[jwblase]

I'm no programmer (I got a D+ in Intro to Programming my freshman year at college... No wonder I became an English teacher), and I don't play one on T.V. However, I do try to follow all the bits that go on, and I do think I have a slight grasp on things here in the forums. Now, heeeeeerrreee's Johnny:

I just read an article at grc.com. It took about 45 min. to read (for a non-programmer, not bad), and I have some questions that I think the forums can answer for me and any others wondering the same thing:

How simple is it for this kind of trojan to be brought to OS X? If it's not that hard, can the built in firewall protect against it (using configuration utilities like Brickhouse)?

Politics of the Internet aside, how potentially vulnerable is OS X to such viruses and trojan horses? Does Apple really have this kind of thing in hand, unlike Windows?

Unlike over in the General Discussion Forums, I hope to get some legit discussion and answers to this topic without it dissolving into programmer flame-wars. (It gets old VERY quickly, and makes posts very dissatisfying to read).

We all love our Macs and our OS X, but what do we *really* know about it?

JB

[ 06-15-2001: Message edited by: jwblase ]

[Dalgo]

Well, Mac OS X does support UNIX sockets, I mean Mac OS X is a flavor of BSD so of course it supports sockets. I think that it would probably be easier to make a nice little ping-flood trojan for Mac OS X than for Windows XP just because, in my opinion, Mac OS X is, in general, easier to program for. I have never used sockets before, nor have I written any type of ping-flood trojans, but I'd guess that it'd be easier to do so on a Mac than a PC.

[Apocalypse]

I have never used UNIX sockets either but, as a general rule with OS X security, you could look into similar issues with BSD and other *NIX. As far as actual viruses go (which are more realistic an attack - viruses are automated) you will not have many problems with OS X. All the important parts of the system are only writeable by "root" so a virus would have to be executed by root in order to be harmful. The worst that could happen is a virus could be executed by you and could mess with your applications and documents. It shouldn't be too easy for anything to kill your actual OS. The kind of attack described in the article is something who's fundamental derivation is a ping-flood which can NEVER be countered. Remember, of course, that this attack was run by hundreds of these "ZOMBIE" machines. As mentioned above, even a trojan would have to be executed as root in order to be able to play with port numbers, etc, and it would still show up on a process list (easily killable).

In short, don't run your machine as root so you don't become a victim of the trojan and change IPs often or don't become a target in order to dodge the ping flood.

OS X is decent for security, so it seems right now.

Enjoy,
Jeff.

[jwblase]

If Xboxes (as I call them) cannot easily send this kind of attack out, how vulnerable is a home machine to receiving them? Can the OS X built in firewall protect against such attacks? How about a small business?

If OS X is to become a viable business alternative, then it has to do something that alternatives cannot. Can X protect against these kind of attacks where Windows (NT or 2000) cannot?

JB