Welcome to the MacNN Forums.

cowicide · 12:44 AM

Is this currently possible for OS X?

Make a malicious email app* for OS X that can send out an email (**with email addresses extracted from the victim's Mail app files) including a friendly message and attachment (without user's knowledge) to everyone it harvests... repeat with next victim who launches the app. All the while, it deletes various files from the home directory including the Library just to be nasty.

Call the application "Flashgreeting" or something which puts on a facade (maybe does a multimedia greeting via shockwave, etc.) while it does its evil business.

Please explain why this isn't possible. Aren't there already some malicious apps for OS X out there somewhere that run and throw away files? If not, why? Does OS X make it a pain for apps to delete things without permission? How?

Can any apps and applescripts start deleting files without your username?

* already 3rd party email apps for OS X
** already applescripts that can extract email address from Mail

Busemann · Apr 11, 2004, 05:46 PM

Why are suddenly everyone so obsessed with virus & worms?

Jeez, get a life!

cowicide · Apr 11, 2004, 06:18 PM

Originally posted by Busemann:
Why are suddenly everyone so obsessed with virus & worms?

Jeez, get a life!

I think the better question is this... why are you wasting time posting to a thread you think is a waste of time to begin with? Don't YOU have something better to do? Could it be that YOU need a life?

As far as why suddenly everyone is "obsessed" with security (as you put it)... Might have something to do with the fact OS X has gotten its first proof of concept trojan and now proactive people (non-losers) want to do something about it, maybe?

Look, nevermind.. you're wasting my time with a stupid, obvious question and insulting attitude. You're probably just a troll anyway... Bye.

C.J. Moof · Apr 11, 2004, 10:12 PM

Originally posted by cowicide:
Is this currently possible for OS X?

Can any apps and applescripts start deleting files? (aside from just putting items in the trash)

Code:
tell application "Finder"
	select item "Documents" of folder "username" of folder "Users" of startup disk
	move selection to trash
	empty trash
end tell

Yes.

Paste this into Script editor, swap your user name for "username", and run it, and your Documents folder will be gone. I'm sure someone with more AS mojo than I could get the current user's name and swap it into the "username" field easily.

That's the thing about computers- they're still very good at doing what they're told to, even if they're told to do something you might not want. They follow orders without asking why.

The thing to do about the proof of concept trojan is very simple: Don't pet strange dogs, don't eat food you find in the street, and don't blindly click everything that comes your way without a good idea what the consequences might be.

Mike S. · Apr 11, 2004, 10:15 PM

Originally posted by cowicide:
As far as why suddenly everyone is "obsessed" with security (as you put it)... Might have something to do with the fact OS X has gotten its first proof of concept trojan and now proactive people (non-losers) want to do something about it, maybe?

It may be the first for Mac OS X but in actuality it's exploiting a throwback feature from Classic Mac OS, forked files. However, the same technology that makes it work also prevents it from mass distribution unless it's distributed as an archive.

To answer your original question I'd have to say yes, it's certainly possible. A trojan horse is nothing but an application with malicious intents. The only real exploit going on is happening to the user, who gets fooled into launching it.

Applications can be coded to do anything, remember the iTunes installer a while back that deleted everybody's files because of a misconfiguration of the installer script? Same principle, apps can do anything and there is no defense against trojan code except for common sense.

The MP3Concept is only "dangerous" in that it looks like one thing but is actually another but the observant user will notice tell tale signs such as this one.

Columns view is not showing a preview and it clearly says Application, anybody who falls for this is no better than the Windows users who repeatedly open attachments like "Britany_Spears_Nude.jpg.scr" It's obviously not a jpg but they open it anyways. ID-10-T error all the way.

Viruses are the nasty things since the worst ones propagate without the user having to do much of anything. Exploits like this recent one for Windows are what's really dangerous.

I wouldn't say Mac OS X is immune, nothing is, but given the historical track record of Macs and various BSDs with regards to viral outbreaks I'm no more concerned today than I was before Intego made public asses of themselves.

gorickey · Apr 11, 2004, 10:34 PM

Originally posted by C.J. Moof:
They follow orders without asking why.

Can that be done with my wife? A simple "AppleScript" or something?

cowicide · 06:27 PM

C.J. Wook said:
> username

Could you tell applescript to look into the "Users" folder and get the names from there since it's the title of the folders inside, right? (having it ignore "Shared" of course). Then assign the username to a variable that's used in the script? If it gets an error (picks the wrong user that not admin), it then tries with the next username till it gets the admin username and succeeds.

For example:

select item "Documents" of folder (value from folder name inside of "Users") of folder "Users" of startup disk
move selection to trash
(if there's an authentication error at this point it grabs another username and tries again?)
empty trash

Anyway, I'm not sure that I see all this working with Applescript, agree? Maybe if it gets lucky and there is only one user or picks the right one by chance on the first try? Can Applescript even use a variable for the username in this instance anyway? Hell, if that's the case, maybe it can just ask for the username and some people will type it in thinking it's just an authentication for a harmless install and get it that way.

I do know of a way to use Applescript thats very harmful in OS 9 (and possibly to OS X) by replicating icons in an insane fashion, but I won't get into that here in public for fear of inspiring some assh*les. I'll continue to watch what happens with Applescripts in OS X nervously until I get some more answers, that's for sure.

Mike S. said:

> To answer your original question I'd have to say yes, it's certainly possible.
> A trojan horse is nothing but an application with malicious intents.
> The only real exploit going on is happening to the user, who gets fooled
> into launching it.

> Applications can be coded to do anything, remember the iTunes installer
> a while back that deleted everybody's files because of a misconfiguration
> of the installer script? Same principle, apps can do anything and there is
> no defense against trojan code except for common sense.

I figure any file destroying trojan on OS X is going to be required to be an installer package, correct? You give it your authentication then it can delete amost anything beside some system stuff, right?

I'm very surprised no one has made such a program and put it out in the file sharing arena or newsgroups. There are definitely enough assh*les out there to do it that's for sure... So why haven't they? (I'm not saying it can't be done, I'm just curious as hell why not one person has seemed to make this as of now)

I haven't heard even one report of just one getting someone or at least someone trying to get someone with such an app. Either it can't be easy to delete stuff with OS X apps or I'm missing something about human nature here. There should be at least one of these apps out there... at least a proof of concept, right?

Which bring me to propagation. What good is a nasty virus if it can't spread very well? What is it specifically that's keeping these assh*les at bay? I keep thinking it's the Mac OS X architecture and the fact that security was kept in mind from the get go as opposed to Windows which was made by a company who underestimated the fricken' internet.

I'd love to see more feedback in this area. I believe bringing this stuff out in the open will allow us to be stronger for a couple of reasons. If we find problems, we can fix them before they are exploited. If we don't, we can continue to harp on how much safer it is to use Mac than Windows machines. Either way, I believe we win.

Any more input will be greatly appreciated. Thank you Wook and Mike!

cpac · Apr 12, 2004, 01:35 AM

(1) Yes, Applescript can use a variable for the user name- There's just the shortcut "~" for the home folder, so you wouldn't even need to scan for the name.

(2) You are being ridiculous. OF COURSE you can write a program to scan for emails, and mail itself to other users. OF COURSE you could tell it to delete pretty much any file or directory you might want it to (though for many things you might have to convince the user to enter and administrator password). OF COURSE it could display some distracting little animation or movie or whatever while it did it's nasty work.

What you can't do, is force somebody else to run that program.

The security holes in Windows are generally there because Outlook is set up to auto-execute much embedded code. Luckily, we on the Mac do not have any (known) holes similar to these. There are, of course, a lot of stupid users out there who will click on pretty much anything sent to them, whether via spam or whatever. To avoid being one of those user, just learn this little trick: DONT BE STUPID.

If you're asking this question in the first, place, I assume you're not downloading and running applications from people you don't know (or running suspicious applications from people you do know), so stop worrying about it. Further, chances are also very good that because the concentration of mac users out there is so low, that any trojan of the sort you're describing, would not make it to very many other mac users at all, and would die out long before it could cause damage to unsuspecting users.

cpac · 01:57 AM

sorry - hadn't read all the way through your comments (it is a poll afterall).

Nobody's saying Macs are *inherently* safer than windows - and if suddenly the world were shifted to 90%+ being Mac users, sure then viruses could pose a much larger threat and problem for us. But that isn't the case, and is very unlikely to ever happen.

The bottom line is, that with the world being the way it currently is, running a Mac, even with all your security options turned off, even double-clicking every attachment you ever receive, etc. is STILL FAR SAFER than running Windows.

[edited out since Art's clarification re: switchback]

Art Vandelay · Apr 12, 2004, 01:50 AM

Sorry guys, Switchback doesn't exist. It was a joke based on Apple's Switch campaign. It was a joke editorial on lowendmac's humor section.

Graymalkin · Apr 12, 2004, 06:41 AM

While viruses and trojans are entirely possible on OSX they're not very likely to propogate far. In order to get an executable file onto a Mac it needs to come in a fork preserving archive format such as MacBinary or StuffIt. Carbon apps such as the infamous MP3 "virus" need their resource forks preserved to tell Finder they are APPL (executable application) files. In the case of app bundles (blah.app) they are simply folders with .app extensions and a particular file arrangement inside the folder. You can't simply e-mail or download an entire folder over a network.

So to get an executable onto your Mac it needs to be sent as say a StuffIt file. Then it needs to be decompressed. Finally the user has to double click it to launch the malicious code. That is a lot of steps for a user to jump through to simply execute a game or to eject their CD tray. On Windows a file can simply be launched from Outlook as long as it has the right extension in the file name. A single doubleclick will run a trojan on Windows. As such Windows is an entire order of magnitude easier to infect with a virus than a Mac.

It sure seems like Mac-land is going virus crazy since Intego's little product announcement. I suppose all the nascent OSX users have been running around thinking they can be as stupid as they want on the internet because OSX was virus proof. Intego is stirring up all this ridiculous hype to sell their AV software. The likelihood of a trojan or virus ravaging Macs worldwide as they do almost weekly on Windows is so miniscule it is almost ridiculous to mention.

Don't be stupid on the internet, don't execute programs you're not expecting from friends and family and least of all strangers.
If you're afraid of viruses and their ilk go spend the money on Norton Antivirus, Virex, or even VirusBarrier X and stop worrying.
Be judicious with what you download, run, and install off the web. Read product reviews at the very least before trying a new program you've never heard of before.
Learn to use your e-mail client's filters to move mails with archived attachments (.sit, .sitx, .bin) to a special folder so you can review and manage (delete) them easily.

absmiths · Apr 12, 2004, 11:30 AM

Originally posted by cowicide:
As far as why suddenly everyone is "obsessed" with security (as you put it)... Might have something to do with the fact OS X has gotten its first proof of concept trojan and now proactive people (non-losers) want to do something about it, maybe?

Repeat after me: THIS IS NOTHING NEW!!!!!

You need to read any of the many threads detailing the actual behavior of the application, since the concept has been around for a long time. The reason it has never really been exploited is that the delivery mechanism is not straightforward (certainly not automatic like on windows). I do remember a trojan for OS 9 from years ago that claimed to be a nude slideshow and would erase your HD while displaying pictures.

There is no realistic solution (to Trojan Horse apps). Any program can do malicious things, and any user who launches it authorizes it's behavior, and many users can be fooled into launching just about anything. The only thing Apple could do is restrict applications to executing only after an admin has OK'd it (unless you are a dumb admin) - which would effectively cripple OS X as a consumer OS.

[APi]TheMan · Apr 12, 2004, 05:19 PM

Yes, this virus is possible... and I'll explain why:

<insert bit about Social Engineering from every article on the matter...>

Other than people being incompetent and clicking these "mp3s", this is just a reality that we (and they) will have to live with. For something like this to do large-scale damage it would need some way to spread, and I just don't see that happening any time soon. This means that it will only affect individual computers, rather than being a domino effect as you get with Windows PCs.

This "MP3Concept" is hardly different than some third party developer releasing a program that, say, "speeds up OS X," but in all actuality is an AppleScript with some malicious code inside that deletes your home directory.

It's really too bad, eh?

cowicide · Apr 13, 2004, 12:26 AM

Originally posted by absmiths:
Repeat after me: THIS IS NOTHING NEW!!!!!

Repeat... No one has explained why there isn't even a proof of concept. If it's so easy, why not? If it's nothing new... why not? Out of the millions of Apple consumers, nobody has made a proof of concept?

Anyone want to step up to the plate on this one?

cowicide · Apr 13, 2004, 12:57 AM

"...You are being ridiculous. OF COURSE you can write a program to scan for emails, and mail itself to other users. OF COURSE you could tell it to delete pretty much any file or directory you might want it to (though for many things you might have to convince the user to enter and administrator password). OF COURSE it could display some distracting little animation or movie or whatever while it did it's nasty work..."

Ok, I'm ridiculous, whatever... Then why hasn't someone made one? Not one proof of concept? Out of the millions of Mac users no one has even bothered to make a proof of concept? You make it sound incredibly easy; since it's so easy, have YOU made a proof of concept or am I being ridiculous again? Sure would get you lots of money and accolades if you at least made a proof of concept.. so get cracking. Hahaha...

"...To avoid being one of those user, just learn this little trick: DONT BE STUPID..."

Thanks, I'll keep that in mind, genius....

"...If you're asking this question in the first, place, I assume you're not downloading and running applications from people you don't know (or running suspicious applications from people you do know), so stop worrying about it..."

I'm not losing sleep about this, so you can save your advice. But putting our heads in the sand and not investigating and asking questions is for idiots. I've seemed to have pissed you off because I'm asking questions. If you are so disinterested then for God sake, move on and ignore this thread.

"...Further, chances are also very good that because the concentration of mac users out there is so low, that any trojan of the sort you're describing, would not make it to very many other mac users at all, and would die out long before it could cause damage to unsuspecting users..."

Sure, propagation should be a major problem... But you should consider many Mac users correspond with other Mac users and that Mac users might make up a good percentage of their address books which could be the source of propagation or websites such as VersionTracker with a sleeper trojan or two. All it takes is one well-written sleeper trojan that can eventually propagate to other Mac users and delete files and I think many people will change their tune.

Human nature tells us someone would have made at least one by now if it was easy. Apparently, it's not so easy as you would make it seem... and once again, I ask to those in the know... why? You can get bent out of shape all you want, but I will continue to ask this and others concerned about the security of themselves and others will ask as well.

cpac · 01:48 AM

Originally posted by cowicide:
You make it sound incredibly easy; since it's so easy, have YOU made a proof of concept or am I being ridiculous again? Sure would get you lots of money and accolades if you at least made a proof of concept.. so get cracking. Hahaha...

I write a program that deletes files while showing people a pretty movie and people will give me money? Who exactly?

How 'bout an applescript that just says:

Tell Application "Finder"
Open movie.mpg
End Tell
Tell Application Address Book
Set ListOfEmails to all emails in Address Book
End Tell
Tell Application Mail
Make new message with addressee ListOfEmails and attachment RunMe!.scpt
Send new message
End Tell
Tell Application Finder
Move "~/Documents" to Trash"
Empty Trash
End Tell

Now give me a prize!

(and of course, that's not a valid applescript, I'm not going to bother looking up the exact dictionary terms, etc., but it's certainly possible, even at the Applescript level. Once you get down into objective-c and xcode and all that good stuff, you can do it even more neatly)

There's no special art or skill involved in making a trojan horse - as has been said many times in this thread - you can write a program to do pretty much anything - the trick is getting somebody to run it. (Hell, there are many, very nice programs out there that help you delete files - OmniDiskSweeper, e.g., And there are many programs out there that accidentally delete files - the broken iTunes installer mentioned above, e.g. (I bet I'll never see a better trojan for Mac OS X than that one written by Apple itself))

All it takes is one well-written sleeper trojan that can eventually propagate to other Mac users and delete files and I think many people will change their tune.

So what's your point - that it can be done? Of course it can. From the beginning we've all said that, yes, such a program could be written.

Human nature tells us someone would have made at least one by now if it was easy. Apparently, it's not so easy as you would make it seem... and once again, I ask to those in the know... why?

If it's just that you're puzzled by the lack of malicious programs out there, then get over it: Who cares why there aren't any - there are a million possible sociological explanations: No I don't think there's money in it, and no I don't think human nature would inevitably result in the writing of a Trojan for Mac OS X: all the writer proves is that the user was stupid enough to run the destructive program, not that Apple failed to close a security hole or anything comparably impressive.

The bottom line is: Yes, you can write a destructive & propagating program for the Mac. No, nobody seems to have done so, so far. Why not? Well, why should they?

You can get bent out of shape all you want, but I will continue to ask this and others concerned about the security of themselves and others will ask as well.

I'm not particularly bent out of shape - just confused as to what point it is you're trying to make, or what question you're trying to ask. If you think you are doing one of these two things, please just state them in plain language. If you're not making a point, or asking a question, then why are you posting at all?

cowicide · 04:23 PM

I write a program that deletes files while showing people a pretty movie and people will give me money? Who exactly?

How 'bout an applescript that just says:

Tell Application "Finder"
Open movie.mpg
End Tell
Tell Application Address Book
Set ListOfEmails to all emails in Address Book
End Tell
Tell Application Mail
Make new message with addressee ListOfEmails and attachment RunMe!.scpt
Send new message
End Tell
Tell Application Finder
Move "~/Documents" to Trash"
Empty Trash
End Tell

Now give me a prize!
(and of course, that's not a valid applescript, I'm not going to bother looking up the exact dictionary terms, etc., but it's certainly possible, even at the Applescript level. Once you get down into objective-c and xcode and all that good stuff, you can do it even more neatly)

There's no special art or skill involved in making a trojan horse - as has been said many times in this thread - you can write a program to do pretty much anything

That's funny, you should get a "prize" for not successfully coming even close to making a proof of concept trojan? You and I both know that you can look up the "exact dictionary terms" all you want and that script won't work for sh*t and it really won't propagate for sh*t for various obvious reasons including safeguards in Mail, etc. It wouldn't even get past "Open movie.mpg" for Christ's sake... your 2nd line of "code". Hahaha... Gawd, you should use have at least used Mail's creator-code to avoid having to locate it... sheesh...

Even if it did function, it wouldn't be very stealth would it? The user would see Mail launch and everything, then interrupt the process.

Also you point out that you wouldn't need to scan folders to get the username, there's just the shortcut "~" for the home folder. I wasn't talking about trying to find the home folder in that instance. I was thinking for the purpose of exploiting the authentication process it might be a good idea to get the admin's username. You could do something like this:

Code:
set theuser to (do shell script "whoami")
display dialog "Current User of Machine Is : "
& theuser buttons {"Ok"} default button 1 giving
up after 5 with icon note

Obviously, you wouldn't use the "display dialog" part.. I just added the display dialog to make it a functional proof of concept script of sorts so that you can run it now and see the results (without errors because it has all the "exact dictionary terms" so to speak). Anyway, now you would just implement "theuser" where you need it in a malicious script. The thing is, that's just the current user of the machine who may not be the admin, so you still need to scan the folders for usersnames like I said in the first place... Anyway, it's just an aside because most people are logged in as admin anyway... but any successful trojan will find novel ways to do what it needs to do, that's what makes them harder to thwart, correct?

As far as a proper applescript for emailing with an attachment. Here's one from Apple if you're curious, I don't know if it works properly in OS X or not: http://developer.apple.com/qa/qa2001/qa1018.html Once again, not very stealth... hahaha...

So what's your point - that it can be done? Of course it can. From the beginning we've all said that, yes, such a program could be written.

My point? Well, one of my many points in this poll is to ask people for their stances on this issue (politely) and to back it up. You apparently aren't capable of either.

You know what I'd like to ask YOU? Just what is YOUR point? Why are you here at this thread? Why have you felt the need to be insulting towards me from the get go? If we were in person and you came at me like this, believe me, I would ask you the same after giving you a little smack on the back of your head.

If my little poll has your panties all tied up in a knot so tightly... then MOVE ON. You keep saying this isn't worth anyone's time and has been "gone over and over"... well, then why are you here? Just ignore this little thread and move on, buddy. Apparently, you have nothing better to do than troll this thread?

If it's just that you're puzzled by the lack of malicious programs out there, then get over it: Who cares why there aren't any - there are a million possible sociological explanations: No I don't think there's money in it, and no I don't think human nature would inevitably result in the writing of a Trojan for Mac OS X: all the writer proves is that the user was stupid enough to run the destructive program, not that Apple failed to close a security hole or anything comparably impressive.

The bottom line is: Yes, you can write a destructive & propagating program for the Mac. No, nobody seems to have done so, so far. Why not? Well, why should they?

It think it's funny that you laugh at my "puzzlement" but you appear just as puzzled and moreover, utterly confused and wrong about things. Of my points you've missed is the one where I question why no one has made a destructive proof of concept.

You do at least make a lame attempt to tackle why no one has made a "real" trojan (not a proof of concept) because a you say, "all the writer proves is that the user was stupid enough to run the destructive program" and how "human nature" wouldn't drive anyone to make one (as I have suggested it would).

Well, I'll start with your theory that "human nature" won't lead to trojans. You're dead wrong about human nature. Case and point... let's take a look at human history . That same "human nature" drives the makers of all those unimpressive Windows and OS 9 trojans. You could even say "human nature" drove Intego in various ways to market defense for a "proof of concept" trojan.

As past history will tell us, unfortunately it is definitely within "human nature" to have the desire to make malicious trojans for computers. It's already been done by humans, therefore it is very obviously in their nature. You're dead wrong. Or... er... are you saying Apple users are a step above and it's not part of thier nature to write trojans? Well, the OS 9 viruses had to have been compiled on a Mac... so that's moot.

It's not a simpleminded matter of "Well, why should they?" and leave it at that... it's a thought provoking matter of "Why haven't they if they can?" (especially if it's "so easy" as you say, right?) If this gets too philosophical for you, I'm sorry. You say there is "no special art or skill involved in making a trojan horse" and I would agree with you to a point. But what about a successful trojan horse? Is there no special art or skill involved in making a successful trojan horse that causes widespread damage through propagation and novel methodologies? And, on that note, isn't especially skillful to make a successful trojan for OS X? If NOT, put your money where you mouth is, that's all I got to say.

And once again, I ask... why hasn't someone made at least a "proof of concept"? Intego had the gumption to tout a benign trojan they didn't even theorize themselves, so why don't they go a step further and prove it can be malicious and propagate so they can harp on that "danger"?... and out of all the millions of Mac users and Windows users with access to Macs, there's not even just ONE proof of concept trojan that's malicious and can propagate? This is very strange considering you've said there would be "no special skill required" to create one.

Whether it's someone with good intentions who wants to expose flaws before they are exploited or someone with bad intentions... there really should be a malicious trojan or destructive proof of concept by now, should'nt there? C'mon... you gotta concede at this point you've been talking out of your a** one way or another.

My main question stands sufficiently unanswered... and despite your cockiness, you still haven't even come close to an answer.

I'm not particularly bent out of shape - just confused as to what point it is you're trying to make, or what question you're trying to ask. If you think you are doing one of these two things, please just state them in plain language. If you're not making a point, or asking a question, then why are you posting at all?

Well, I'd hate to see your even crappier attitude when you actually are "bent out of shape", Hahaha... Do you always get this upset when you're confused? It's not a productive reaction, really.

Look, it's just a little poll I set up hoping to illicit an intelligent, polite discussion about viruses for OS X. If that bothers you, move on... I can certainly live without you being here. If you'd like to show a modicum of respect, I'd be glad to hear your input. I feel that I have made some valid points and I'm asking valid questions, I apologize if I'm not stating them in plain enough language for you, but I'm doing the best I can with the time I'm alloted at the moment.

Why am I posting at all? I think I've sufficiently answered that throughout this post. If you're still puzzled and confused, then get over it and move on to some other thread and quit picking on me. Hahaha...

- Cow

mitchell_pgh · Apr 13, 2004, 04:18 PM

I wish people understood the difference between a virus and a trojan...

cowicide · 04:37 PM

I wish people understood the difference between a virus and a trojan...

Right, a trojan is just an app that conceals itself and runs. To make things simple, most people categorize them as viruses.

That's why you don't usually see any mainstream products called, "Anti-virus and Anti-trojan software". See what I'm saying? I'm sure the anti-virus dev's at Symantec, etc. are just as aware of the difference between trojan code and viral code (and hybrids thereof) just as I am.

cpac · Apr 13, 2004, 06:31 PM

Mr. Cow:

You claim the point of your poll is "is to ask people for their stances on this issue (politely) and to back it up."

So far, everybody, has agreed on this "Issue" - we all agree such a trojan is possible, but point out that it's unlikely to succeed because you necessarily have to dupe the user into running the trojan. (To put it in the simplest terms possible: There are programs that can email attachments, there are programs that can delete files, there are programs that display distracting media. Could all three of these functions be combined into a single program? Absolutely)

Apparently, you want to disbelieve them, and so argue:

� if it were possible, human nature dictates it would have happened by now
� it hasn't happened
� therefore, it must not be possible.

If this isn't your stance, then you're on the same side of the "issue" as everybody else.

Either way, the thread doesn't contribute to making Macs any safer or even to raising awareness of security flaws (since the only flaw a trojan exposes is user stupidity).

Now, if you think there's some other "issue" you've raised, please try to state it. (Ideally as a sentence starting with "whether").

cowicide · Apr 13, 2004, 08:17 PM

> Either way, the thread doesn't contribute to making Macs any safer or even to raising
> awareness of security flaws (since the only flaw a trojan exposes is user stupidity).

Nice avoidance of my questions (that you obviously don't have the ability to answer), cpac! Congrats! You know, if you truly believe this, you'd move on... but you don't. Apparently, you are strangely drawn to this "worthless" thread. Why don't you go on writing your worthless scripts that don't work and leave me alone?

Hey, how about where you say it's "easy" to make a trojan, but you have absolutely no valid explanation for why none exist and cannot seem to make a basic one yourself. You gonna avoid that little issue too? Haha!

What everyone does NOT agree on is exactly why there isn't a malicious trojan or proof of concept of a malicious trojan. If you bothered to comprehend what I've been writing, you'd know that. Also, if you'd bother to look at the poll results, etc. you'd see that everyone is NOT in agreement that a prolific Mac OS X trojan of this nature is even possible. So once again, you are wrong. You are wrong about "human nature" and you are blatantly wrong about everyone's "agreement" on this issue in this thread.

If you don't think it "matters" about why there are no malicious trojans or proof of concepts of malicious trojans... then, for God's sake, MOVE ON.

Thats one thing you can always count on with human nature... virus writers and trolls like you. I'm partially to blame, I shouldn't be feeding you. Bye.

cpac · Apr 13, 2004, 11:31 PM

Originally posted by cowicide:
Hey, how about where you say it's "easy" to make a trojan, but you have absolutely no valid explanation for why none exist and cannot seem to make a basic one yourself. You gonna avoid that little issue too? Haha!

(1) Why it doesn't exist:
� there's no glory in making such a program - all it does is expose user stupidity
� there are relatively few people coding for the Mac, and the 2.5 years or so since the address book was opened up to other programs (in 10.2) hasn't been enough time for a mean person to get bored enough to try
� mac users, and mac developers, *are* generally nicer/less inclined to write destructive software - at least to fellow mac users
� "proof of concept" - it's such a trivial thing, this isn't glorious either
� Mac's are such a small market, and the chances of writing a successful Trojan so small, why put in the effort into writing it?

(2) Cannot seem to make a basic one myself?
� my coding ineptness proves nothing: I'm a law student who has dabbled in applescript in my infrequent spare time
� You haven't said (other than that nobody's taken the time) why you think it would be impossible or even difficult to write a program that (1) emails attachments (2) deletes files and (3) plays distracting media (if the best you've got is the circumstantial evidence that nobody's tried, well then we're at an impass).

cpac · Apr 13, 2004, 11:34 PM

Originally posted by cowicide:
If you don't think it "matters" about why there are no malicious trojans or proof of concepts of malicious trojans... then, for God's sake, MOVE ON.

My bad. I don't. Good night.

absmiths · Apr 14, 2004, 12:12 PM

Originally posted by cowicide:
Repeat... No one has explained why there isn't even a proof of concept. If it's so easy, why not? If it's nothing new... why not? Out of the millions of Apple consumers, nobody has made a proof of concept?

Anyone want to step up to the plate on this one?

You seem to be rather simple-minded. Proof of concept? There are Trojans out there for the Mac OS. If you need a poc I can write an app for you that will pretend to connect to the internet and erase your harddrive while you wait. Will that convince you that Trojans are possible on Mac OS X?

absmiths · Apr 14, 2004, 12:15 PM

Originally posted by cowicide:
Right, a trojan is just an app that conceals itself and runs. To make things simple, most people categorize them as viruses.

That sounds more like the definition of a virus. A trojan doesn't conceal itself - it gets right in your face and dares you to run it - it just doesn't do what it claims to do (or it at least does more). A virus typically isn't even known to the user, but a trojan requires user intervention in order to activate.

absmiths · Apr 14, 2004, 12:18 PM

Originally posted by cowicide:
If you don't think it "matters" about why there are no malicious trojans or proof of concepts of malicious trojans... then, for God's sake, MOVE ON.

Thats one thing you can always count on with human nature... virus writers and trolls like you. I'm partially to blame, I shouldn't be feeding you. Bye.

That's ironic - you come across as the ignorant troll here. But, as you say, we should all move on.

cowicide · 12:51 AM

> You seem to be rather simple-minded.
> Proof of concept? There are Trojans out
> there for the Mac OS. If you need a poc
> I can write an app for you that will pretend
> to connect to the internet and erase your
> harddrive while you wait.
> Will that convince you that Trojans are possible on Mac OS X?

I've NEVER said that I've thought that Trojans aren't possible in OS X, simpleton. No, what I'd like to see is you write a proof of concept that can propagate itself to other macs and destroy files without the users knowledge.

Go for it... c'mon cocky-boy... What, you can't? Hahaha.... yeah, I thought so.

>> Right, a trojan is just an app that conceals itself and runs.
>> To make things simple, most people categorize them as viruses.

> A trojan doesn't conceal itself - it gets right in your face and dares you to run it

Oh, ok... the trojan doesn't "conceal" the fact that it's a trojan. It just comes up and says.. "ALERT: I am a trojan and I will now proceed to destroy absmiths massive porn collection". Hahaha!

A trojan is just what I said it is. An app that conceals itself and runs. Lemme' break it down for ya' so ya' get whut I mean, ok?

"An app" (meaning an applicaiton that a user would run)
"that conceals itself" (it conceals the fact that it's a fricken' trojan)
"and runs" (that's right, after it's started by the user the trojan runs and goes evil)

Yay!!! We be on the same page now! Right, absmithywiffy?

cowicide · 01:24 AM

> Why it doesn't exist:

> there's no glory in making such a program
> all it does is expose user stupidity

Then how do you explain all the other trojans for Windows and Mac OS 9 that lack such "glory"?

> there are relatively few people coding for the Mac
> and the 2.5 years or so since the address book was
> opened up to other programs (in 10.2) hasn't been
> enough time for a mean person to get bored enough to try

But you've said that it would be simple to make one. If it was simple, it wouldn't take very much time, would it? After several years?

There are over 10,000 applications designed specifically for Mac OS X not including all carbon apps, etc. Then you add in all the shareware, freeware (just take a look at VersionTracker, etc.) and you start to realize it's a pretty large number of programmers out there... not just a "few" people.

Also, you focus only on "a mean person to get bored enough to try"... What about all the nice people who would like to make a [malicious] proof of concept so we can all be prepared before all these "mean people" get bored? How do you explain that?

> mac users, and mac developers, *are* generally nicer/less
> inclined to write destructive software - at least to fellow mac users

I guess that would explain all those OS 9 trojans? Hahaha... C'mon, do you only associate with people who use Macs because they are "generally nicer" than people who use other computers? I personally don't judge people by what computer they use.. that's just plain bigoted and silly. I mean, look at you.. you use a Mac and you've been nasty as sh*t to me from the get go. That theory's blown all to hell! Hahaha!

> "proof of concept" - it's such a trivial thing, this isn't glorious either

What is it with you and this whole glory thing? Haha... I can guarantee if someone makes a successful proof of concept or, God forbid, and actual virus that can take out a big percentage of the Mac user base if/when released. It won't be considered "trivial". There are far more organizations than you seem to be aware of that highly value OS X's current lack of destructive viruses. For example, the FBI headquarters in D.C., which uses OS X, would find it considerably more interesting than.. "trivial".

And as far as "glory" goes.... Well, there may not be much glory in it, but for some reason plenty of other "proof of concept" trojans have been released on almost a monthly and sometimes weekly basis for Windows. And without all that "glory" you think is so necessary to prod these things.

> Mac's are such a small market, and the chances of writing
> a successful Trojan so small, why put in the effort into writing it?

Hmmm... maybe you should put that question to all the people that wrote trojans for OS 9 when Mac had an even smaller marketshare. (snicker)

Also, you better watch it there, you're blatantly contradicting yourself by saying "the chances of writing a successful Trojan are so small" after saying how simple it would be earlier. Which is it? Easy or difficult? I guess you'll try to wiggle out of this one by stating that you only meant to say it was easy to make a lame, non-prolific, crappy trojan before. Hahaha...

> Cannot seem to make a basic one myself? my coding ineptness
> proves nothing: I'm a law student who has dabbled in applescript
> in my infrequent spare time

Well, it does prove "something". It proves that you were talking out of your a** when you said you knew it was "simple to do" and stuff. You have no idea.

> You haven't said (other than that nobody's taken the time) why you think
> it would be impossible or even difficult to write a program that
> (1) emails attachments
> (2) deletes files and
> (3) plays distracting media

Not to continue tearing you apart point by point, but I'll go ahead and.. uh, tear you apart point by point...

(1) First of all, I've NEVER said that I thought it would be impossible to write a program that emails attachments. As a matter of fact, I stated that one already exists in my first post in this thread! Hahaha.... Go back to my first post and read, you're wrong.

(2) Where have I said it would be impossible for a program to delete files? I haven't, you're wrong again.

(3) [See #2 above, change "delete files" to "play distracting media"]

> if the best you've got is the circumstantial evidence
> that nobody's tried, well then we're at an impasse

The best I've got for what? To say that making a successful trojan than can propagate is impossible? I've never said that, NOT ONCE. Go back and read, you're wrong once again.

What I continue to ask and you have NOT been able to cope with for some reason (nor provide a reasonable answer for)... Is why doesn't one exist or at least a malicious proof of concept exist? Why not? I'm NOT saying it's impossible... I just like to hear some good theories on why they don't exist. You're "human nature" thing and other explanations are full of holes (as I've shown you), so I'm not satisfied with your "answers" (or attitude for that matter).

Look, you've basically said from the get go (in a rude manner, I might add) that you don't care about why there isn't a malicious trojan or proof of concept. Well then.. this thread is NOT for you then, is it? Now hit those books and quit practicing your debating skills with me. I wish you success with your law studies and hope you have a good night.

I'm just a little cow asking a little question, it's really no biggie. Quit pickin' on me. Quit bein' rude. You'll like yourself better in the morning.

Chuckit · Apr 15, 2004, 03:37 AM

Originally posted by cowicide:
> there are relatively few people coding for the Mac
> and the 2.5 years or so since the address book was
> opened up to other programs (in 10.2) hasn't been
> enough time for a mean person to get bored enough to try

But you've said that it would be simple to make one. If it was simple, it wouldn't take very much time, would it? After several years?

It's simple to make such a program; developing the level of boredom and stupidity needed to motivate someone to make such a program is much harder, and usually leads more quickly to a few shots of whiskey.

Also, you focus only on "a mean person to get bored enough to try"... What about all the nice people who would like to make a [malicious] proof of concept so we can all be prepared before all these "mean people" get bored? How do you explain that?

Be prepared for what? Renegade proofs of concept?
I honestly don't see where the benefit would be in developing a proof of concept. Even you apparently don't question that it's very easy to make a program that deletes files, e-mails itself to people and performs a distracting side-function. Wasn't that your requirements of this "proof of concept" trojan, or have I misunderstood?

Also, you better watch it there, you're blatantly contradicting yourself by saying "the chances of writing a successful Trojan are so small" after saying how simple it would be earlier. Which is it? Easy or difficult?

Writing a trojan would be easy. Managing to infect a large number of computers would be hard, because there aren't a lot of computers to be infected.

cowicide · 12:51 PM

> It's simple to make such a program; developing the level of boredom and stupidity
> needed to motivate someone to make such a program is much harder

That level of boredom and stupidity abounds. Look at all the current trojans for Windows and OS 9.

> I honestly don't see where the benefit would be in developing a proof of concept.

Then I don't think you understand the software industry or other industries for that matter... A proof of concept is written to prove a technical possibility and is used in many industries, including software security. Don't take my word for it, you can look this up anywhere and have the multitude of benefits explained to you there.

Think about it... "somebody" out there must think the proof of concept process is beneficial for many fields or it wouldn't be so ubiquitous. For instance, you commonly need of proof of concept to get a solid patent in just about any field you can think of.

It's one thing to talk out of your a** and make claims, yet it's quite another to put your money where your mouth is and have a working proof of concept that stands up to scrutiny. In the world of software viruses, proof of concepts help tremendously with troubleshooting possible infections and making preventive definitions/inoculations, etc. For example, the Apple "security updates" that you've downloaded for your Mac were spawned by... guess what? Some proofs of concept security problems with BSD!

There are many great reasons why Apple and everyone else utilizes "proofs of concept" for security purposes.

For example, the typical pattern of virus writers -- building on previous viruses, using security gaps left open by other viruses, and taking advantage of hacker techniques -- makes proof of concept testing all the more vital. Two totally different viruses can build on each other accidentally; and working in pairs is nothing new. You can better test their sometimes complicated, combined effects if you have a working proof of concept to test with.

Like I said, it's an industry standard. Virus proofs of concept are presented and widely acknowledged all the time. If someone could make a malicious, successful proof of concept with just some of the requirements I've stated, it would definitely be considered an important development to Apple. Like I've said, history backs me up on this, using a proof of concept is an industry standard.

If you have a better idea, I'm sure the entire industry would love to hear it.

> Even you apparently don't question that it's very easy to make a program that deletes files,
> e-mails itself to people and performs a distracting side-function. Wasn't that your requirements
> of this "proof of concept" trojan, or have I misunderstood?

Yes, you've misunderstood. You're leaving out one vital thing I've mentioned over and over (in bold, no less). It should be capable of being successful. Propagation, stealth and destructiveness are obvious requirements for a successful virus, agree? If a healthy percentage of Mac users can be affected... that's success for a virus, no? I definitely question how easy a successful OS X virus or proof of concept would be to make... Like I've said, if it was so "simple" and "easy" as it has been suggested. There would be one. Like I've said (and proved), human nature dictates it.

> Writing a trojan would be easy.

Some of you keep saying it would be "easy" to write one... I'd like to see someone prove that with.. guess what? A proof of concept instead of talking out of your a**es. Hahaha...

> Managing to infect a large number of computers would be hard,
> because there aren't a lot of computers to be infected.

Hahaha... it's all relative isn't it? Hahaha, not "a lot of computers", huh? Buddy, if I came over to your house and dropped off 2-3% of all the world's hot dogs at your front door, I think you'd have a better perspective once your entire area became known as "Mount Hot Dog". (Please don't read into that name)

Once again, this didn't stop miscreants from writing various OS 9 viruses when (at points) Mac's marketshare was even smaller than it is now. Also, no one has said that a hybrid Windows/Mac virus is absolutely impossible.

You'll have to do better than that to convince anyone why there's no OS X virus or malicious proof of concept right now. As I've just shown you, your theories are full of holes. Thanks for your response and I really do appreciate your critique.

Chuckit · Apr 15, 2004, 01:18 PM

Originally posted by cowicide:
> It's simple to make such a program; developing the level of boredom and stupidity
> needed to motivate someone to make such a program is much harder

That level of boredom and stupidity abounds. Look at all the current trojans for Windows and OS 9.

As you have apparently repeated in bold, in order to meet your requirements, it must be successful. Mac OS 9 had no particularly successful viruses. I only ever knew of one place that contracted one (and that, I should note, was after using Macs for 15 years).

Originally posted by cowicide:
> I honestly don't see where the benefit would be in developing a proof of concept.

Then I don't think you understand the software industry or other industries for that matter... A proof of concept is written to prove a technical possibility and is used in many industries, including software security. Don't take my word for it, you can look this up anywhere and have the multitude of benefits explained to you there.

I didn't explain myself clearly. I don't see the benefit in developing this proof of concept. The concept of a trojan has been proven many times over, and this one has no real innovations that make it any different from previous ones. It doesn't exploit any new holes or cause any damage that previous viruses haven't.

Some of you keep saying it would be "easy" to write one... I'd like to see someone prove that with.. guess what? A proof of concept instead of talking out of your a**es. Hahaha...

I feel fairly confident I could write a program like this. However, it provides zero benefit to me and would only serve to make the platform less secure (by increasing the number of available viruses to 2). I'm not malicious and I'm not that bored. I don't even think it would be legal to release such a program, and such a waste of time certainly isn't worth going to jail for five years.

Hahaha... it's all relative isn't it? Hahaha, not "a lot of computers", huh? Buddy, if I came over to your house and dropped off 2-3% of all the world's hot dogs at your front door, I think you'd have a better perspective once your entire area became known as "Mount Hot Dog".

Again, I wasn't clear. The reason Windows virsuses are so incredibly successful is that most Windows users have a huge number of other infectable hosts in their address book. In contrast, most (or even all in many cases) of the contacts in a Mac user's address book will be completely immune to a Mac virus even before a virus description gets written, and the spread would be totally dampened. It could cause some craziness, but it would be even less than the difference in platform penetration would suggest.

cpac · Apr 15, 2004, 01:39 PM

Chuck, it's not worth arguing or even discussing this stuff with Mr. Cow. Just rest contented in knowing that such a "virus" (trojan) is possible, and that it's nice nobody has written one, for whatever reason. (Cow will persist in arguing that it it was possible it would have happened by now, and that none of the reasons you or I have provided explains this phenomenon, all the while insulting others for offering possible explanations).

cowicide · Apr 15, 2004, 03:13 PM

> Chuck, it's not worth arguing or even discussing this stuff with Mr. Cow.

Yes, if you are a rude ass... you're right, it's not worth it. Chuck and I are doing fine without you, thanks. Move on if you don't like this thread. Anymore posts here in this thread from you and I'll assume you are full of crap about your intentions here. Face it, you continue to read (somewhat) and post here despite saying my entire thread is worthless.

You obviously do think my thread has some substance... either that, or you've got nothing better to do than waste your time with things you admit you don't care about. Either way, you're in denial or just sad. If you're here just to be continually rude to someone (as you have set the stage from your first post forward), then you are just a sad troll.

If you'd like to start being a little more polite, then I'd be glad to have a civil discussion or debate with you. Otherwise, please ignore my little fruitless thread here and leave. I don't expect an apology for your rudeness, nor would I expect you to have the character to step up and offer one.. I'd just like you to leave if don't have the ability to respectfully disagree with me.

> Just rest contented in knowing that such a "virus" (trojan) is possible,
> and that it's nice nobody has written one, for whatever reason.

And... why don't you? Apparently you must be "curious" to see where this goes or you'd stop reading this thread. But, you can't stop can you? You're just dying to know, right? NO? Then, move on! This thread has nothing for you then. Bye.

> Cow will persist in arguing that it it was possible it would have happened by now,
> and that none of the reasons you or I have provided explains this phenomenon,

How many times must I explain this to you? What I've said is THIS... IF it as easy as some of you suggest it is to make a successful trojan, there would at least be a remotely successful trojan or malicious proof of concept by now. There isn't. Apparently, it's not as easy as you would suggest and you have no other valid backup for reasons it doesn't exist. If you don't know why, just move on. I certainly won't think less of you because you don't know the answer. There's really nothing for you to prove here.

Why does it make you so upset that I am asking this question, anyway? Why are you rude towards me from the get go and seem so fricken' bent out of shape because I'm curious and I want to know for myself? If I want to know something that you have all the answers to and "can't be bothered" with or if you could care less about the issue in the first place, then why don't you just ignore this little cow thread and move on?

You're really embarrassing yourself at this point continuously picking on me. I meant no harm in posting my little poll and that should be enough for any person of character to be satisfied with.

Person Man · Apr 15, 2004, 07:57 PM

Originally posted by cowicide:

How many times must I explain this to you? What I've said is THIS... IF it as easy as some of you suggest it is to make a successful trojan, there would at least be a remotely successful trojan or malicious proof of concept by now. There isn't. Apparently, it's not as easy as you would suggest and you have no other valid backup for reasons it doesn't exist. If you don't know why, just move on. I certainly won't think less of you because you don't know the answer. There's really nothing for you to prove here.

The people with the skills to write such a program who are posting here telling you that it's easy will NOT write such a program, because then other people who don't have the skills will use their "proof-of-concept" to create something that truly is malicious.

Or, is they made a proof-of-concept they would never post it publically, nor would they give it to someone they didn't absolutely trust.

I myself do not possess the skills to do so. I do know people who do, and I know the reasons they do not do so, because of what I said in the first paragraph, above.

Let's make an example here... suppose someone (call them "A") writes a (non-malicious) C program, that does nothing but play a movie, looks in the user's Address Book, and e-mails itself to the people in that list. They then release the source code to the public. Then, malicious person B sees A's source code. Person B does not have the skills to do what person A did, but he DOES know how to edit person A's code to add in the step of deleting the user's files. Then he releases the program to the wild.

Person B would never have had the capability ON HIS OWN to write the program, and if person A's proof-of-concept had never been written, then person B's malicious program wouldn't either.

Now, I don't know about you, but if you wrote a non-malicious proof-of-concept, released it to prove a point, and then someone else modified it to make a malicious program, would YOU want it on your conscience? I think not, and that is why you won't see anyone else "proving" their statements to your satisfaction, because it would be completely irresponsible of them to do so.

cowicide · 02:44 PM

> As you have apparently repeated in bold, in order to meet your requirements,
> it must be successful. Mac OS 9 had no particularly successful viruses.

I used "successful" in one context to simply say "it works" and can "spread". A functional, malicious proof of concept or virus that holds up to public scrutiny would be a successful "proof of concept" or virus to me. As opposed to an unsuccessful proof of concept, etc. that fails on various levels once you hold it up to the light.

For instance, the applescript that was posted here by another poster. It was definitely not even close to a "successful" proof of concept, because even if he got the terms right, it still wouldn't have gotten past the second line of code. Even with the proper terminology the fundamentals where wrong and it wouldn't hold up to public scrutiny at all.. much less be deemed a successful proof of concept. (Note: I know the poster admitted to not bothering to look up the proper terms and I'm not trying to rag on him here, I'm just using it as a quick example)

Successful to me means it's operable and able to propagate & destroy files on multiple machines. Of course, there are varying degrees of success in anything. One might delete your entire home directory while another merely makes your mouse make a fart noise every time you move it.

Successful also can be measured (as you seem to put it) by how much it propagates. That, of course is very relative and there could be many differences of opinion on that... but you can get a consensus of sorts by looking at some variables such as anti-virus software saturation in the user market.

But, how much propagation would I deem a success? Well, I'll let common sense dictate that value for me. If most OS X users deem it's not even worth running virus protection software... I'd say there hasn't been successful propagation. There are many reports from reputable sources (including the anti-virus developers themselves) that a large percentage of OS X users still haven't bothered with virus protection yet.

In OS 9, most businesses and most individuals ran virus protection (especially if they were in a field in which they exchanged lots of files with others). Why did they? Because OS 9 virus propagation was "successful" enough to warrant such safeguards. People could go on forever on what successful propagation is to them, but that's just how I see it. When viruses in OS 9 infects and damages a healthy percentage of your business' client-base... you'll own up that those viruses have succeeded in their goals to some degree. If you mostly work alone and never exchange files, you'll have a very different view of those viruses.

> I only ever knew of one place that contracted one
> (and that, I should note, was after using Macs for 15 years).

Your 15 year, one person poll doesn't cut it with me unless you can give some more background info about yourself. Did you have lots of contact with other Mac users where you worked? Was it a high volume business and did they frequently exchange files with the public? I've worked in busy Mac areas and have had friends and associates who've worked at printing places, etc. and OS 9 viruses were detected weekly!

I know of many people like myself who not only detected them, but there were plenty of people who were actually infected and had problems with printing and loss of files... and the viruses propagated to other machines, etc. until they updated their virus defs and removed the virus. Of course, that's still not even close to as many Windows viruses that were detected every day and their rampant propagation to other machines, but Macs with OS 9 definitely where hit far, far more than "one place every 15 years" that's for sure. Just go back and read all the old MacFixit, etc. threads and posts. If your business often exchanged files on your OS 9 Mac and you had no virus protection... you had to be a little bit silly in the head.

> I didn't explain myself clearly. I don't see the benefit in developing this proof of concept.
> The concept of a trojan has been proven many times over,

I'm not asking about the concept of just "a trojan". It would be "a trojan" that can successfully run in OS X and propagate. I've already gone over in explicit detail in my previous post what the benefits of this type of proof of concept would be.

> and this one has no real innovations that make it any different from previous ones.
> It doesn't exploit any new holes or cause any damage that previous viruses haven't.

"The love of things ancient doth argue stayedness, but levity and want of experience maketh apt unto innovations." - Hooker.

The "real" innovation would be that "it" works natively for OS X and "it" successfully functions in that architecture. Even if you took an old OS 9 trojan and converted it to successfully work within OS X... that would be considered by most of the public as creative because it has been innovated to work in a different environment. But, it doesn't really matter to me what you call it... if it was made for OS X.. it would be something that has evolved.

Also, what are you referring to anyway? You act like I posted a proof of concept and am asking for your input, hahaha! Keep in mind, I didn't refer to any exact methodologies for how it would perform those tasks I stated. I just asked if those things are possible and for posters to explain why or why not. I've never represented that I've posted anything even close to an actual "proof of concept".

My premise? Well, like many things in life, it's layered and not always black and white... but one of my goals in submitting this poll was to help get some consensus on what Mac users think is possible and why or why not. Being that this is a poll thread, after all... my first and most obvious point is to garner consensus. You seem to think I'm trying to prove whether or not my "great idea" will work or something... and you are way off base.

Also, I posted this thread to hopefully garner more insight into why there are no malicious Mac OS X viruses or successful proofs of concept at the moment. Whether it be technical, philosophical, sociological whatever. So far, I haven't seen nor heard anything very compelling that explain this absence on the OS X platform. There are lots of reasons why I posted this thread and poll... I doubt you'd be interested in hearing any more than what I've already mentioned so I'll stop here.

Anyway, in a nutshell... I'm not trying to get a pat on my back for coming up with something innovative here. I'm just asking questions and gathering consensus for my own reasons and in the hope it could shed some light here and there. No biggie....

---continued----

cowicide · 01:12 PM

> I feel fairly confident I could write a program like this.
> However, it provides zero benefit to me and would only
> serve to make the platform less secure
> (by increasing the number of available viruses to 2)
> I'm not malicious and I'm not that bored.

Hahaha! I'm definitely not suggesting that you write a malicious trojan and release it into the wild. But talking about specific technological hurdles and concepts are fine. The thing is, if you made a (viable) trojan, contacted Apple and submitted it to them; you would very likely help to make the platform more secure (if you found some novel ways to accomplish the tasks I've outlined including the ability to propagate, be stealth, etc.).

To discuss some technological facts about what's possible and what's not possible is NOT illegal unless we conspire or express our intentions do harm. To be honest with you, I have information about OS X right now that I wouldn't dare express in a public forum for fear it would endanger the platform. I'm going to submit my findings to Apple, not squawk about it here.

> I don't even think it would be legal to release such a program,
> and such a waste of time certainly isn't worth going to jail for five years.

Haha... well, we better start raising bail for everyone else who has submitted a proof of concept. Oh, you mean release it to the public? Haha, yes, you would most definitely go to jail.

> The reason Windows virsuses are so incredibly successful
> is that most Windows users have a huge number of other
> infectable hosts in their address book. In contrast, most
> (or even all in many cases) of the contacts in a Mac user's
> address book will be completely immune to a Mac virus even
> before a virus description gets written, and the spread would
> be totally dampened. It could cause some craziness, but it would
> be even less than the difference in platform penetration would suggest.

Right, I mostly agree... except I think you overestimate how many people update their virus definitions until it's too late. I've met countless people who install virus software and then think they're "done" and never download defs or if they do, they're slack about it and keep putting it off for months and months (or even longer). Also, keep in mind I've mentioned that someone could release a sleeper trojan that secretly propagates for months, then goes off on a special holiday or another date down the road. The fact that these sleeper trojans exist is yet another damn good reason that proof of concepts are vital to keeping OS X more secure.

Anyway.... Is this still an argument for why no one has made a malicious virus or successful proof of concept? That still doesn't really explain why there are OS 9 viruses, yet no malicious OS X viruses at all. If anything, OS 9 viruses were made in worse conditions when the odds of spreading were... even worse. Still doesn't explain why someone, somewhere hasn't made a malicious virus or "successful" proof of concept malicious virus for OS X. I mean, we don't even have a malicious one that has failed to propagate yet... that's just bizarre.

All in all, the more things get out in the open and the more people talk about this stuff... the more our shared platform will be secure. Apple is great about closing up security holes, etc. when they are brought to their attention. Just like 9/11 or any other security failure... preparation is everything.

I have much, much more to say but time won't allow it. Thanks again for talking with me about this. Warm regards, Cow

cowicide · 06:06 PM

> The people with the skills to write such a program who are posting
> here telling you that it's easy will NOT write such a program

I think it's highly dubious that anyone who has posted in this thread actually does have the ability to make the program with the requirements I've detailed throughout this thread. For instance, one of the most ardent posters here can't even get past the 2nd line of code in his Applescript. I doubt he's going to fool some of the best software engineers in the world at Apple. He later admitted that he's not a programmer and he's studying law... and he does Applescript here and there as a hobby. Yet, he tells me that this thing would be... simple. That is someone clearly talking out of their ass. I wish him the best as a lawyer, but he may want to reconsider offering any more counsel in the field of security.

Anyway, you make some good common sense points in your post, but I don't think you understand my intentions. I'm not actually asking that anyone here provides an overly detailed road-map for destroying OS X, Hahaha.... Nor would I expect anyone to post a virus here.

> Now, I don't know about you, but if you wrote a non-malicious proof-of-concept,
> released it to prove a point, and then someone else modified it to make a malicious
> program, would YOU want it on your conscience?

Actually, if I wrote a malicious proof of concept and didn't release the code to Apple... THAT would be on my conscience. If Apple ignored the threat, then it would also be on my conscience if I didn't at that point release a proof of concept before the black hats get around to it.

Are your friends (that you say could make the trojan virus that I speak of) the world's best programmers? Well, I certainly hope so, because if they are NOT... then that means there are others out there that could make it too and they may not be nice people, you know what I mean?

If your friends (who are good guys) make bold claims that they can make a successful malicious trojan as I have described throughout this thread, then for God's sake tell them TO MAKE IT & carefully test it. Then have them submit their findings to Apple and anti-virus companies. If there's no response after a reasonable amount of time and this thing appears to be for real, then consult a lawyer and post a proof of concept announcement through the proper channels and offer evidence to those you can safely authorize to have a look at the code and scrutinize it.

If this was so incredibly easy... this exact scenario would have already happened by now and it hasn't. And as for the release of a malicious trojan? Someone would have released that by now. Because as I've explained in painful detail, human nature dictates it.

> I think not, and that is why you won't
> see anyone else "proving" their statements to your satisfaction, because it would be
> completely irresponsible of them to do so

I've never asked for a detailed road map of how to go and terrorize Mac OS X users. If our platform and Apple's response to security threats is so weak that even having discussions about weaknesses and strengths of the platform is excessively dangerous... then we're in big trouble.

Very fortunately, that is NOT the case. Apple has been incredible. They have responded to potential security threats with blazing speed and efficiency. Not to mention Apple has built OS X from the ground up with security in mind. The latest proof of concept from Intego got a response from Apple the very next day. And, believe me... Apple was already aware of the threat because that proof of concept had already been discovered by them through other channels. They're working on it and it's very likely they'll release a security update before it's ever successfully exploited.

In the end, all I'm really asking is to open up a discussion on why people think the Mac is so secure... or not. If you think the Mac is insecure for a certain reason... then talk about it... but, yes... use common sense. If you think your information will endanger the platform then don't be specific and march your ass to the phone and call Apple. If you think it's already well-known, but Apple refuses to do anything about it... then share it and maybe if enough people get talking about it, Apple will make a move before the black hats do. Because one thing is for certain, if it can be done... then it will be done eventually by some a**holes. Like I've proven over and over in this thread... the history of human nature absof*ckinlutely dictates it.

Another thing is certain... This is UNIX now and the way the UNIX platform has kept so secure over the years is by openness. Yes, you heard me right... Openness! FreeBSD and other open source projects thrive on the discussion of potential threats. That way, before the threats can even be put together in a malicious puzzle... there's often already a theory, proof of concept and patch. A patch that was put to the test through collaboration and scrutiny among peers. And a patch that wasn't haphazardly thrown together after the fact when the damage has already been done (see Bush administration).

For example, securing the cabins of airliners before 9/11 would have been obvious for all to see... it wouldn't have been some covert, stealth operation. Some dudes with thier buttcracks sliding out of thier pants would have put up some doors for us all to see. No hidden operation... no black ops and shiny boots.. no fancy schmancy, secretive technology and yet it could have very well saved thousands of lives. If we had only discussed terrorism more openly amongst our government agencies and ourselves; we may very well have never seen that horrific day in September. Anyway, I digress..

Black hat hackers work in the shadows, often by themselves and thrive on miscommunication and closed systems like Windows. They are no match for a large group of good guys collaborating and sharing ideas about how to better secure their platform. You can hide in fear all you want... put your head's in the sand... but that is EXACTLY what the bad guys want us to do.

Now post some malicious, successful OS X viruses here!

-----

cowicide · Apr 19, 2004, 01:25 PM

Speaking of proof of concepts, here's another benign example submitted:

Via macfixit: A variation on the type/creator "trojan horse": Special character that appears as a period

Rick Bargerhuff, the author of MisMatch - a Folder Action written to help secure people from the MP3 Concept vulnerability - has discovered another potentially significant flaw in Mac OS X's Finder which allows users to make any malicious application's name appear as a legit file name.

To demonstrate the problem, Bargerhuff created an example file that is an AppleScript application that appears to be a non-application. It contains non-malicious code which can be viewed via Script Editor.

http://forums.ort.org.il/files/307/1970653/8208371.zip ['iTunesUpdater421.pkg'],

As you can see, the file appears to have a normal files name, but close inspection yields that the "." contained in the file names are not a standard "." used for extensions. These "." have a noticeable space to the left of the "." character.

Using the Terminal.app, observing the files show that the "." is in fact a special character and not a standard "."

rwxr-xr-x 1 cougar staff 13780 Apr 8 18:53 iTunesUpdater421???pkg.app

Using the command GetFileInfo, part of Apple's developer tools (/Developer/Tools/GetFileInfo), yields the following...

[canines:/Volumes/Storage/Internet_Downloads] cougar% GetFileInfo iTunesUpdater421342200244pkg.app

file: "iTunesUpdater421pkg.app"

type: "APPL"

creator: "aplt"

attributes: avbstClinmEd

created: 04/08/2004 18:53:54

modified: 04/08/2004 18:53:54

In normal use, the special character will appear to be a legitimate period, and many users will double click the file in question.

As pointed out in a Network Associates Security HQ article, any file that is disguised as legitimate has the potential to be malicious, so this new discovery does not introduce a new vulnerability, simply a new facet to the old issue: "However, dual personality of a file has little relevance to_the malicious function. If_a user is convinced to double click on an icon representing a file the program_will run regardless of being a simple disguised_application_or dual-format file. Thus, the discovery of dual-format files does not really introduce any new penetration or propagation vector. It can only_obfuscate a little the function of the disguised program, which will appear as a valid sound file and it can be_played_from iTunes."

Bargerhuff notes that potentially malicious files containing this special character will escape the eye of MisMatch, which has now been pulled.

OptimusG4 · Apr 19, 2004, 01:34 PM

Time to ditch the ol' Finder!

cowicide · Apr 20, 2004, 04:27 PM

Originally posted by OptimusG4:
Time to ditch the ol' Finder!

Haha!

voodoo · Apr 20, 2004, 06:21 PM

Virus is NOT a trojan.

cowicide · Apr 20, 2004, 08:51 PM

Originally posted by voodoo:
Virus is NOT a trojan.

Copied and now repeated from earlier in thread:

Right, a trojan is just an app that conceals itself and runs. To make things simple, most people categorize them as viruses.

That's why you don't usually see any mainstream products called, "Anti-virus and Anti-trojan software". See what I'm saying? I'm sure the anti-virus dev's at Symantec, etc. are just as aware of the difference between trojan code and viral code (and hybrids thereof) just as I am.

lenox · Apr 21, 2004, 11:03 AM

worst.
thread.
ever.

cowicide · Apr 21, 2004, 03:19 PM

worst.
thread.
ever.

I'll take your commentary with a grain of salt considering the source is coming from the...

worst.
website.
eva'.

http://lenox.meanmutha.com/

lenox · Apr 22, 2004, 02:28 PM

Wow, way to take it to the next level. I really am flattered you took the time to learn about me

cowicide · May 20, 2004, 09:58 PM

Apple needs to fix this

mitchell_pgh · May 21, 2004, 02:52 PM

Originally posted by cowicide:
Apple needs to fix this

I'm rather sure they are working on it...

cowicide · May 21, 2004, 05:20 PM

Originally posted by mitchell_pgh:
I'm rather sure they are working on it...

I'm rather sure Apple dropped the ball on this one. They were warned back in Feb. about this. I hope Apple doesn't start slipping in security.