Macworld Forums

DESIGNADE,

I've heard that and it doesn't sound unreasonable. I've thought for a while that the InputManagers method was a bad idea (really, really not smart), and this comes right after the daringfireball article about them. The resource fork issue has popped up before as well. It does kind of smell like a "these bits need fixing" wake-up call, the fact that it's relatively benign does make me wonder...

JP.

Apple Certified System Administrator

J.P.,

http://tinyurl.com/9scnn

A step by step guide from Symantec, including the "Due to a bug in the code.........." bits that seem to prevent further damage being done. It's certainly easy to see how something like this could cause havoc though.

Ade

Considering someone posted this file as an attachment in a public forum, wouldn't it be possibile to track that person down? After all you have to regsiter etc.

Sorry to disappoint Macworld's news staff, but I must have been the only Mac user who didn't gasp at that news.

http://www.macworld.co.uk/news/index.cfm?NewsID=13880&Page=1&pagePos=1

However, what did make me gasp was that the BBC ran a story on it which was intelligent, non-sensational and informative.

http://news.bbc.co.uk/1/hi/technology/4723390.stm

Well done the Beeb

Other news organisations have now ran their third story about the first virus of OS X. They conveniently overlook the fact that they've already run two previous stories about the first ever OS X virus and they weren't viruses either.

AlanAudio,

Yes, I didn't gasp either.

The BBC piece is - well accurate, unbiased & not sensational. I think what shouldn't be missed is that this Trojan has been in the wild now for just over three days & there are few reports of anyone being infected & none of anyone loosing data or up-time over it. With a typical Windows Trojan - let alone virus - we'd have seen reports of thousands affected & possibly a major company, with plenty of highly-trained M$ tekkies, having their systems shutdown because of it. Of course, this 'first' Trojan doesn't have an effective malicious payload, which helps - is it still a Trojan if there's no payload? If the wooden horse of Troy had been empty, then would it have just been a gift?

AlanAudio,
Whilst several of us here have been chatting about it, I doubt that many gasped at the news either. Sadly Macworld's item falls a long way short
of the BBC's balanced report as does this item
http://www.macworld.co.uk/news/index.cfm?home&NewsID=13885
A whole 600 users! Not much of a sample is it?

BULLEID34081@mac,


"The correct response is to remain calm and take sensible measures to protect your Macs in future," continued Cluley."

Like buy your software at a software store near me?

andybarton,

The security firms obviously see the millions of OS X systems as a potential market. Remaining calm is not really what they want Mac users to do, they want panic-buying of AV software. Remaining calm & taking sensible measures sells no software. Although sensible is a flexible word.

Let's look at another two words; theory & practice. In theory, OS X is not totally secure. However, as Clive603 said in AlanAudio's thread 'Selling the poison and charging extra for the antidote', it's secure enough. OS X has been released for some 5 years now &, so far, this is the best that any hacker, cracker or script-kiddy can come up with. In practice, OS X is proving to be a secure enough combination of difficulty in cracking, difficulty in propagation & difficulty in doing damage or creating BotNets, to make it unattractive. If the WWW (World of Wide-open Windows) ever ceased to be for whatever reason, then things might change. But then, there are millions of OS X systems in use right now, all, except for one or two, 'completely unprotected' & legal cases have shown that BotNets of half-a-million PCs are very profitable & worthwhile pursuing. A tough nut to crack would be even more worthwhile because it would keep the competition down. Security through obscurity just does not make any sense because the hackers, crackers & script-kiddies must know about the numbers & even if they underestimated massively, all it takes is a few thousand to make it worthwhile. So there must be a good reason why there are no effective viruses, Trojans, etc. for OS X.

If security firms don't realise all this, then they they can't be very good. What they would like is for us not to realise it & run out & buy their products. I'm not saying don't ever buy because AV software does have a place on a Mac, but buying because of a worry that the theoretical floodgates are opening is not borne out in 5 years of practice.

Cynic,

to add to what you have just said.

There are about 20 million OS X users around the world. In the five years since OS X was launched there have been three well-publicised security scares that come to mind. I won't refer to them as worms Trojans or viruses as that invites argument about definitions. I'm thinking of Renopo, the fake Office installer and this one.

But the real point is that I have yet to hear of anybody that I know of who has actually been affected, or has even seen any of these items of malware and I'm quite confident that I won't be seeing any instances of this one either.

The simple fact is that a great deal more manpower has been expended talking about these things than has been expended in having to deal with them.

AlanAudio,
"The simple fact is that a great deal more manpower has been expended talking about these things than has been expended in having to deal with them."

Can't disagree with you there and we all know many Windoze users who've had huge amounts of bother with malware.

sunspot,

> wouldn't it be possibile to track that person down?

No really. It is quite easy to register with fake details.

And assuming the sender was making an effort to avoid being tracked, it is possible to change settings, use software which hide identities and even use public (as in internet cafes, colleges, etc) machines.

And that is just for starters. Think by instance how come that most span come with fake addresses and that sort of things.. Even worse, the trojan could have been uploaded from a machine and the owner of that machine could be totally innocent and unaware of how his computer has been used.

All that wont stop the admin of the site where the trojan was uploaded trying to find out who sent it. It is just very unlikely they will succeed, as it mostly depends of the sender having made a mistake.