Mac OS X Target of New Viruses

thePMG · Rated XXX Joined: 24 Apr 2004 Posts: 393 Location: Germany

I love how there are absolutely no facts around this story, but it's running on many of the major news outlets. Was it a priviledge escalation exploit, or was the guy a "moran" and entered the administrator password, giving said "virus" control of his system? Hell, what is the name of the "virus"? This article is scaremongering BS.

BeerCheeze · Posted: Mon, 01 May 2006 08:58:04 Post Subject:

My guess is it's based around this: http://isc.sans.org/diary.php?storyid=1138

thePMG · Rated XXX Joined: 24 Apr 2004 Posts: 393 Location: Germany

Yep, this is bad. Probably won't take over an entire system if it's only able to run shell commands on a user account, but it could delete everything in your home directory. Combine it with a priviledge escalation exploit, you could take over an entire system.

*SIGH*, it may be time to go back to Linux.

EDIT: Or not really as bad as it's made out to be...

acruxksa · Posted: Tue, 02 May 2006 21:12:40 Post Subject:

Doesn't sound that bad to me, just being overhyped because it's one of the first for Mac OSX. Won't be the last and definitely isn't the worst.

BeerCheeze · Posted: Tue, 02 May 2006 21:22:44 Post Subject:

Well... I personally consider it VERY bad. It's a very big chink in the armor, and it actually goes to show that any OS is venerable when it's targeted.

(Also you know the new Mac OS is BSD based right?).

Either way... this is just something we have to deal with. People need to get it out of their heads that ANY OS is secure. They aren't. None of them. Not a one. Because they are installed, built, and configured by humans. And 99 out of 100 times, a mis-configuration is what makes the system venerable.

Kilamon · Rated XXX Joined: 22 Mar 2005 Posts: 811

**Doctor Feelgood** · Posted: Wed, 03 May 2006 16:10:15 Post Subject:

- Teh spelchekar couldn't help you there! Ironic typo though!

Blue|Fusion · Posted: Wed, 03 May 2006 16:33:51 Post Subject:

Like EC mentioned, 99% of the time, you get a virus because you have little or no security. My sister has adware, slyware, viruses galore on her computer (and I refuse to fix it anymore). Why? Because she installs any old thing that IE tells her to when she goes to her myspace and blogs and other garbage sites that offer nothing more than ads and pictures of emo kids. Sadly, that's the typical computer user. Uses it, not knowing the consequences of what you're doing without having any discretion...and what's worse? No security software (firewall, A/V, etc.). The virii building up for one massive "we screwed you over, now reformat your pc and do it all over again!"

At the other end of the spectrum, people, such as many of the users here, take discretion as to what we download and install and open up in emails. We religiously check for software updates. We run some form an A/V program to at the very least provide some protection of viruses if you somehow missed something. We run firewalls...sometimes several (I do...NAT router and IPTables Smile

). Alot of us probobly even run some form of spyware/adware detection software to keep things clean. I may be a Linux advocate, but I still ran Windows for years prior and use Windows at work and stuff. Only one time did I have a virus on my computer. And that was only because I let my cousin check her email. She ended up crying after I had to reformat the system from the guilt (although I wasn't really that upset...it was Windows ME at the time...).

Also as EC mentioned, all OSes are vulnerable to viruses or something similar (rootkits (trojans) in Linux). People say Linux, BSD, Mac OS X is more secure because of two realities: 1) No or fewer viruses (the latter part is true while the former is a common misconception) and 2) "Non-Windows users are geeks" train of thought by Windows users. Well, it's true in a way. While Mac OS X generally harbors a very cool GUI which conforms to the common Windows users (and their lack of important security knowledge), Linux users often have to get down and dirty with their system...right down to the kernel. It's pretty hard not to learn better security in the *NIX venture. After a little toying around, you can pick up security pretty quickly, keep everything up to date, and so on. *NIX (including BSD) users are just more security-savvy than Windows users.

Mac OS X is still pretty safe because there are so few viruses yet, but being a minority still helps in preventing an ocean of viruses popping up for it. And if that ever did happen, I have confidence that both Open source developers for any BSD software Mac OS X runs on as well as the Mac OS X team themselves will put out security fixes much much faster than Microsoft ever can.

Another major advantage both Mac OS X (being *NIX based) and Linux have is that for a virus to totally screw up the OS, the virus must be executed as a priviliged user (i.e. root). Running it as a user without permissions to edit system files, the worst the virus can do is screw up all the files owned to that user. In Windows, a limited access user can execute a virus and the system can be thrashed to bits (get it? bits? I crack myself up! Laughing

).

knight0334 · Posted: Wed, 03 May 2006 19:18:16 Post Subject:

Cool.. finally those Apple Hippies will know what it's like to deal with those code-junkies too..