[besson3c]

Check out this image:

The Business of Malware

I suspect that some of our information (including my own) about malware is a little out-of-date now, because the days of fussing over getting a self-propogating virus via email or whatever seem to be pretty much dead, trojans are where things are at, and a trojan can be in theory written for any OS.

I think the advice we give users should no longer be "you are safe, you are on a Mac" and now advice that pertains to not opening questionable executable files if you aren't certain what they do or where they came from, and not visiting questionable websites that might manage to coerce you to download something. This isn't meant to scare anybody, but especially as the popularity of the Mac increases, I suspect the popularity of trojans on the Mac will increase too, perhaps downloaded from file sharing websites/torrents/newsgroups, phishing sites, etc.

Have some of you revisited the advice/wisdom that used to be prevalent as it related to self-propogating viruses?

[turtle777]

You are right, no OS is safe from malware that's based on social engineering. Some people are smart and have common sense, and will be safe.
Some people will make mistakes, and learn it the hard way. Some people are too dumb to even notice how they are being used.

Look at the Nigerian scammers - even after all those years, they still find suckers. Some things are like gravity.

-t

[ghporter]

Originally Posted by turtle777 

no OS is safe from malware that's based on social engineering.

This is the key. The most noteworthy bugs that got into the Mac world (at least that I can think of at this moment) were either based on a promise to get either naughty pictures or a pirated pre-release of a new OS version. These inducements got a number of people to install the bug-with of course unpleasant results. So the whole idea that "I'm safe because I'm running a Mac" is null if your'e out to get something for nothing.

On the other hand, you're not going to get something nasty into your Mac by simply visiting a web site, as Windows users may still be at risk for.

[Big Mac]

I recently switched over to Comodo AV on my Windows 7 (having been thoroughly annoyed by problems with AVG Free Edition) and had it do a sweep of my system. To my surprise it actually found some Java-based trojans. And they [can] be a threat to Mac users given that Java apps are inherently cross platform.

One is very unlikely to come across Mac-specific malware in the wild. But Java malware is a threat.

[ghporter]

Java is certainly a threat. As is javascript, to a limited extent. But unlike under Windows, just about everything within the OS X system is isolated, and apps run by a regular user have to get permission to do much beyond running. Your personal information? Sure, if you have your SSN, credit card numbers, passwords, and so on in plain text in your Documents folder, something you're running as a regular user can find and snatch it. But aside from the above situation being just plain dumb, it takes some effort to lower one's Mac's defenses to make it vulnerable to even the kind of Java trojan reported in late October.

[Laminar]

Originally Posted by turtle777 

Some people are smart and have common sense, and will be safe.

Define "common sense" in the context of your post.