
Finally a virus for us Mac users!!!!
Installing it only puts it into a specific location (usually /Applications) on your hard drive so that it can be run from there later on. A common way to install some Mac apps is to open a .dmg file, and drag the application icon to the Applications folder. However, you can if you wish double click the application icon from within the .dmg file to run it in many cases. You need your password to copy the app to Applications, but not usually to run it directly.Machinesworking wrote:I know of no way to run an application without installing it
There's also installers of the .pkg/.mpkg variety - these generally put data somewhere like /Library/Application Support and that's why they're a bit more involved.
Live 7, Logic Studio 8, Mac Pro 8-core/2.26/6GB, OS X 10.5.6, Saffire Pro 40, Alesis M1 Active 520s, Remote SL 37, Virus TI Snow, Nord Rack 2, Zebra 2, Sylenth1
-
massiveheadpain
- Posts: 208
- Joined: Sat Jan 14, 2006 7:44 pm
- Contact:
-
paradiddle
- Posts: 512
- Joined: Wed Jul 14, 2004 12:21 am
- Location: mtl
-
Machinesworking
- Posts: 11551
- Joined: Wed Jun 23, 2004 9:30 pm
- Location: Seattle
OK true, but we're talking about the hypothetical case were gramma gets a file that sez it's a batch of photos etc. We'll see in the future here, but I'm pretty sure most people when confronted with a disc image containing a file that once double clicked pops up a warning that this is an application from the internet, which a movie or picture file will not have, well I'm pretty sure they will get wary at that point.mkelly wrote:Installing it only puts it into a specific location (usually /Applications) on your hard drive so that it can be run from there later on. A common way to install some Mac apps is to open a .dmg file, and drag the application icon to the Applications folder. However, you can if you wish double click the application icon from within the .dmg file to run it in many cases. You need your password to copy the app to Applications, but not usually to run it directly.Machinesworking wrote:I know of no way to run an application without installing it
There's also installers of the .pkg/.mpkg variety - these generally put data somewhere like /Library/Application Support and that's why they're a bit more involved.
I could be dead wrong though we'll see. IMO so far it's looking like most of the viruses you can get on OSX are ones that are embarrassing to admit you installed, and ran, since your hand is pretty much held every step of the way.
I'm not sure I get you here. Are you saying they should update the OS so that if you run anything other than a known data file (movie/picture), you get a warning saying it's an application from the Internet? Or are you saying it already does this (which I don't believe 10.4.11 does).Machinesworking wrote:OK true, but we're talking about the hypothetical case were gramma gets a file that sez it's a batch of photos etc. We'll see in the future here, but I'm pretty sure most people when confronted with a disc image containing a file that once double clicked pops up a warning that this is an application from the internet, which a movie or picture file will not have, well I'm pretty sure they will get wary at that point.
What if the .dmg was on a friend's USB key - it's not the Internet then. What if there's an exploit for Quicktime/Preview that was triggered by a movie/picture which you don't get warned about.
I agree with this - 3 trojans in the last week all relating to downloading cracked software. IMO if you take chances, you get burnt.Machinesworking wrote:I could be dead wrong though we'll see. IMO so far it's looking like most of the viruses you can get on OSX are ones that are embarrassing to admit you installed, and ran, since your hand is pretty much held every step of the way.
However, I think the key is in education. Kids should be taught (if they aren't already) about the dangers of viruses/trojans etc. There's a lot of danger in inexperienced users installing malware which education might prevent.
We don't let inexperienced people drive cars, yet we'll let anbody play about with a computer - and while one compromised computer is small potatoes in comparison to a kid getting dragged under the car of a new driver, thousands of compromised computers hooked up in a botnet has the potential to cause massive damage.
Mo
Live 7, Logic Studio 8, Mac Pro 8-core/2.26/6GB, OS X 10.5.6, Saffire Pro 40, Alesis M1 Active 520s, Remote SL 37, Virus TI Snow, Nord Rack 2, Zebra 2, Sylenth1
-
Machinesworking
- Posts: 11551
- Joined: Wed Jun 23, 2004 9:30 pm
- Location: Seattle
I suppose, in the end though, you back up, and just end up spending hours reinstalling, unless they get your firmware.USB wise of course it can work, my point is a virus has to be installed to run, you the user have to instal it. AFAIK even 10.4.11 warns you if you try to run a piece of software off of a disk image. This doesn't mean there isn't ways around this, but let's face it, with the amount of Windows users out there that hate Apple, if it was as easy as it is on Windows, it would be more common.mkelly wrote:I'm not sure I get you here. Are you saying they should update the OS so that if you run anything other than a known data file (movie/picture), you get a warning saying it's an application from the Internet? Or are you saying it already does this (which I don't believe 10.4.11 does).Machinesworking wrote:OK true, but we're talking about the hypothetical case were gramma gets a file that sez it's a batch of photos etc. We'll see in the future here, but I'm pretty sure most people when confronted with a disc image containing a file that once double clicked pops up a warning that this is an application from the internet, which a movie or picture file will not have, well I'm pretty sure they will get wary at that point.
What if the .dmg was on a friend's USB key - it's not the Internet then. What if there's an exploit for Quicktime/Preview that was triggered by a movie/picture which you don't get warned about.
This is one thing that always blows me away about the excuse that OSX isn't as huge, so that's why there aren't as many viruses. If forums are any measure of attitude, then Apple is well hated, and would easily be a target.
I agree with this - 3 trojans in the last week all relating to downloading cracked software. IMO if you take chances, you get burnt.
However, I think the key is in education. Kids should be taught (if they aren't already) about the dangers of viruses/trojans etc. There's a lot of danger in inexperienced users installing malware which education might prevent.
We don't let inexperienced people drive cars, yet we'll let anbody play about with a computer - and while one compromised computer is small potatoes in comparison to a kid getting dragged under the car of a new driver, thousands of compromised computers hooked up in a botnet has the potential to cause massive damage.
Mo
Sorry, but that's not factually correct. A virus does not have to be installed to be run, certainly on 10.4.11. Example here: I just downloaded the .dmg file of PhotoPresenter from www.boinx.com/download/ - I opened the .dmg and was presented with a common method for installing apps. The app icon and a link to the Applications folder with the instructions "To install drag PhotoPresenter to the folder Applications" - I didn't though, I just double-clicked the PhotoPresenter icon, and the app just ran. It's a self contained app - it has everything it needs inside the .app package and will run from anywhere. A virus can be the same. Would be interested to see what the craic is with Leopard.Machinesworking wrote:USB wise of course it can work, my point is a virus has to be installed to run, you the user have to instal it. AFAIK even 10.4.11 warns you if you try to run a piece of software off of a disk image.
Unless they get your CC details, online banking password, or other personal information. They could use your machine as part of a botnet to send spam, which costs businesses a lot of money every year. They could also use the botnet to direct DDoS attacks on businesseds or even governmental infrastructure which could cripple a country if they found the right vulnerability.I suppose, in the end though, you back up, and just end up spending hours reinstalling, unless they get your firmware.
Keeping a computer malware free is no longer a matter of personal convenience - it's a responsibility IMO.
Live 7, Logic Studio 8, Mac Pro 8-core/2.26/6GB, OS X 10.5.6, Saffire Pro 40, Alesis M1 Active 520s, Remote SL 37, Virus TI Snow, Nord Rack 2, Zebra 2, Sylenth1
-
Machinesworking
- Posts: 11551
- Joined: Wed Jun 23, 2004 9:30 pm
- Location: Seattle
mkelly wrote:Sorry, but that's not factually correct. A virus does not have to be installed to be run, certainly on 10.4.11. Example here: I just downloaded the .dmg file of PhotoPresenter from www.boinx.com/download/ - I opened the .dmg and was presented with a common method for installing apps. The app icon and a link to the Applications folder with the instructions "To install drag PhotoPresenter to the folder Applications" - I didn't though, I just double-clicked the PhotoPresenter icon, and the app just ran. It's a self contained app - it has everything it needs inside the .app package and will run from anywhere. A virus can be the same. Would be interested to see what the craic is with Leopard.Machinesworking wrote:USB wise of course it can work, my point is a virus has to be installed to run, you the user have to instal it. AFAIK even 10.4.11 warns you if you try to run a piece of software off of a disk image.
I'm not 100% certain on this, yes, but we're talking different things here. On leopard any internet file it asks you if you feel safe running it. AFAIK no quicktime movie I've ever downloaded was on a disk image. My point was that the application would either have to be downloaded, and regularly installed, in which case the OS will ask you for a password, which would be suspicious if it was in fact a quicktime movie, or it would have to run off a disk image, which would be odd if it was in fact a quicktime movie. Though you're right, there's an obvious exploit right there if someone could work it right.
This is an area where you would have to be pretty whacked as an OS X user to get into though, to instal a botnet app on OSX would be near impossible without the user allowing it. Who keeps CC details and online banking passwords in any form on their computer?? Unless again they are able to instal an application on your computer, which is near impossible in OSX.Unless they get your CC details, online banking password, or other personal information. They could use your machine as part of a botnet to send spam, which costs businesses a lot of money every year. They could also use the botnet to direct DDoS attacks on businesseds or even governmental infrastructure which could cripple a country if they found the right vulnerability.I suppose, in the end though, you back up, and just end up spending hours reinstalling, unless they get your firmware.
Keeping a computer malware free is no longer a matter of personal convenience - it's a responsibility IMO.
I'm not trying to knock Windows for fun here, but these sorts of exploits are mainly due to really glaring omissions of security in XP, that you can override the password system etc. Now I'm certain that you're going to eventually be right, but as it stands there are no bots that are on OSX machines, it's just not happening yet. Yet is the key word here, but I've been saying yet ever since OSX came out. So it's a pretty good ride that way.
Apple do recommend anti virus software now, which is a sign that they aren't as secure as they used to be, so it's all possible I suppose.
Yeah we probably are talking about different things here. I'm talking about a trojan inside a seemingly valid piece of software, inside a .dmgMachinesworking wrote: I'm not 100% certain on this, yes, but we're talking different things here. On leopard any internet file it asks you if you feel safe running it. AFAIK no quicktime movie I've ever downloaded was on a disk image. My point was that the application would either have to be downloaded, and regularly installed, in which case the OS will ask you for a password, which would be suspicious if it was in fact a quicktime movie, or it would have to run off a disk image, which would be odd if it was in fact a quicktime movie. Though you're right, there's an obvious exploit right there if someone could work it right.
I'm a savvy enough computer user. 25 years under my belt, the last 8 or 9 in a professional capacity. I got a Mac 18 months ago. I downloaded an application wrapped inside a disk image. I mounted the image, saw an app icon, and double clicked. The app ran. I couldn't understand it. I read the readme in the disk image and it said to drag the app icon to the Applications folder. Then I was prompted for my password. Was I entering that to install the app, or was I entering the password to give the app root permissions to run background processes that could do almost anything.
Even if I didn't enter the password the initial running of the app could act as a key logger, capturing my passwords and personal details as they're entered into online forms.
From http://www.appleinsider.com/articles/09 ... rates.htmlI'm not trying to knock Windows for fun here, but these sorts of exploits are mainly due to really glaring omissions of security in XP, that you can override the password system etc. Now I'm certain that you're going to eventually be right, but as it stands there are no bots that are on OSX machines, it's just not happening yet. Yet is the key word here, but I've been saying yet ever since OSX came out. So it's a pretty good ride that way.
The ability to be remotely controlled and participate in a DDoS to me constitutes a botnet.According to Intego, the rogue software connects to a remote server to notify its creator that the trojan has been installed on different Macs, and he or she can "connect to them and perform various actions remotely", including downloading additional components to the machine.
...
In an update on the matter Monday morning, Intego said Macs infected with the trojan are being pushed new code that downloads in the background, which is then being used to facilitate a DDoS (distributed denial of service) attack on certain websites.
I'm with you though - while I think it's easier to crack a Mac than many would believe, I still think it's inherently more secure than Windows. That said, I use Windows in a work capacity - 7+ years on a Windows laptop in work and I've not had one infection of malware. Nothing to do with a strict security policy at work, just being a smart user is the key. Which is why I think education of computer users is essential.
Live 7, Logic Studio 8, Mac Pro 8-core/2.26/6GB, OS X 10.5.6, Saffire Pro 40, Alesis M1 Active 520s, Remote SL 37, Virus TI Snow, Nord Rack 2, Zebra 2, Sylenth1
-
starving student
- Posts: 7129
- Joined: Thu Dec 09, 2004 6:13 pm
- Location: right here
Mac users have the best virus protection system ever!
We use PC users for protection.
Its fairly simple. As soon as a virus or trojan gets discovered (usually by the same guy), its big news on all mac forums and news sites. The news will even make it to my local paper.
Since some PC users can't wait to point and laugh, you're more likely to run into a user like that first than the actual virus/trojan.
So its virtually impossible for a Mac user to run into a virus unknowingly.
And how long is this knowledge relevant? 2 or 3 security fixes later and its time to find a new trojan.
I'm not under the illusion that the mac is invulnerable. It isn't. And if hackers really wanted to, they'd shut us down.
But as it stands now, writing a virus or a trojan for mac is better than writing a resume for Apple. People can still brag about finding Mac exploits and use it to advance their career.
So by the time you actually posted about this. Its already old news and the fixes have been released. http://www.macrumors.com/2009/01/22/iwo ... -x-trojan/