as how so many musicians and artists also use Macs, how come there are not lots of stories of Macs being hacked and the contents copied?

  15. SlabMan

    Summary of the comments

    If history is any guide, the comments will follow this pattern:

    Ha-ha fanbois, the Mac is not secure.

    Ha-ha Mac-haters, yes it is.

    No it isn't.

    Yes it is.

    Etc...

  16. Franklin
    Alert

    Fascinating

    Outside of religion and politics, it's hard to imagine any subject that people get more emotionally upset about. You'd think that people's self-worth was staked out on the issue of what computer they use. It's weird, and more than a little sad.

    On the topic of Apple malware: Of course it exists. It has existed for a very long time. Both the Apple fanbois and the neurotic haterz are partly right; OS X is inherently more secure, and a harder malware target, than Windows, and it's also a less appetizing target in terms of sheer numbers.

    This malware, like other Mac malware, is exploiting the largest security hole in any operating system: the user's brain. As with other malware, it is ineffective and can not spread unless it is intentionally downloaded and intentionally installed with an administration password.

    That is not a reflection on the security of the operating system, or lack thereof; if I can persuade a person to intentionally download a bit of software and intentionally give that bit of software administration privileges, I will pwn the box no matter what it's running. Linux, Windows, Solaris, BSD, makes no difference. The neurotic haterz who clamor "See! See! See! This is proof that OS X is exactly as insecure as Windows! See! See! See!" are just flat-out wrong.

    And, yes, there are fewer OS X installs than Windows installs, so if a vulnerability appears in either OS X or Windows and would take roughly the same amount of effort to exploit on either platform, most malware writers who are in it for the money are going to go for the fatter target. This isn't rocket science, and the fanbois who say market share is totally irrelevant are as deluded as the neurotic haterz who claim there's no difference at all in the security profile of Windows and OS X.

  17. ArmanX
    Alert

    Re: How come...

    Simple; even if your Mac users are wealthy, I doubt they will be ten times wealthier than Windows users. Since there are roughly ten times more Windows users than Mac users, you'll get ten times as many suckers than with Mac, which means ten times the cash flow.

    Besides, it's not the amount of money in the bank that marks a target. Most malware either spreads spam or joins a zombie net, rather than stealing info. And those that do steal info probably won't empty your bank account, but rather hijack your identity and run up a bunch of credit cards...

  18. FARfetched
    Unhappy

    Hm…

    Interesting how it's one particular vendor of OSX anti-virus software that's behind these breathless announcements. A few more details would be nice, besides "INSTALL OUR PRODUCT BEFORE IT'S TOO LATE!!!!"

    Ah, a quick Google turns up some more practical information: http://osxdaily.com/2010/06/01/spyware-on-the-mac/

    With slightly more effort, I found a couple links to 7fart [sic] screensavers which claim, "You can also easily uninstall PremierOpinion later from Application/ PremierOpinion folder." Would I trust such a statement? Heh.

  19. Phil Rigby
    WTF?

    Just how many are there?

    Doesn't matter how easily a Mac can be owned. Compare the number of malware packages/virii on Windows to the amount on OS X. The ratio would be, ooh, maybe 500:1 or so in favor of Windows?

    Of course there's going to be nasty code around - but there's a damn sight less than with the popular OS of choice.

  20. Far Canals
    Happy

    Of course

    Everyone knows that apples get worms. It's worse when you only find half a worm though.

  21. Anonymous Coward
    Anonymous Coward

    Butz teh Apples no get teh virus

    I can has cheezburger now?

  22. ElReg!comments!Pierre
    Troll

    Article is wrong

    Macs are secure. Period.

    That's because MacOS implements UNIX security schemes, which are much better than anything else. That's why there has never been, and never will be, a virus for MacOS despite it being much more targeted, what with the huge creds that would come from being the first to compromise the Holy Grail of OSes? Also, think of it, wouldn't you rather pwn a stable, powerful Mac than an old load of toss which struggles to run wordpad? Bot herder think the same. Also, the MacOS malware uncovered from time to time don't count as they require user interaction most of the time so D'Oh, if you're just being stupid don't blame it on the machine (as opposed to the hundreds of million Windows malware which don't require any user interaction at all, ever).

    And I could go on...

    Icon just in case anyone missed the obvious.

    1. Skymonrie
      WTF?

      The obvious?

      That you are a lemming?

      Sure, BSD is more secure at its core but to my mind the majority of the BIG pieces of press regarding trojans, etc. are down to humans. What this article is getting at is quite simply that, the black hats have started taking notice of OSX as a platform.

      I write this from a Linux box and fear the stupidity of E-mail just like other people using Windows. The majority of attacks in reality come from social engineered interaction. What the net needs is less naive asses like you :p

      1. ElReg!comments!Pierre

        Icon

        «That you are a lemming?»

        I believe it's a troll icon, not a lemming icon.

        I was just summarizing some of the old fanboi bullshit. But hey, at least you noticed it was bullshit. :p

    2. Robert E A Harvey

      Lord, duke, earl - those are titles

      So no *nix system has ever been rootkitted then? Why did people write Tripwire then?

  23. Badwolf
    Pint

    Meh

    Does that mean I need to downgrade to Windoze to be safe now?

    1. ElReg!comments!Pierre

      it kinda does

      Yes

  24. James 63
    Linux

    Code repositories

    Surely the problem behind this one is people getting code from untrusted sources - you have to take at face value that an application found on a website does what they say it does, and it only does that. No matter what OS you're running, if that's where you have to get your software then you're opening yourselves up to a world of risk.

    At the risk of fanning the flames I'm guessing most linux users get their software from a repository only, so they don't need to go off and download and run random bin/deb/... files from www.warez.com.

  25. Raife Edwards
    Boffin

    It's ->NOT<- a "...virus"... people.

    You know... I don't like "fanbois"... And, I don't actually use "Macs", but once again, this... event... is not a "virus". It is a "Trojan" (a bogus program, that is fully authorized, and specifically installed, by an authorized administrator/user). And, no "OS" is (or, can be) immune from that type of "exploit". And, the fact is that, "Windows" actually has even more vectors for, even, that type of malware-attack.

    However, frankly, the "Mac-OS" (along with other OSes based upon "UNIX") -are- inherently, far, more secure than any network-aware version of "MS-Windows", ever produced (including; "Vista/Windows-7"). That is simply a well-proven (and scientifically-demonstrated) technological-fact. So, I'd say that, the constant (and clearly desperate) attempts to drag the "security" qualities of non-MS OSes down to the utterly disastrous, true, level of "Windows security/insecurity"... is sad at best... ignorant, or just downright deceptive, at worst.

    1. This post has been deleted by its author

  26. Anonymous Coward
    FAIL

    Anti-virus virus

    So, a report published by an anti-virus software company warning us about viruses is to be taken seriously?

    Come on!

    Anti-virus companies are the IT equivalent of mafia gangs.... "You need some protection, or else..."

    Please stop insulting your Mac-using readers.

  27. PC1512
    Dead Vulture

    Yawn

    So once again, it's not a virus, or a worm, but a trojan. In other words, the one form of malware that could infect ANY system, as it relies on user error in order to circumvent any and every check and balance that could possibly be built into the OS.

    In order to infect a Mac it requires an admin to enter their password (and not as some are inferring to steal that password, which it cannot do, but simply because OS X will identify it as potentially harmful and prevent it from installing until that password is entered). Heavy duty installation for a simple screensaver. I'm almost tempted to download and attempt to install one of these just to see exactly what warnings are given - I suspect they're ample.

    The wintards leaping on this as proof of some form of vulnerability in Macs should ask themselves - what flaw needs patching? What security update is needed? What should Apple "fix" here? The truth is, there's nothing to fix in the system, since this "issue" is completely user-related. Unless you lockdown the computer entirely and "whitelist" apps, as per the iPhone and iPad, there's no defence against a *user* of any machine choosing to install a Trojan.

    1. ElReg!comments!Pierre

      Once again a fanboi is wrong

      This situation is the reason why lesser «wintards», as you call them, are told to check their stuff against a list of known malware. That can't hurt penguin lovers of sub-guru ranks, either. The program that does the checking is often referred to as an «anti-virus»*. Yeah, the name can be a bit misleading to the fanboi crowd, too used to chant "it's not a virus. It's not a virus" in a slow monotone manner while bowing before His Mighty Jobsiness.

      Also, since you ask «what flaw needs patching?», letting a screensaver access the net to download a malicious payload is a pretty obvious, and easily avoidable, flaw. Only software that absolutely needs network access (i.e. web browser, ftp client, ...) should access the network. Otherwise, at the very least the user should be asked. Coincidentally, most «anti-virus» software let you configure alerts like «software x is trying to access the network, should we let it do that?». Now there might be a way to get OSX to do that, but if so why doesn't it do so by default? The second flaw is letting said screensaver _run_ the downloaded malware.

      Thank you for your attention, you can now get back to being an ignorant smug dick.

      *Note that anti-malware programs should not be considered an absolute protection either. It's only preventing lusers from doing the most blatantly stupid things. Such as installing widely known malware.

      1. PC1512
        Coffee/keyboard

        Oh dear

        So it's ok to give a screensaver admin priviledges on your system, despite warnings from the system itself, as long as you've got antivirus to protect you right?

        As long as the antivirus says it's ok, you'll just go ahead and run it. Yeah, that's security. Because antivirus is never wrong, and antivirus always knows how to recognise the latest malware before you install it, doesn't it.

        Yup, must be a sweet deal running Windows. I guess that's why so few windows machines have malware installed, and Macs are so notoriously riddled with it.

        One thing though - Mac OS X would not allow a screensaver to download anything by default (and I don't think that's what the report is suggesting happens either) - if it is, then that's just one more permission that the user has to expressly grant before this oh-so-dangerous attack gets to have it's wicked way with us defenceless fanbois.

        1. ElReg!comments!Pierre
          FAIL

          Secure computing for dummies (or Fanbuoys)

          «So it's ok to give a screensaver admin priviledges on your system, despite warnings from the system itself, as long as you've got antivirus to protect you right?»

          Read the post you're answering to before writing stupid things.

          «One thing though - Mac OS X would not allow a screensaver to download anything by default (and I don't think that's what the report is suggesting happens either»

          I don't make the news but that's the way this particular malware has been reported to work, yes. Read newsreports before writing stupid things.

          «if it is,» according to people surely smarter than I am, it is,

          «then that's just one more permission that the user has to expressly grant» A bit like the oh-so-infamous Windows security threats, then?

          Disclaimer: Windows is not my OS of choice, I do not use ant-virus software more than a few times per year just to make sure, but again I check the process list on my personnal machines a few times per day and my systems are set up so that there is absolutely no way that any process would access the network without me validating it, the first time at the very least. On my own Windows machines, no process can possibly access the network or alter the registry without an explicit "go ahead" from me. On my Linux boxen network access is granted on a whitelist basis and I still monitor connexion logs (on top of the security basics such as only installing certified apps, or, fail that, reviewing the code myself).

          I do not own any Apple status symbol myself but I, herm, "get" to fix some as part of my job and I can tell you: Apple PCs are certainly not more reliable than Windows ones, and noticeably less reliable than Linux PCs. And Apple users are a real pain in the ass as they ALWAYS put the blame on the sysadmin because no matter what they do, it cannot be their fault as they have a Mac and Macs are invulnerable. A bit like the " "i can't have AIDS, I'm not gay" a few years ago. But reversed, somewhat.

          1. PC1512
            Heart

            <<stupid things>>

            Forgive me for not being wrong, but the clear inference in your previous post is that anti-virus will save us all from this terrible threat - when actually in this instance, as in most instances of a Trojan, it's actually a little common sense on the user's behalf that's key, and in fact the only certain way to avoid getting stung.

            Ironically, you're busily perpetuating the myth of dumb, helpless Mac fanbois whilst pushing a failed security model that encourages users to absolve themselves of responsibility and put all their faith in a third party (antivirus vendors) that can and do get it wrong on a regular basis, and whose whole business case relies on the continued proliferation of these threats. Meanwhile, the level of "outbreaks" amongst those oh-so-dumb Mac users is infinitessemally small, while malware is practically pre-installed on the average Windows machine.

            If you'd bothered to read anything I'm saying, you'd know that like most Mac users I'm well aware that my computer isn't "invulnerable", because like any computer it's at the mercy of its user - but without the entirely false sense of security provided by the likes of Norton peering over my shoulder and eating up my processor cycles 24/7, I actually take care over what I allow onto the system and pay attention to what the system's telling me, all of which would prevent this trojan and any others like it. Mac OS X certainly does alert me and ask permission about any applications asking for network access for the first time, and that alone would set off enough alarm bells over a screensaver.

            Now I suggest you try balancing that massive chip on your other shoulder for a while, while I take my leave of your timewasting nonsense.

            1. PC1512
              Headmaster

              Incidentally

              Before I go, have a bit of perspective - here's the Guardian's report on this yesterday, which helpfully includes a screenshot of the agreement required to install this spyware - http://www.guardian.co.uk/technology/blog/2010/jun/02/apple-spyware-intego-discovery - as nasty as this all may be, that screenshot does explicitly state that "PremierOpinion" will be installed if the user agrees, and - if you read the blurb in full - explains that the software "monitors and collects" information on browsing, purchasing, hardware etc. And this is all presumably *before* you're subsequently asked for your admin password in order the software to install as root.

              It may be a litlle sneaky, but it's not exactly a drive-by attack, is it?

              You can even read all about PremierOpinion on their site here - http://www.premieropinion.com/FAQ.aspx

              Oh, and it turns out that the complicated way you remove this evil malware from your compromised Mac is... by running the uninstaller provided. Or dragging and dropping the PremierOpinion folder in the trash (yes, it installs as a perfectly visible application in your applications folder - how sneaky is that?)

            2. ElReg!comments!Pierre

              I took the piss again didn't I

              «Forgive me for not being wrong, but the clear inference in your previous post is that anti-virus will save us all from this terrible threat»

              Ooops sorry I was wrong and you were right. Let me just hop in Ye Olde Timemachine and correct my post -perhaps by adding a footnote or something.

              .........................................

              There. Better?

              «when actually in this instance, as in most instances of a Trojan, it's actually a little common sense on the user's behalf that's key, and in fact the only certain way to avoid getting stung.»

              Well stupidity is a common trait in users, which is why the admins force awful nannying anti-virus software on them. Their main goal is not to get rid of viruses, contrarily to popular belief, it's to _prevent_ the opening or installation of malware by stupid users. In the present case 'infection' would be prevented as the malicious software would have been recognized as such and thus not allowed to install.

              I am by no means a fan of anti-virus software myself, though I would definitely install one on Aunt Millie's PC (even of the Apple brand).

            3. ElReg!comments!Pierre

              Besides, you're very wrong

              «when actually in this instance, as in most instances of a Trojan, it's actually a little common sense on the user's behalf that's key, and in fact the only certain way to avoid getting stung.»

              Actually in that case common sense would not have helped much. After all the spiked apps came from reputable sources. Unless of course you consider that common sense is "don't install anything that wasn't on the machine when you bought it". But let's not let facts get in the way of the Church of Jobs. Stevie said "Macs have no use for AV", so that must necessarily be the truth. Despite some of his high priests actually thinking the contrary, by the way.

              1. PC1512
                Pint

                Yeah

                The thing is, before you spout on even more about blind ideology getting in the way of the "truth" and the "facts" you really might want to take a gander at that Guardian article, the screenshots, think about how users downloading these screensavers are actually being expressly told that the screensavers come courtesy of them installing separate software called "PremierOpinion", and that said PremierOpinion is expressly designed to monitor and collect information about them and their habits, and that it won't be installed unless they say yes, and PremierOpinion (not the screensaver) would like your admin password please... and then tell me again that common sense won't protect you from this "trojan".

                One of us is letting our personal bias colour our understanding of the actual story here, and it ain't me.

                I'm not a sysadmin so I don't generally assume that all my fellow human beings are stupid. For those that are, yes, anti-virus can help - and it's even suggested by Apple on their security pages now, which I'm sure will have you positively frothing with delight. However, in this case I don't believe any competent computer user would have benefited from it at all since they would have seen this dodginess coming a mile off - in fact it announces itself quite clearly, which is probably why "reputable" download sites and software vendors didn't have a problem with its inclusion. By contrast, the lesser able user with anti-virus installed is probably far more likely to OK everything on the assumption that the anti-virus would stop anything bad, when in reality there's always a distinct possibility that it won't at all.

                Speaking personally - and my Mac is my personal computer after all - I know that PremierOpinion would never have gotten on my computer since Mac OS X would have given me more than enough warning that it, and not some screensaver, was the app trying to gain admin rights.

  28. Mike Flugennock
    Grenade

    As the Mac haters predictably crawl out of the woodwork...

    I've been using a Mac of some kind -- pretty much the only kind of computer I've ever used -- since 1985. So, I guess that makes me a "fanboy". Whatever. But, aaaa-aaaanyway...

    Before all you Windows slaves get all worked up, let me remind everybody that one of the first viruses/trojans/exploits I ever saw in the wild was a MacOS exploit, around 1988. As I hadn't connected to the Internet yet -- I was still hanging out on local BBS systems -- I knew I'd be OK, but continued to observe that situation out of prudent curiosity. Forewarned being forearmed, and all that.

    While I still recommend MacOS for people who want to vastly cut down their chances of being hacked/r00ted/trojaned/pwned, I'm certainly not stupid enough to not think that someday, somewhere, some bastard is going to come up with a MacOS virus/trojan/exploit of some kind.

    That's why I learned how to use a hosts file, and installed Little Snitch, and use SpamAssassin, FlashBlock, AdBlock, and NoScript -- and I don't click on shit like KIM KARDASHIAN NUDE VIDEO!!!!!!111!!!, or download shit like screen savers from outfits I've never heard of, or blindly comply with requests coming out of nowhere for my participation in "marketing surveys", or requesting my frickin' _system_password_, f'cripesake.

    That said, still... this is _how_many_ MacOS exploits spotted in the wild, compared to _how_many_ Windows exploits? Don't worry, guys, Windows is still Numero Uno.

This topic is closed for new posts.

Other stories you might like