[tavilach]

First, read this.

The article makes a very valid point. As has been discussed here many a time, people just assume that because Mac OS X has less viruses/spyware/etc., it is better protected against them. That's like saying that a virgin without AIDS will be fine after a gang-bang!

What worries me is the following: The iPod craze will result in a lot of new Mac users, many of whom will make or have made the switch because of all the talk of its lack of malware. What will these millions of new Mac users do when viruses start spreading on the Mac? Many will switch back, and create hate web sites about the "Scam of OS X." Others will be too lazy, but will still fuel the anger. Before long, Mac OS X will be the latest Windows ME, and of course, not deservedly so.

How can this be prevented? The knowledge that Macs are susceptible to viruses needs to spread, so that those who switch do so for the right reasons, and so that people start preparing for battle! That's all I can think of...

Discuss ...

[RGB]

*yawn*

Nothing to see here folks...

[tavilach]

Originally posted by RGB:
*yawn*

Nothing to see here folks...

RGB...

I'm fully aware that Symantec's software is horrible, and this is definetely part of a ploy to sell more products. Nevertheless, I guarantee you that OS X is not bulletproof, and I just worry about the reactions of new users.

I also know that this topic has been discussed before, but I believe I'm approaching it from a slightly different angle. It's not as if you've never repeated anything, good sir.

Are you tired?

[TailsToo]

No story here. I'm sure that the iPod will be the first MP3 Player with a virus as well.

[tavilach]

Originally posted by TailsToo:
No story here. I'm sure that the iPod will be the first MP3 Player with a virus as well.

I'm sure that it will be. No one was ever misled into thinking otherwise, though.

[TubaMuffins]

if after learning that OSX can get viruses people decide to switch back to Windows, then whats kept them from switching away from Windows in the first place?

[Apple Pro Underwear]

virus maker bob:

hates apple and wants revenge

sets out to study apple programming to familiarize himself with the programming aspects and nuances

now he has a good threshold of system and starts to make a plan on how to make a mac worm

he begins to develop this worm and dedicates several hours a day for 3 months to write a perfect mac osx virus between burger king shifts

hi-jacks a server, finds a list and spams millions as:
subject: "V1a6ra for teh ma$$e$"
body: click here to learn more (activates virus)

Mail, .mac, gmail and thunderbird all filter it out for mac users and thousands of aol, msn and juno users go "WTF? where is my V1a6ra?"

perhaps 1 mac user infects himself and he spreads the virus to his 50 buddies who filter out the email or are PC users

_____________


moral of story: attack PC users

[malvolio]

This is the old "security through obscurity" BS that has been refuted many times before.
Even if the roles were reversed and OS X had 90%+ of the market, we would still be more secure due to the inherent security advantages that OS X has over Windoze Whatever.
(And if you don't believe me, google it, fool!)

[sideus]

<Insert Blog Login Link Here>

[Apple Pro Underwear]

Originally posted by malvolio:


This is the old "security through obscurity" BS that has been refuted many times before.

actually, provide me a link

i think common sense wise, obscurity is a very safe machanism

[meelk]

Originally posted by tavilach:
First, read this.

The article makes a very valid point. As has been discussed here many a time, people just assume that because Mac OS X has less viruses/spyware/etc., it is better protected against them. That's like saying that a virgin without AIDS will be fine after a gang-bang!

What worries me is the following: The iPod craze will result in a lot of new Mac users, many of whom will make or have made the switch because of all the talk of its lack of malware. What will these millions of new Mac users do when viruses start spreading on the Mac? Many will switch back, and create hate web sites about the "Scam of OS X." Others will be too lazy, but will still fuel the anger. Before long, Mac OS X will be the latest Windows ME, and of course, not deservedly so.

How can this be prevented? The knowledge that Macs are susceptible to viruses needs to spread, so that those who switch do so for the right reasons, and so that people start preparing for battle! That's all I can think of...

Discuss ...

You really have way too much time on your hands.

[malvolio]

Originally posted by Apple Pro Underwear:
actually, provide me a link

I repeat:

And if you don't believe me, google it, fool!

[Apple Pro Underwear]

Originally posted by malvolio:
I repeat:

i googleed it and peeped the first 10 entries:
http://www.google.com/search?q=%22se...en-US:official

they speak of "security through obscurity" in general over some network situations. which make sense.

i still don't see how this applies to OSX yet though. i mean, the overriding theme they write of STO is not enough. You need to have proven methods of security as well. Well OSX has STO as well as sound security safeguards right? so that makes several cases of STO to break throug. First the STO of the OS and second the STO of the unique OSX security safeguards. (thats not to mention the STO of the unique virus deployment, such as safari or Mail) All the STO builds up to one snowball STO.

[malvolio]

APU, yer overcomplicating stuff.
Repeat after me: OS X is better because you have to authorize sh*t.
C'mon now: OS X is better because you have to authorize sh*t.

[ThinkInsane]

Originally posted by Apple Pro Underwear:
virus maker bob:

hates apple and wants revenge

sets out to study apple programming to familiarize himself with the programming aspects and nuances

now he has a good threshold of system and starts to make a plan on how to make a mac worm

he begins to develop this worm and dedicates several hours a day for 3 months to write a perfect mac osx virus between burger king shifts

hi-jacks a server, finds a list and spams millions as:
subject: "V1a6ra for teh ma$$e$"
body: click here to learn more (activates virus)

Mail, .mac, gmail and thunderbird all filter it out for mac users and thousands of aol, msn and juno users go "WTF? where is my V1a6ra?"

perhaps 1 mac user infects himself and he spreads the virus to his 50 buddies who filter out the email or are PC users

_____________


moral of story: attack PC users

Well said

[CharlesS]

Originally posted by malvolio:
APU, yer overcomplicating stuff.
Repeat after me: OS X is better because you have to authorize sh*t.
C'mon now: OS X is better because you have to authorize sh*t.

Also, OS X doesn't leave tons of ports open by default for virus writers to exploit. This is a big deal, because open ports are basically the reason you're going to get a virus on Windows within about 5 minutes if you don't turn the firewall on immediately.

[Cipher13]

Originally posted by tavilach:
RGB...

I'm fully aware that Symantec's software is horrible, and this is definetely part of a ploy to sell more products. Nevertheless, I guarantee you that OS X is not bulletproof, and I just worry about the reactions of new users.

I also know that this topic has been discussed before, but I believe I'm approaching it from a slightly different angle. It's not as if you've never repeated anything, good sir.

Are you tired?

Pfft.

OS X may not be bulletproof, but it's kevlar to Windows' paper. Nothing is 100% bulletproof.

No doubt obscurity increases security, but to claim that obscurity is the sole strength of OS X (and that without it the OS would be as vulnerable as Windows) is absolute idiocy.

[TheJoshu]

Originally posted by sideus:
<Insert Blog Login Link Here>

For years before anyone knew what a 'blog' was and since, I've enjoyed the Lounge as precisely the group discussion that you're trying to stymie for some reason. Stop terrorizing! We can all make our own decisions on what to read without your help!

[Superchicken]

You know... considering most viruses are script kiddies I don't think we're going to see that many people making viruses for OS X. Not to mention they'll have to go out and buy a Mac to do it. Which I'm sure the mini would help with. But seriously here, OS X is a LOT more secure. If viruses start going around just start telling people, when apps ask for your password make sure you trust that app. Be careful. OS X will not suddenly become the new windows. And if we get a few viruses how is that going to some how be worse than the PC side? Besides worst comes to worst they go PPC linux, i mean who's going to have compiled a PPC linux virus?!

[malvolio]

Originally posted by Cipher13:
OS X may not be bulletproof, but it's kevlar to Windows' paper. Nothing is 100% bulletproof.

No doubt obscurity increases security, but to claim that obscurity is the sole strength of OS X (and that without it the OS would be as vulnerable as Windows) is absolute idiocy.

^^^^^ An excellent capsule summation of the subject!

[sideus]

Originally posted by TheJoshu:
For years before anyone knew what a 'blog' was and since, I've enjoyed the Lounge as precisely the group discussion that you're trying to stymie for some reason. Stop terrorizing! We can all make our own decisions on what to read without your help!

[entrox]

Shocking News!!! Anti-Virus maker warns that Macs might get an increase in malware in the future. Better buy anti-malware product from anti-virus maker! Completely unbiased and without an agenda to push sales. Honestly!

[macintologist]

Those of you who have experience with mac programming, please tell us, if you decided to make a Mac virus/worm, what could be done.

What kind of program would you write, how would you make it spread among many Macs?

Is it possible to write a multiplatform virus of some sorts?

Thanks. Let's get the bottom of this.

[Apple Pro Underwear]

Originally posted by malvolio:
APU, yer overcomplicating stuff.
Repeat after me: OS X is better because you have to authorize sh*t.
C'mon now: OS X is better because you have to authorize sh*t.

OK

i still think STO is a part of it



[after doing the reading, i understand the STO in other cases is NOT the answer though]

[Paco500]

I think what is most telling was the one example the article sites for this terrifying new world of mac viruses and malware is ONE 5 month old proof of concept bit of malware that was never seen in the wild and Apple quickly responded to.

There may be a kernel of truth to the story, but it's mostly hype.

[Sealobo]

So... Symantec is evaluting if it's cost-effective to start writing virus for the Macs?

[Millennium]

Symantec is alarmist, but it does have some valid points.

It is true that Macs are better-protected against threats than Windows. There are whole classes of attacks on Windows that are simply not possible on any other OS, and many attacks cannot have the same scope on a Mac that they can on a Windows box, on a per-machine basis (that is, inside a single machine, where marketshare doesn't matter). Macs are just plain better, and although obscurity has been a boost it has not been necessary; we're better even without it.

However, Symantec is right to point out that we are not invincible. Social-engineering attacks -the most common technique used to gain access to a machine, because they rely on deceiving the user and therefore bypass any technological measures- are just as possible on Macs as on Windows. They're slightly easier, in fact, since we don't require a special keystroke that can't be faked before inputting a password. If someone can get root access through these attacks, then the Mac becomes almost as vulnerable as a Windows machine. There are also some interesting holes in the OS -not bugs, but actual flaws in the way it works- that have yet to be addressed; mach_inject is the prime example of this. There actually is one working worm out there for OSX, though its author has only demonstrated it at conferences and has taken pains to keep it from getting into the wild.

We have better security, but it's important not to inflate our sense of security. Don't log in as root, and don't log in as an admin unless you have to. Don't give your password to anyone, and particularly don't give it to tech support unless you called them, but the other way around. Be careful about what you download. Get your firewall working properly, and run an anti-virus scan once in a while. Most important, use common sense.

[ReggieX]

Originally posted by macintologist:
Those of you who have experience with mac programming, please tell us, if you decided to make a Mac virus/worm, what could be done.

What kind of program would you write, how would you make it spread among many Macs?

Download this super awesome game. It needs to run an installer. rm -Rf on your home directory.

[Garage81]

anyone find the reference to OSX becoming the next Windows ME physically upsetting?

man, I had windows me come installed on a laptop, that was the biggest pile of rotting **** ive ever used.

[legacyb4]

Sure, I can do that without the help of a virus. How about taking it to the next level where your entire OS X system is set up to be a zombie on some crazy spam network? Or where it leeches every single email address that can be located in your address book/mail system? Or install spyware, etc. that turns your computer into the equivalent of digital swiss cheese?

I'll put my money on my Mac at home over my XP machine at work anyday to stand up to the big bad world out there...

Originally posted by ReggieX:
Download this super awesome game. It needs to run an installer. rm -Rf on your home directory.

[hayesk]

Originally posted by macintologist:
Those of you who have experience with mac programming, please tell us, if you decided to make a Mac virus/worm, what could be done.

What kind of program would you write, how would you make it spread among many Macs?

While it's pretty hard to make a virus, a trojan horse would be much easier. Remember, a virus can replicate itself, a trojan disguises itself to make the user run it.

On could make a trojan fairly easily. Make a game and package it in the installer. Say "this installer needs authentication to install an optimized video driver, etc., etc." and ask for an admin password.

The installer then installs the game, and another hidden process with the owner set as root (it can do this if the user was stupid enough to authenticate). That process then looks up every address in the user's address book and emails it out to everyone. After a week (enough time for everyone else to get the email and install the game), it does "rm -rf /" and wipes out the entire disk.

You could just have the installer do that right away, but then that gives enough time for the user to email everyone and say "don't install the game!!! It's a virus!!!"

Is it possible to write a multiplatform virus of some sorts?

Not a virus, but a trojan probably could be done. It'd have to be either a shell script or Java. There'd be a lot of "if platform =Win do this, else do that, etc." though to get it to propogate.

But the cardinal rule of thumb is never run any executable process that came in an email, no matter who it's from. If I were designing Mail on MacOS, I would put up a warning whenever a user reads an email containing an executable attachment, and make the user jump through hoops to save the attachment and run it.

[Y3a]

So, UNIX must have some sort of viruses then??? WHERE ARE THEY? WinTel needs to get away from the open holes concept of OS design-even though they won't be able to snoop PC's anymore under the guise of software updates. They should allow users to rename the hard drive, and to move the system folder down a layer or two.

PC's were never designed for saavy users, just cheaper ones, and cheap companies bought 'em in droves. Then with all the problems, it requires a bunch of poorly trained types called MCSE's to hover around and "fix" the worlds most popular OS. pretty sad... Those cheap-o's never relayed to the upper mgnt that the personnel costs over 2 years made getting Mac's a better idea, but they are trying to justify their jobs, while sweating the next viruses.

[DeathMan]

Originally posted by hayesk:
...game trojan idea...

This game would quicly be rooted out and removed from macupdate and version tracker, and the creators would be instantly sodomized (in a bad way) by the mac loving community.

This type of trojan would work as well on any system, and better on some. On windows, you could do serious system-wide damage without even asking for a password.

[CharlesS]

Originally posted by DeathMan:
On windows, you could do serious system-wide damage without even asking for a password.

One thing that needs to be fixed on OS X, though, is the way /Library/StartupItems doesn't exist by default. It should be there by default, and it should be owned by root with no one else having write permissions to it. But as it is, any process that is run by an admin user can create that folder and put anything in it, without asking for a password. Then, the stuff in that folder gets run as root on the next reboot.

No idea why Apple hasn't fixed this yet - it would be so easy. Just add a single empty folder to one of the security update packages...

[Millennium]

Originally posted by macintologist:
Those of you who have experience with mac programming, please tell us, if you decided to make a Mac virus/worm, what could be done.

First of all, keep in mind that viruses are seldom written alone. They need a vector, a program on which the virus hitshes a ride. Further, that program needs to be something desirable, so that people would want to download it. Even better, though, is something that people would quickly get bored with and delete; by that time the virus already exists on the machine, but with the original vector gone it would be hard to trace back to the source. In the old days, writers would just use a basic program as a "starter vector", infect a single machine with good programs on it, and then use those infected programs as the "real" vectors by uploading them to warez sites. I would use a similar technique, using a starter vector to infect another program, which would act as my real vector.

For the Mac, I'd choose a Minesweeper clone as my real vector. I'd give it flashy graphics, but not many features. OSX doesn't come with Minesweeper, but everybody loves the game, so there's a lot of demand. I'd use lots of screenshots to grab people's attention, but by making it feature-poor I'd cause many people to delete it after one or two uses (and by then the damage would already be done). Also, I would Open-Source the program, to help defray suspicion; since the virus doesn't infect the app until after it's compiled, I end up looking like just another innocent victim.

Unix binaries do not lend themselves well to viruses, because they are difficult to patch. However, the OSX package format comes to my rescue here, because I don't actually need to alter a file. I could create the virus as a simple wrapper around the "real" app. It would live in the application's package, and all it would do when the app was launched would be to run its own code, launch the real app, and then exit. This would make the virus very easy to detect and repair, but all viruses meet that fate eventually, so this isn't much of a problem. It also gets around the problem of apps which checksum their own code at launch time (usually to protect against piracy or cheating in games, but it can be used to detect viruses as well). The app's own code is not altered, so unless the entire package is checked then the virus won't be detected that way.

Next question: how to make the virus spread? This is where mach_inject comes into the picture. I would use it to spread into a running system, such that when any app launches the system checks to see if that app already has an embedded copy of the virus. If not, then it copies its file into that app's package and alters it as appropriate. The newly-spawned copy of the virus would then lie dormant; the system is by definition already infected, so another copy does not need to be running. It will run as normal when the app launches again anyway.

That's enough to get a true virus up and running. Let us say that I want to add worm-like features, so that the virus could spread by itself to multiple machines on a subnet (or even the Internet at large) without any need for downloading additional files. Discovering other Macs would be fairly easy via Rendezvous. From there I have my pick of buffer-overflow or similar vulnerabilities to try, though I'd probably prefer iTunes or file sharing if vulnerabilities are found there; both are commonly used in networks, and neither is updated very often. I'd use a buffer overflow or some similar hole to run my mach_inject code again, thereby infecting the system; assuming the user launches at least one more app before shutting down their system is mine. Of course, even if the worm-like spreading mechanism fails, the virus-like spreading mechanism still exists as a backup.

This leaves only one question: how to perform the initial mach_inject, which needs to run as root. The first attempt would be to simply give it a try; enough users run as root that it may well work (of course, errors would need to be caught as silently as possible). If that fails, then a fake dialog box should do the trick. Model it after some important system process which might theoretically require something like this; most System Preferences panels should prove adequate.

OK, so that covers the spreading mechanisms: I have virus-like and worm-like methods going, for maximum effect and hassle for anti-virus authors. Now, what do I make my malware do, other than spread? Since I can latch onto the system with this technique, the answer is: anything I want. Raiding the Address Book becomes almost trivial. Hooking you into an IRC network of zombies is a little tougher, but by no means difficult. I've got root on the box at this point, so I can do anything that any other kind of program could do, and I can bypass all the security mechanisms while doing so.

That's the basic design, at any rate. Code will not be forthcoming, not from me at any rate. This isn't anything that a determined virus writer wouldn't be able to do, once they'd done the proper research.

Is it possible to write a multiplatform virus of some sorts?

Possible, but not practical. Either you would need to account for many different platforms and OS types, leading to a monstrously huge and complex beast, or use some kind of runtime which runs everywhere (Java would be a good choice for that), which would make it less complex but just as huge.

[wdlove]

Those that aren't aware of the risk of a virus and prepare are doomed to fall.

[nonhuman]

Originally posted by malvolio:
APU, yer overcomplicating stuff.
Repeat after me: OS X is better because you have to authorize sh*t.
C'mon now: OS X is better because you have to authorize sh*t.

Do you have any idea how many people will just type in their password and hit enter when prompted without knowing or caring why?

[rjenkinson]

Originally posted by nonhuman:
Do you have any idea how many people will just type in their password and hit enter when prompted without knowing or caring why?

nonhuman:
please enter your password to continue: _

-r.

[Millennium]

Originally posted by nonhuman:
Do you have any idea how many people will just type in their password and hit enter when prompted without knowing or caring why?

Quite a few. Windows actually has a leg up on the Mac in this one area, because it can require the user to press a special keystroke that cannot be faked before actually entering the password (in Windows' case, Ctrl-Alt-Delete). If someone tries a fake dialog box, then either the request to enter that password never appears -an obvious tip-off- or the user hits Ctrl-Alt-Delete and gets a very different result from what happens for a real password dialog.

Of course, the fact that Windows can require this is completely negated by the fact that it allows the feature to be turned off. This is arguably even worse than not providing it at all, because in addition to being turned off in most cases it fails to impress the point that insecurity should never be an option.

[nonhuman]

Originally posted by rjenkinson:
nonhuman:
please enter your password to continue: _

-r.

••••••


...


Hey, why isn't anything happening?!?

[Superchicken]

How likely is it that people are going to install viruses the old way. I'm sure nearly every nerdy mac user would tell everyone they know don't open .app files in e-mails in the future there are now a few viruses around. I think the most frustrating viruses these days come from infected files and viruses you just get because. My mom's PC is always infected by something but she doesn't do all that much with it.