[Spliff]

Or is it? Check out this post over at macintouch.com. Anyone run across this supposed virus?

http://www.macintouch.com/index.shtm...4.10.21.opener

There's now a real virus out there for Mac OS X that can do some real damage. It doesn't seem to be too destructive although it does delete some unix commands and modifies prefs for a couple of others. It will gather all password info on your machine. For now, lets call it "Opener."
_
My system was a responding a bit slowly and a check of my /var/log files showed that they were _all_ empty and had the same mod date. The Activity Monitor showed a process called "john" eating almost an entire processor.
_
Some further looking showed an unknown startupitem in /Library/StartupItems/ called "opener". The executable file is a well-commented bash program. It scans for passwords for every user, processes the hashed info using your own Mac, turns on file sharing, and puts all this stuff into an invisible folder called .info on each users Public folder.
_
It does much, much more but it's important that a warning get out quickly.

[Millennium]

This looks more like a Trojan horse than a true virus or worm, given that it seems to have no way of spreading on its own.

The john program mentioned is John the Ripper, a well-known password-crackng utility. It's used more often by sysadmins than actual hackers. Besides which, only a true idiot would put a bunch of comments in his Trojan horse, to say nothing of putting it in a bash script.

This person was almost certainly the victim of a childish prank, but not a real virus. The next question to answer would be how it got on his machine in the first place.

[SMacTech]

When I read that on Macintouch, I wondered why they would even post it on their web site. The mere wording in part of the article, "For now, let's call it Opner"

Anyone can write a malicious program, and social engineering may get you to launch it. How it is a virus, is beyond me.

[Turnpike]

perhaps the people at Macintouch don't know what a virus is.... I suppose they didn't want to fix their reader's wording, but still... a little screening/error checking could go a long way... it makes me wonder if they've looked into this at all.





Getting a warning out fast but with little accuracy doesn't do much. Supposing this were a real threat, which cannot be asertained by the info given, what do they suggest I do about it? How can I prevent this from happening to me? Perhaps if they'd spent the time it took to try and raise a panic instead on trying to figure out exactly where they got this from we'd know by now.

I'm all for warning people, but there is so little substance to that warning as to make it pretty much useless.

[Brass]

Doesn't sound in the slightest like a virus (or worm). Sounds more like he's been hacked. You can't call something a virus without any evidence that it can self propogate. You can't call it a virus just because it appears to be malicious. Some viruses aren't at all malicious.

I hope to see a substantial retraction/apology/clarification/whatever at MacInTouch tomorrow for being dopey enough to post that without clarifying that there was actually nothing virus-related in the report whatsoever.

First Mac OS X virus indeed! I hope that the first actual Mac OS X virus will be reported on with more accuracy than this, when it finally happens!

[MPMoriarty]

How could this bash script get installed on the computer in the first place.

[Graymalkin]

If the guy has Remote Login enabled and a crappy password it is pretty easy to log in and use sftp/scp to put files where you please. In OSX the first user account is an administrator account so files can be placed in folders owned by the system using sudo. A lot of people disable the password on their main account (which has administrator access) to have less hassle using their computer. They also turn on network services like Remote Login (SSH) without being fully aware of the implications.

Finding these systems to break into isn't really all that difficult. You'd be surprised what you'll see if you hook your computer directly up to your DSL/cable modem and run a program like ethereal or ettercap. What most people don't realize is that with a cable modem is basically just connected to a local network with the rest of the customers on the cable company's loop. You can sit and watch unsecured passwords, porn images, P2P downloads, and all sorts of interesting things.

[Scallywag]

Originally posted by Graymalkin:

Finding these systems to break into isn't really all that difficult. You'd be surprised what you'll see if you hook your computer directly up to your DSL/cable modem and run a program like ethereal or ettercap.

Any GUI versions of these apps (or something else) that don't require fink?

[theolein]

Originally posted by Graymalkin:
If the guy has Remote Login enabled and a crappy password it is pretty easy to log in and use sftp/scp to put files where you please. In OSX the first user account is an administrator account so files can be placed in folders owned by the system using sudo. A lot of people disable the password on their main account (which has administrator access) to have less hassle using their computer. They also turn on network services like Remote Login (SSH) without being fully aware of the implications.

Finding these systems to break into isn't really all that difficult. You'd be surprised what you'll see if you hook your computer directly up to your DSL/cable modem and run a program like ethereal or ettercap. What most people don't realize is that with a cable modem is basically just connected to a local network with the rest of the customers on the cable company's loop. You can sit and watch unsecured passwords, porn images, P2P downloads, and all sorts of interesting things.

I've seen this on my own cable neighbourhood. Obviously 99% of the traffic is Windows related and it is simply amazing that even in this day and age that a good percentage of Windows users still have open shares etc on their computer.

That said, here's my Malicious Mac OS X Virus� (to be placed into StartupItems):

Code:
#!/bin/sh
rm -rf ~/

[theolein]

Originally posted by Scallywag:
Any GUI versions of these apps (or something else) that don't require fink?

The aspiring h4x0r, eh?

[Scallywag]

Originally posted by theolein:
The aspiring h4x0r, eh?

Hardly. If I were, I wouldn't be put off by messing with fink. Tried fink and made a mess of it.

I'm curious, not malicious.

[siflippant]

Originally posted by theolein:
That said, here's my Malicious Mac OS X Virus� (to be placed into StartupItems):

Code:
#!/bin/sh
rm -rf ~/

Don't try this at home...

[Anubis IV]

Originally posted by siflippant:
Don't try this at home...

No kidding...I'm barely even competent enough to navigate the Terminal, but I know a "Remove" command and the home directory when I see them...

[Person Man]

Originally posted by Anubis IV:
No kidding...I'm barely even competent enough to navigate the Terminal, but I know a "Remove" command and the home directory when I see them...

um, that's not just the home directory... I believe that's the entire drive.

[Millennium]

Originally posted by Person Man:
um, that's not just the home directory... I believe that's the entire drive.

Yup.

[CharlesS]

Originally posted by Person Man:
um, that's not just the home directory... I believe that's the entire drive.

~/ is the home directory.

[Millennium]

Originally posted by CharlesS:


~/ is the home directory.

Oops; you're right. Something's messed up with my browser and I didn't see the tilde.

[Catfish_Man]

Ooh, teh haX0r program!!!:

Code:
while(true)
{
	fork();
}

Some people don't seem to realize how easy it is to mess things up...

[CharlesS]

Originally posted by Catfish_Man:
Ooh, teh haX0r program!!!:

Code:
while(true)
{
	fork();
}

Some people don't seem to realize how easy it is to mess things up...

Oh God.

Even worse - make each forked process load a large amount of data into RAM. It will start paging so fast, you'll have to hard reboot - one of the few easy ways to make OS X "crash"...

[piracy]

Argh.

As several others have said in this thread, this is NOT a virus.

It's a freaking SHELL SCRIPT that needs admin or root access to even install!

It has NO vector of spread, NO method of remote infection, NO way to propagate.

It is a UNIX script that needs to be MANUALLY INSTALLED by someone with admin, root, or physical access to the machine.

Though this script tries to do nifty/nasty things specifically with OS X, it is no more of a piece of malware than this:

#!/bin/sh
sudo rm -rf /

There. A new "virus" that erases your whole drive when run!! OMG!!!

Jeez. Of course, there will be some super-sensationalized article now from some media outlet talking about how there's a new Super-Duper Dangerous Worm for Mac OS X...

Could something like this be installed by a trojan, such as a malicious installer masquerading as something else that prompts for admin privileges during the install? Sure. Would people find out about it in a heartbeat if anything like that ever happened? Yes. Would there be any mechanism or method of automated spread or infection? Nope.

This is *NOT* a virus. It's not even a trojan! A "trojan" is an app that masquerades as one thing, but actually does another (e.g., an app that *installed* this code would be a trojan). But the script itself isn't even that! Technically, I suppose you could call it "malware", whose loose definition is any software that does something undesirable. But then, it's only malware when it's applied and actually in the wild. The one guy who claims to have found this thing on his computer probably had it put there manually by someone else.

In short: this is NOT a virus, and NOT a trojan. It is a UNIX shell script that, when installed, tries to do some bad things. But it needs to be MANUALLY installed (or installed secretly by SOME OTHER PROGRAM WITH ADMIN ACCESS, which itself would be a trojan). But you folks need to understand that no matter what, if there is no mechanism or vector for automated propagation, even the nastiest thing someone can dream up will never rise to the level of of even the most benign viruses and worms on Windows, period.

[Spliff]

Macintouch.com has now given "Opener" its own section.
http://www.macintouch.com/opener.html

For references this seems to be the initial comments in the script...
################################################## ######################
# opener 2.3.5a - a startup script to turn on services and gather user info & hashes for Mac OS X
################################################## ######################
# Originally written by DimBulb
# Additional code: hard-mac, JawnDoh!, Dr_Springfield, g@pple
# Additional ideas and advice: Zo, BSDOSX
# This script runs in bash (as is noted by the very first line of this script)
# To install this script you need admin access or
# physical access (boot from a CD or firewire/usb, ignore permissions on the internal drive) or
# write access to either /Library/StartupItems /System/Library/StartupItems or
# write access to any existing StartupItem (which you can then replace with this script) or
# write access to the rc, crontab, or periodic files (and have them run or install the script) or
# you could trick someone who has an admin account into installing it.
# It should go in /System/Library/StartupItems or /Library/StartupItems (when it is executed it
# will move itself to /System/Library/StartupItems)
# Since it is a StartupItem it will run as root - thus no "sudo" commands are needed. If you run
# it as any other user most of the commands will generate errors! (You could sudo ./opener)
# Save start time and date for performance testing


I've looked through the latest version of the script available online (2.3.8 it looks like), and here's a brief rundown about everything that this script does...
Opener tries to install ohphoneX, a teleconferencing program - for spying on you through your webcam I'm sure.

It kills LittleSnitch before every Internet connection it makes

It installs a keystroke recorder

Allows backdoor access in case someone deletes the hidden account

Grabs the open-firmware password

Installs OSXvnc

Grabs your office 2004 PID (serial number), as well as serial numbers for Mac OS XServer, adobe registrations, VirtualPC 6, Final Cut Pro, LittleSnitch, Apple Pro Apps, your DynDNS account, Timbuk2, and webserver users to name a few.

It tries to decrypts all the MD5 encrypted user passwords

Decrypts all users keychains.

Grabs your AIM logs, and tons of other settings and preferences with info you probably don't want folks to have... even your bash (terminal) history

Grabs stuff from your Classic preferences

Changes your Limewire settings to max out your upload and files.

The hidden user account is called LDAP-daemon instead of the name hacker used in earlier versions. Looks more innocent than hacker.

Even has your daily cron task try to get your password from the virtual memory swapfile

It installs an app called John The Ripper - a password cracker that uses a dictionary method to crack passwords

installs dsniff to sniff for passwords...

The last comments in the thread have them talking about adding VNC support, modifying parts of files w/out changing the date/time, adding to the list of files to grab info from, and talking about sending the info to an IRCbot. It looks like that least version discussed on this site was 2.3.8 and that was back in September. I don't know if they took their discussion off-line or if they were 'happy' with it. I'm betting the former.

[piracy]

Originally posted by Spliff:
Macintouch.com has now given "Opener" it's own section.
http://www.macintouch.com/opener.html

Then that only proves how stupid they are.

This script could make a holographic hand come out of the monitor and slap you across the face, and it still doesn't amount to a hill of beans if it has to be MANUALLY INSTALLED ON THE COMPUTER BY SOMEONE WITH ROOT OR PHYSICAL ACCESS.

Is this going to be the "MP3 virus" all over again?

Jeez.

[theolein]

This is simply the first Mac OSX backdoor. It's not a rootkit, since it stands out like a red fire engine in the snow. It's not a trojan, nor a worm, nor a virus since all of those propagate themselves.

[Millennium]

Originally posted by theolein:
This is simply the first Mac OSX backdoor. It's not a rootkit, since it stands out like a red fire engine in the snow. It's not a trojan, nor a worm, nor a virus since all of those propagate themselves.

Indeed. Impressive in its capabilities, but extremely crude.

Now, what'll be impressive will be if someone actually gets a worm going based on it. We'll see how that plays out.

[tkmd]

Question is how did this guy get it on his computer in the first place. He would have -if im not mistaken - literally installed it. Can apple put out a patch... Oh no I can see it now, "Opener trojan attacking Mac OS X " on the Wired website and all the PC junkies smirking....

[dialo]

Originally posted by theolein:

Code:
#!/bin/sh
rm -rf ~/

That's one of the reasons why I have a script 'del' that I use instead of rm 99% of the time. It throws the folder or file(s) in the trash and I don't have to worry about typos.

[Thain Esh Kelch]

Development on this baby is still continuing in a Macintosh Underground thread.

Not nice.

[piracy]

Originally posted by Thain Esh Kelch:
Development on this baby is still continuing in a Macintosh Underground thread.

Not nice.

The last post to that thread was a month and a half ago, and before that, August 27.

This is really, really old and nothing at all to worry about. It's a *script*. It needs to be installed by someone with admin/root or physical access! (OR, the user has to be *tricked* into installing it via other means.) There is NO method of propagation, spread, or infection. There is no automated means to install it. It's not even a rootkit. In fact, it's the opposite of a conventional rootkit, since this doesn't obtain root access, it actually *requires* root access in order to be used!

All in all, nothing very interesting here. A nifty script? Yes. But that's about it.

[theolein]

Originally posted by tkmd:
Question is how did this guy get it on his computer in the first place. He would have -if im not mistaken - literally installed it. Can apple put out a patch... Oh no I can see it now, "Opener trojan attacking Mac OS X " on the Wired website and all the PC junkies smirking....

There are numerous possibilties of how this got on the guy's computer. In all likelihood it involved him opening a port somewhere or not having the firewall on at all. He could have used the same password and login for ftp over the net as he does for ssh and someone sniffed it. How the user got on his computer if it wasn't someone who had physcial access to the net would then mean he had a telnet or ssh server running (perhaps he didn't even have a passord).

The possibilities are endless. But they all boil down to poor security on the part of the user.

[utidjian]

Originally posted by Millennium:
Oops; you're right. Something's messed up with my browser and I didn't see the tilde.

Or worse yet... when one is doing something and you don't notice a space between the ~ and the /. As in:

Code:
rm -Rf ~ /

or perhaps

Code:
rm -Rf /some/thing/you/want/removed / but/get/some/spaces/in/there

The above commands will, of course, fail on folders and files you don't have permissions to. However, the system owner (default user) or any member of the admin group (groupID=80) can wipe out anything they have rwx perms to. See the output of 'ls -l /' to get an idea of how extensive the damage can be.

[Mapache]

If you want stupid programs, there's also:

Code:
while(!fork());

This repeatedly forks and kills the parent process. The end result is just one process, but it's continuously changing its process ID. It's generally speaking impossible to kill, because by the time you identify which process it is, it's changed its PID.

[theolein]

Originally posted by Thain Esh Kelch:
Development on this baby is still continuing in a Macintosh Underground thread.

Not nice.

I just took a look at that site. There are about 3 or 4 people there who know what they're doing, but for the most part, the site is just painful to read. I see know why they call them script kiddies. The average age seems to be around 14 and the level of knowledge is pretty poor. Don't tell me this is the best Mac hacking has to offer.

[BuonRotto]

Seems to me if some asshat wanted to, they could tuck it in with some disguised freeware app bundle, people will download it, and when on first run, it asks if this is OK (the new warning/confirmation from the last virus scare a few months ago), it can go into effect. Imagine someone thinking that they're downloading a new Epson driver from VersionTracker. Yes, it takes a fool to both put it in the bundle and another fool to actually run this, but I can see scenarios where this can happen. Its effects won't be nearly the magnitude of so many windows trojans and viruses in its current form since it can't yet propagate. Still, if someone wants to piss off some Mac users, ruin the reputation of a software maker, or just get a lot of negative attention and hype stirred up, this seems like a nice trick. As theolin said, it's a backdoor, or maybe it could be adapted for phishing in a way.

Of course, now that the source is more or less known, if it does get out in the wild to even a limited extent, those kids are going to have their asses handed to them by a lot of angry OS X users, even ones who aren't affected.

[CharlesS]

Originally posted by BuonRotto:
Seems to me if some asshat wanted to, they could tuck it in with some disguised freeware app bundle, people will download it, and when on first run, it asks if this is OK (the new warning/confirmation from the last virus scare a few months ago), it can go into effect. Imagine someone thinking that they're downloading a new Epson driver from VersionTracker. Yes, it takes a fool to both put it in the bundle and another fool to actually run this, but I can see scenarios where this can happen. Its effects won't be nearly the magnitude of so many windows trojans and viruses in its current form since it can't yet propagate. Still, if someone wants to piss off some Mac users, ruin the reputation of a software maker, or just get a lot of negative attention and hype stirred up, this seems like a nice trick. As theolin said, it's a backdoor, or maybe it could be adapted for phishing in a way.

Yep, and this is the reason I dislike software that unnecessarily uses an installer.

[theolein]

Originally posted by CharlesS:
Yep, and this is the reason I dislike software that unnecessarily uses an installer.

Having a installer makes really no difference to a virus or malware application. Any trojan could hide code that does all of this in it and seem totally innocuous. In fact, I'm beginning to think that's how the victim in this case got hacked.

The most obvious way to spread this would be to upload a fake application to a web site and then, when it was downloaded, it would do its stuff on first run.

Sadly, I think that Mac anti-virus software will become necessary in the future. It'll probably never be as bad as the Windows scene, but it will always be a problem with closed source software, where one is not able to check sources with a hash etc.

[CharlesS]

Originally posted by theolein:
Having a installer makes really no difference to a virus or malware application. Any trojan could hide code that does all of this in it and seem totally innocuous. In fact, I'm beginning to think that's how the victim in this case got hacked.

Of course not, but for evil scripts like this, the root access that users are now used to giving installers provides the perfect opportunity to stick something like this somewhere in your system. This is one reason why I have very low tolerance for apps using installers when a drag and drop installation would have worked perfectly well.

[entrox]

Originally posted by Catfish_Man:
... snip fork bomb ...

Code:
#!/bin/bash
:(){ :|:& };:

This one just screams 'elegance' ;)

[chris v]

Originally posted by theolein:
Having a installer makes really no difference to a virus or malware application. Any trojan could hide code that does all of this in it and seem totally innocuous. In fact, I'm beginning to think that's how the victim in this case got hacked.

The most obvious way to spread this would be to upload a fake application to a web site and then, when it was downloaded, it would do its stuff on first run.

Sadly, I think that Mac anti-virus software will become necessary in the future. It'll probably never be as bad as the Windows scene, but it will always be a problem with closed source software, where one is not able to check sources with a hash etc.

I think one reason you won't see much in the way of people posting software installers to websites that install trojans is that theis would make tracing and catching the perpetrators amazingly simple. That's one of the reason that the Windows re-mailer type viruses have flourished, I'd say, because of the relative difficulty of tracking them back to their authors. It wouldn't be nearly as difficult for cyber-crime folks to figure out who had access to an FTP server, I wouldn't think, and no one in his right mind would post malware on their own website.

[theolein]

Originally posted by chris v:
I think one reason you won't see much in the way of people posting software installers to websites that install trojans is that theis would make tracing and catching the perpetrators amazingly simple. That's one of the reason that the Windows re-mailer type viruses have flourished, I'd say, because of the relative difficulty of tracking them back to their authors. It wouldn't be nearly as difficult for cyber-crime folks to figure out who had access to an FTP server, I wouldn't think, and no one in his right mind would post malware on their own website.

That's perhaps a bit naive, Chris. You know how many websites there are out there that will host anything you put on it? Just take a look at all the websites where IE holes are exploited and spyware and/or trojans installed on PCs. Even well known sites have been hacked before and trojans/spyware installing code installed.

And the FBI is not even going to touch your case unless you can prove more than $5000 damage.

The best bet going for the Mac until now has been its relative obscurity, but the backdoor on that site plus the fact that someone got hacked and got this installed on his machine means that this will probably increase in the future.

[TETENAL]

It is sort of sad and disappointing that Mac users are engaged in something evil like this. We didn't have this in OS 9. Can't they use their talent on something constructive?

[chris v]

Originally posted by theolein:
That's perhaps a bit naive, Chris. You know how many websites there are out there that will host anything you put on it? Just take a look at all the websites where IE holes are exploited and spyware and/or trojans installed on PCs. Even well known sites have been hacked before and trojans/spyware installing code installed.

And the FBI is not even going to touch your case unless you can prove more than $5000 damage.

The best bet going for the Mac until now has been its relative obscurity, but the backdoor on that site plus the fact that someone got hacked and got this installed on his machine means that this will probably increase in the future.

Well, the path to it actually happening is a little more convoluted, anyway. It'd take significantly more work for significantly less return as far as spreading goes, anyway. I can see the possibility of a hacker hacking into a website of a reputable software distributor and replacing a piece of their software with malware that resembles what's supposed to be there, but the amount of work involved (having to disguise your trojan as another app without it being detectable) vs. the # of people likely to download/install it before the hack was discovered and fixed would be a relative handful.

It also seems that access logs would make it somewhat easier to track the perpetrators, though I suppose if they can hack your site, they might be able to hack your access logs, too.

RE: obscurity-- I think even if you removed all the benefits of obscurity (presume mac/Wintel install base is 50/50) I think we'd still have a relatively more secure platform, though of course it's never going to be 100% fool-proof. Somebody somewhere is always hard at work on a better fool. I'm certainly not advocating anybody letting their guard down, and running their password as abc123 on a router DMZ.

[CharlesS]

Originally posted by chris v:
Well, the path to it actually happening is a little more convoluted, anyway. It'd take significantly more work for significantly less return as far as spreading goes, anyway. I can see the possibility of a hacker hacking into a website of a reputable software distributor and replacing a piece of their software with malware that resembles what's supposed to be there, but the amount of work involved (having to disguise your trojan as another app without it being detectable) vs. the # of people likely to download/install it before the hack was discovered and fixed would be a relative handful.

There'd be no need to do that - they'd just have to repackage the vendor's app so that the installer installs exactly the app it's supposed to... and also the trojan.

[piracy]

Originally posted by TETENAL:
It is sort of sad and disappointing that Mac users are engaged in something evil like this. We didn't have this in OS 9. Can't they use their talent on something constructive?

Um, huh?

There were dozens of actual *viruses* for Mac OS 9/8/7/etc.

There are STILL none for Mac OS X.[1]

This is a UNIX SHELL SCRIPT. That's it.

Yeah, it does some Mac OS X-specific stuff. But it's a SCRIPT.

[1] Note the *reason* there are none is because there's no way for them to propagate or spread; no method of infection. And a virus, script, etc., is useless if there is no way to spread it en masse.

[Angus_D]

Originally posted by piracy:
[1] Note the *reason* there are none is because there's no way for them to propagate or spread; no method of infection. And a virus, script, etc., is useless if there is no way to spread it en masse.

I'm sorry, but this is ********. The *reason* is that Macs have low market penetration.

[TETENAL]

Originally posted by piracy:
There were dozens of actual *viruses* for Mac OS 9/8/7/etc.

Yes, there were some viruses, but the majority of Mac users were just people who would like to get their work done in a constructive way and wouldn't wish harm to a fellow Mac user. We didn't have these "script kiddies" or "hackers" type of users. Now it seems the Unix underpinnings brought us the "script kiddies" to the platform. That's an unfortunate development.

[RayX]

---

[l008com]

Originally posted by theolein:
...I see know why they call them script kiddies. The average age seems to be around 14 and the level of knowledge is pretty poor. Don't tell me this is the best Mac hacking has to offer.

Real hackers don't go on forums and brag/advertise. Hacking is like a sword fight, you must think first before you move. When its properly used, your almost invincible.
Also, Wu Tang clan ain't nothing to f-with :-)

[theolein]

Originally posted by l008com:
Real hackers don't go on forums and brag/advertise. Hacking is like a sword fight, you must think first before you move. When its properly used, your almost invincible.
Also, Wu Tang clan ain't nothing to f-with :-)

That's not really true. The guys who brought down AOL, Yahoo etc a few years ago bragged about it on IRC. These four guys on Macunderground-DimBulb, gapple, JawnDoh!, Dr. Springfield-are not bad considering their level, and it's not atypical for them to post the code on a forum for hacking.

The piece of code is slowly evolving into something that could, not will, eventually be able to propagate itself and act as a rootkit. BUT, at the moment it's mainly a very sloppy backdoor that requires the machine to have been accessed beforehand either by bruteforcing or sniffing a ssh password, or hiding itself in another application.

That it is not so difficult to convince a Mac user to download a tricked application should perhaps be obvious: How many applications offer an md5 checksum on Macupdate or Versiontracker? That's right, almost none.

The danger is real. Until someone writes a scanner to look for tricked applications the reality is that this vector can be used. One way to protect onself if the application uses the .pkg format, if one has the knowledge, is to use CharlesS' pacifist to explore the package beforehand. If one has a spare computer, it would be wise to try out installs of shareware and other software there first.

[TETENAL]

Originally posted by theolein:
That it is not so difficult to convince a Mac user to download a tricked application should perhaps be obvious: How many applications offer an md5 checksum on Macupdate or Versiontracker? That's right, almost none.

Not too long ago, when the mp3 application surfaced, I suggested to digitally sign applications and you called it a bad idea.

[entrox]

Originally posted by Angus_D:
I'm sorry, but this is ********. The *reason* is that Macs have low market penetration.

Riddle me this: Unix as a whole has high market penetration. Why haven't there ever been any widely-spread Unix viruses?