Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Quietly Goes After Mac Trojan With Update

kdawson posted more than 4 years ago | from the nothing-to-see-here dept.

Security 321

Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.

cancel ×

321 comments

Sorry! There are no comments related to the filter you selected.

Trojan for Mac had to appear some day... (0)

ls671 (1122017) | more than 4 years ago | (#32627524)

Trojan for Mac had to appear some day.

Well, I would bet this isn't the first one but anyways..

Hackers and what not typically target Windows.

They could probably benefit from the skills they have acquired in targeting Mac to target Linux as well.

Re:Trojan for Mac had to appear some day... (0, Troll)

Codename Dutchess (1782238) | more than 4 years ago | (#32627562)

You seriously think this could possibly be the first trojan for a mac os? Sounds like a mac user to me.

Re:Trojan for Mac had to appear some day... (0, Informative)

Anonymous Coward | more than 4 years ago | (#32627576)

Can you read?

Re:Trojan for Mac had to appear some day... (2, Informative)

OrwellianLurker (1739950) | more than 4 years ago | (#32627660)

Apparently the mods cannot read either.

Re:Trojan for Mac had to appear some day... (1)

mrsteveman1 (1010381) | more than 4 years ago | (#32627612)

It isn't even the first one that apple's built in "detection" looks for in downloaded files, this is the 4th or 5th i think.

Re:Trojan for Mac had to appear some day... (2, Insightful)

ls671 (1122017) | more than 4 years ago | (#32627744)

So how does Mac "detects" it ?

Does Mac have a built-in anti-virus or do they rely on something simpler like checksums or something like that ?

Anyway, as said in TFA, I guess all MAC users should install anti-virus software. I use clam on Linux although I run no daemon process. I only scan emails or other very suspicious downloaded files and I run a full scan every week during the night. I also rely on common sense and digital signature when I download/install software.

Re:Trojan for Mac had to appear some day... (0)

Anonymous Coward | more than 4 years ago | (#32628070)

They can search for strings inside executables easily using indexing. That's probably what they do, with some fancy scripts upon detection.

My guess.

Re:Trojan for Mac had to appear some day... (0)

Anonymous Coward | more than 4 years ago | (#32628144)

So how does Mac "detects" it ?

RTF 2nd Link

One does not have to wonder (1, Insightful)

goombah99 (560566) | more than 4 years ago | (#32627776)

I hate story blurbs that suggest the sinister ('one has to wonder!') when the only news is that apple added yet another trojan to it's list of other trojans. If you wanted to say something intelligent you might instead say something like "is apple the only OS that, at the OS level, has explicit trojan filters?" then you could remark about Linux distro's or various editions of Windows or maybe even Baracudda routers or something. But there is nothing sinister here, it's all good. Reminds me of Aharon AppleMcHater over at TGdaily. always the negative spin!

Re:One does not have to wonder (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32627956)

So you like it when the OS vendor pushes some software onto your system without any mention in the patch notes (which is the point of the article)? If so, you're posting on the wrong website.

Re:One does not have to wonder (0, Troll)

goombah99 (560566) | more than 4 years ago | (#32627980)

but they did have it in the notes. the article is wrong.

Re:One does not have to wonder (0)

Anonymous Coward | more than 4 years ago | (#32628060)

Care to actually point to a source that says it was in the original notes? Multiple sources say "it wasn't," you claim it was.

Re:One does not have to wonder (1)

dotwhynot (938895) | more than 4 years ago | (#32628062)

but they did have it in the notes. the article is wrong.

Uhm.. can you point to where you see that? Here are the notes: http://support.apple.com/kb/HT4188 [apple.com]

Re:Trojan for Mac had to appear some day... (0, Insightful)

Anonymous Coward | more than 4 years ago | (#32627748)

That sound you are hearing is not a Mac user. It is the sound of air currents swirling in a torrent between your ears.

Seriously, what does "I would bet this isn't the first one" mean to you?

Re:Trojan for Mac had to appear some day... (1, Informative)

Anonymous Coward | more than 4 years ago | (#32627622)

OSX is based on UNIX (and is a certified UNIX OS)
Linux is Not UNIX and although compatible is quite different to OSX

Re:Trojan for Mac had to appear some day... (5, Informative)

cbhacking (979169) | more than 4 years ago | (#32627772)

Part of writing serious malware, the sort that uses shellcodes and relies upon particular calling conventions and memory layouts, is very platform-specific. That kind of thing has to be learned anew for every platform one wants to target, often including different architectures of a given OS.

Trojans, on the other hand, are literally nothing other than programs that the user doesn't realize he is installing. They may attempt to hide themselves using platform-specific tricks, but at the end of the day, it's a program written like any other. OS X may emphasize Objective-C and de-emphasize its UNIX underpinnings for many things, but at the end of the day it uses a POSIX API very similar to the one found in Linux.

Hell, I've written software for the POSIX subsystem of NT on x86, and successfully ported it to Linux on ARM, with fewer than one #ifdef per KLOC. I strongly suspect that OS X is a lot closer to Linux than SUA (Microsoft's NT Subsystem for UNIX Applications) is to Linux, yet it wasn't hard at all. It wasn't malware, but if I'd wanted to I could have invisibly slipped it into an installer for some other program and then it would have been a trojan.

Re:Trojan for Mac had to appear some day... (5, Funny)

Anonymous Coward | more than 4 years ago | (#32628268)

Sir, you're never going to get modded up here if you continue to insist on posting clear, intelligent and rational comments that actually discuss the issues involved, backed up by your personal knowledge and experience.

Re:Trojan for Mac had to appear some day... (2)

grcumb (781340) | more than 4 years ago | (#32628190)

OSX is based on UNIX (and is a certified UNIX OS) Linux is Not UNIX and although compatible is quite different to OSX

Slightly OT, but amusing:

Linux Is Not UniX ia a (near-perfect) recursive acronym.

Re:Trojan for Mac had to appear some day... (2, Informative)

at_slashdot (674436) | more than 4 years ago | (#32627708)

I think you don't know what a trojan is. A trojan is a simple program that pretends to be something that it isn't. Any OS is vulnerable to such program because OSes are designed to, guess what, run programs, no OS is that smart to identify if a program is not doing what is claiming to do. (not getting into details, there are way to limit the damage and heuristics, but the main idea is that a trojan is a program that the user is running because he/she doesn't know any better).

Actually the big part of the problem is running programs from random sites on the internet, Linux for example has the advantage that most of the programs come from well vetted sources not from random sites that can be also be subject to phishing.

Re:Trojan for Mac had to appear some day... (3, Funny)

ls671 (1122017) | more than 4 years ago | (#32627880)

> I think you don't know what a trojan is....

I think you do not know who you are talking to ;-)

More seriously, I agree with what you say although. The best way that I know of to protect against trojans is to verify digital signature as I posted here:

http://apple.slashdot.org/comments.pl?sid=1691914&cid=32627744 [slashdot.org]

Then again, the line is slim between installing a trojan because you think it is iPhoto and installing a program because you are misguided into clicking onto something while browsing the web.

In modern times, the distinction between trojan, virus and spywarre and what not is harder to make. The iPhoto trojan is basically a rootkit. It doesn't matter if you get that rootkit installed by making the user believing he is installing iPhoto or by exploiting something else in the OS, you still end up with a rootkit installed on a remote machine.

As a matter of fact, the hackers will probably find another way to install their rootkit if they haven't already found one. Security is a global topic, punctually plugins holes isn't the way to go although it is required sometimes. Punctually plugging holes is part of a good security policy but it is no policy in itself.

Re:Trojan for Mac had to appear some day... (1)

at_slashdot (674436) | more than 4 years ago | (#32627976)

"It doesn't matter if you get that rootkit installed by making the user believing he is installing iPhoto or by exploiting something else in the OS, you still end up with a rootkit installed on a remote machine."

It does matter how the stuff gets installed, it matters if malware gets installed only by browsing a site that has a malicious ad that distributes malware, or the "hacker" needs to convince the user to install a fake iPhoto program. Just like it matters how you get a disease, by having sex or by drinking water, a disease is still a disease, but it matters a lot how it spreads. Wearing condoms won't protect you against water-related diseases.

Re:Trojan for Mac had to appear some day... (1)

ls671 (1122017) | more than 4 years ago | (#32628216)

Well, you should have mentioned digital signatures anyway. "Well vetted sources" means nothing.

I have no time to argue further whether "how it is installed' matters more than the end result.

Re:Trojan for Mac had to appear some day... (2, Funny)

at_slashdot (674436) | more than 4 years ago | (#32628284)

I also lack time to discuss every time I cannot come up with good arguments for my position :)

this is anything but new (5, Informative)

v1 (525388) | more than 4 years ago | (#32627754)

There's been malware out for mac for well over a year. The big one I run into is a self-decoding shell script that installs a root cronjob to redirect your dns servers. The machines get brought into me because their web browsing has gotten slower, due to the malware dns server the machine is now using being a lot slower than their ISP's.

I've actually ran into ONE example of a mac that was back-door'd, but thought it was an isolated targeted attack. (the victim was "high profile") But maybe it was just an early version of what's discussed in this thread.

BUT, tossing my hat into the ring as to whether or not Apple should be "hiding" the fix... check out the latest security update from Apple. HUGE list of security patches. (over 40?) All with accreditation to the people that brought the issues to Apple. It's not like they don't have issues, and it's not like they systematically hide them. They just tend to fix them very quickly, and have very few (relatively speaking) to fix in the first place. Apple is well-known to include security updates and fixes in their OS updates, they don't all land in security updates. That's all this one was. It's very likely there were a dozen other security-related fixes made in the 10.6.4 update. This one they just happened to notice. Apple just doesn't usually put a security-fix accreditation readme in with their OS updates. Is that the real issue here I wonder?

Re:this is anything but new (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32627878)

Fix them very quickly? Not true. They fix the ones made public very quickly but they are often as slow as Microsoft used to be at fixing the ones that don't make a splash. Microsoft in the meantime has gotten much more agile and serious about fixing bugs when they're reported all the while bitching if someone dares go public too quickly for their taste ala Google. Microsoft has gotten good at keeping researchers from telling anyone anything while Apple has simply been happy that no one has noticed. As Apple's market share rises they are becoming a target and if there wasn't so much money in it we'd probably have already seen a nasty worm or two. But these days that's a waste of money - black hats now make big bucks off of exploited machines and that stuff doesn't just get thrown around like it used to for giggles.

Meanwhile the "experts" at the Apple store tell customers that their machines "can't get viruses because they're built different". Seriously - this was overheard at one of their stores and it's mind boggling.

Re:this is anything but new (4, Interesting)

eihab (823648) | more than 4 years ago | (#32628052)

Microsoft in the meantime has gotten much more agile and serious about fixing bugs when they're reported all the while bitching if someone dares go public too quickly for their taste ala Google.

Too quickly for their taste?

I don't know what world you live in where you can patch something as complicated as windows in five days.

Do you know how many versions and language combination of windows there are? Testing and QA that goes into it? Documentation?

It's not like your small little project where you fix a couple of lines and call it done you know.

And also, it wasn't "Google" per se, one of their security researchers did it, and according to his tweets he claims that this was done on his own time.

But sure, let's ignore the facts and label this as a clash of the titans.

Re:this is anything but new (1)

zippthorne (748122) | more than 4 years ago | (#32627942)

Interesting. Although I find it hard to believe that even a malware DNS would be slower than my ISP's DNS...

Re:this is anything but new (1)

v1 (525388) | more than 4 years ago | (#32628088)

Use Google Public DNS [google.com] . Easy to remember too. 8.8.8.8 and 8.8.4.4

Re:this is anything but new (0)

Anonymous Coward | more than 4 years ago | (#32628134)

You might notice your browsing improved then. :p

Re:Trojan for Mac had to appear some day... (4, Informative)

Low Ranked Craig (1327799) | more than 4 years ago | (#32627788)

Trojans for Macs are really no different than any other OS. It just takes a bit of social engineering or something like that, because a trojan, unlike a virus, requires the user to install it. When you install something on a Mac (and windows depending on your settings) you need to type in a password and specifically give permissions to do so. Mac trojans and assorted malware have been around for awhile. What I'm not aware of are any successful Mac OS viruses in the wild, i.e. a "drive-by" infection: getting infected simply by opening an e-mail or a web page.

Let's get this out of the way, shall we? (0)

Anonymous Coward | more than 4 years ago | (#32627542)

Apple gets malwareses? That's unpossible!

Re:Let's get this out of the way, shall we? (5, Funny)

Cwix (1671282) | more than 4 years ago | (#32627638)

I know.. this is Bill Gates and Linus Trovalds secret plot to make Apple look bad. Theres no such thing as mac malware, Steve Jobs would never allow it. He has out best interests at heart.. right.. RIGHT?!?!
Anyways even if there was mac malware, They would be forthcoming, and quit claiming to be malware free... I mean they would never lie or mislead us right.. RIGHT!?!?

Disclaimer to the mac fanbois, if you cant take a joke, don't bother replying.

Re:Let's get this out of the way, shall we? (0)

Anonymous Coward | more than 4 years ago | (#32627698)

Ever heard about "irony"?

Re:Let's get this out of the way, shall we? (3, Funny)

aedan (196243) | more than 4 years ago | (#32628094)

Yes, it's like coppery.

Re:Let's get this out of the way, shall we? (0)

arbiter1 (1204146) | more than 4 years ago | (#32627966)

IF apple pushed this update in secret, makes you wonder over the years WHAT ELSE they have pushed in secret for other flaw's

Re:Let's get this out of the way, shall we? (4, Insightful)

Bungie (192858) | more than 4 years ago | (#32628240)

If you're just starting to wonder now then you're gonna be in for a shock. Apple has never been a really transparent company about what they do, and they've always just pushed and bundled things however they like.

Re:Let's get this out of the way, shall we? (1)

Cheech Wizard (698728) | more than 4 years ago | (#32628256)

Golly, Apple is the only company out there that has pushed an update "...in secret...", so let's bash Apple. Tee hee heee!

Re:Let's get this out of the way, shall we? (-1, Flamebait)

symbolset (646467) | more than 4 years ago | (#32627690)

Apple's update to detect "HellRTS" more than doubles the size of the XProtect.plist file from 2.4k to 5.1k. There are still a lot of Mac threats it doesn't protect against.

Oh, noes! Now there are TWO automatically detected and prevented pieces of malware written for OS-X. All hope of securing your Mac is lost. Best to go back to Windows where it's safe.

Re:Let's get this out of the way, shall we? (1, Informative)

logjon (1411219) | more than 4 years ago | (#32627756)

My Windows box is perfectly safe because I'm not a moron.

Re:Let's get this out of the way, shall we? (1, Insightful)

phoenix321 (734987) | more than 4 years ago | (#32627810)

What would you choose?

"Unsinkable" modern passenger ship with no lifeboats or worn African ferryboat with more lifeboats than seats?

Re:Let's get this out of the way, shall we? (0)

Anonymous Coward | more than 4 years ago | (#32628032)

I'd prefer flying.

At least I'll get where I'm going much quicker.

But really, you're giving an example of a textbook "false choice" as nobody is going to build a modern passenger ship without lifeboats and no African ferryboat is going to bother with lifeboats anyway.

Even the Titanic, the canonical example of "unsinkable" actually had lifeboats, and could have carried more than enough to match its passenger capacity, but well...they chose not to use them.

Then again, they chose not to load the lifeboats they did have to capacity anyway, so...

Re:Let's get this out of the way, shall we? (1)

LordLimecat (1103839) | more than 4 years ago | (#32628034)

So youre saying security updates are the lifeboats, and we can judge the security of a program by how many security updates per unit time it has?

thats real good advice, Ill keep that in mind.

Re:Let's get this out of the way, shall we? (5, Insightful)

hairyfeet (841228) | more than 4 years ago | (#32627838)

Actually funny you should say that, as I would say that most Windows users would be safer as they know there is malware for Windows and thus are more likely to have AV and Antimal. I had to clean up a few Macs infected with the "Mac Codec" DNSChanger awhile back, and I literally had to take them to a security site and show them a security report saying "This is Mac malware" because they completely refused to believe it was possible for a Mac to get malware, because that was what they had been told so often. One even got irate with me because "WTF is the point of spending all this money buying a Mac and a bunch of new stuff to go with it if I can still get infected!!!". I told him to go take it up with the guys at the Genius Bar, because I just fix boxes.

So I would say, especially with Windows 7 where there are features like ASLR, NX bit, and Windows Defender by default, that Windows users are probably safer because they know of the dangers out there. Many Mac users think they can run whatever they want and do anything because "Macs can't get bugs" and are therefor less likely to have good safety practices like have an AV or worry about updates. BTW all the guys that hope for a "Year of the Linux Desktop"? Guess what inevitably comes with clueless users? Can you say malware and headaches boys and girls? Believe me, I tried converting a "must click on teh pron!" Windows user to Linux once, he managed to break the OS in just three days. No matter the OS, stupid is as stupid does.

Re:Let's get this out of the way, shall we? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32627998)

That's true, PCs must be safer. This explains why there is a much higher percentage of PC users with zombied PCs than Mac users with zombied Macs (no citation, sorry -- I'm just going by my gut here).

Also, people who break their computers are stupid. Why do they always expect the computer to work the way they want it to?

I mean, computers invented humans to do work for them right?

Re:Let's get this out of the way, shall we? (1)

LordLimecat (1103839) | more than 4 years ago | (#32628064)

and thus are more likely to have AV and Antimal.

Ive never understood this. Can anyone explain why there is a significant difference between virus and malware, and why anyone would recommend 2 security programs running simultaneously? Doesnt this run dangerously close to the "2 antiviruses will wreck your machine" line?

Really just sounds like an attempt by security vendors to convince you to pay twice TBQH, last time i checked most of the free AVs made it clear they cover viruses, trojans, worms, malware, etc.

Re:Let's get this out of the way, shall we? (1, Interesting)

gilesjuk (604902) | more than 4 years ago | (#32628316)

The difference with Windows to OSX is Windows has a lot of backward compatibility with older software that weakens it. Renaming an installer to a specific filename defeated the protection in Vista.

To to mention autorun from USB sticks and other braindead convenience features (which are being removed or have been).

Security in OSX is mostly based around sound Unix principles. There's no awful backward compatibility in the Unix underpinnings.

Re:Let's get this out of the way, shall we? (1)

luther349 (645380) | more than 4 years ago | (#32628332)

yea i get that question in linux help irc all the time can linux get infected and they abought die when i say yes. but then i enplane its alot harder to infect linux do it its very secure nature. as apple just did when a trojen etc come out you can update the os agenst it. you cant do that with windows. as you said many users think it just cant happon and its untrue.

If they're trying to keep it secret (1)

spleen_blender (949762) | more than 4 years ago | (#32627556)

Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?

Re:If they're trying to keep it secret (1)

MokuMokuRyoushi (1701196) | more than 4 years ago | (#32627594)

Its secret because, believe it or not, many people go their whole lives without visiting tech sites, or caring about the malware they weren't told about. Security through obscurity, or something like that...

Re:If they're trying to keep it secret (5, Funny)

sindarta (1691550) | more than 4 years ago | (#32627648)

many people go their whole lives without visiting tech sites

They don't? What an unintresting life they must lead with their travels and friends and social life. Repulsive.

Re:If they're trying to keep it secret (0)

logjon (1411219) | more than 4 years ago | (#32627672)

Can't tell whether your parent went over your head or if you're just building a piss-poor straw man.

Re:If they're trying to keep it secret (4, Funny)

MokuMokuRyoushi (1701196) | more than 4 years ago | (#32627872)

Can't tell whether your parent went over your head or if you're just building a piss-poor straw man.

Ahem...

Re:If they're trying to keep it secret (5, Insightful)

Facegarden (967477) | more than 4 years ago | (#32627614)

Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?

I would hardly call release notes for a bugfix "shoving it in their face."

It makes a lot of sense to say what you fixed in a bugfix, so people clearly know if a system needs a bugfix, or is safe.

Hiding it makes a lot of sense if you don't want to look bad, but is unhelpful to users who want to know if they need to update their systems or if it can wait.

This is probably more of an issue for enterprise users, and in that case their are fewer macs for sure, but its a good practice to be honest about what you're fixing, and covering that up is dishonest.
-Taylor

Re:If they're trying to keep it secret (5, Interesting)

phantomfive (622387) | more than 4 years ago | (#32627746)

Hiding it makes a lot of sense if you don't want to look bad,

It's really hard for me to believe that's the reason they did it, given the number of ugly things they did announce [apple.com] , including a few bugs that give complete control of the computer just by opening a web page. They could have added a line about updating malware signatures, and if they worded it right, avoided the bad press (I mean, it's not like it's the first time there has been a trojan for OSX).

It is more likely that the internal communication processes at Apple got mixed up, and the people in charge of updating the malware signatures haven't gotten in contact with the people in charge of writing the release notes. I don't think that is an uncommon thing in large (and even small) companies.

Re:If they're trying to keep it secret (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32627798)

Taylor is a faggot's name.

I guess that'd explain why you use it.

Re:If they're trying to keep it secret (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32627950)

Macfag. Go put on your iPad before your iPeriod bleeds all over the fucking iCarpet.

Re:If they're trying to keep it secret (0)

Anonymous Coward | more than 4 years ago | (#32628308)

Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?

I would hardly call release notes for a bugfix "shoving it in their face."

There is no bugfix - there isn't even a bug.

Re:If they're trying to keep it secret (1, Informative)

Anonymous Coward | more than 4 years ago | (#32627670)

Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?

If you RTFA you will see that it is only publically available thanks to security software maker Sophos, who dissected the update and found the code. This is not coming from Apple in any way, as you seem to imply, they won't even confirm or comment on it.

From TFA:

Sophos senior technology consultant Graham Cluley, in a Friday blog post, asserts that Apple quietly patched the Mac's malware protection to thwart a backdoor Trojan horse that could allow hackers to control an iMac or MacBook remotely. Apple's OS X 10.6.4 upgrade secretly patched XProtect.plist, a file that contains "elementary signatures of a handful of Mac threats - to detect what they call HellRTS," Cluley writes. Malicious hackers have been disguising HellRTS as iPhoto, the Mac's photo-editing program.

security patch? (0)

Anonymous Coward | more than 4 years ago | (#32627584)

I'm not sure this is really comparable to Microsoft's recent stealth security patches as it does not appear to be a fix for flaw in the OS. It's more akin to regular anti-virus definition updates. It should still be mentioned in the README and that would be good for Apple's image ("updated anti-malware protection").

You have to wonder? (0, Flamebait)

Culture20 (968837) | more than 4 years ago | (#32627626)

There's no wondering involved. They had a commercial that blatantly said that Macs don't get viruses. Liars.

Re:You have to wonder? (5, Informative)

grapes911 (646574) | more than 4 years ago | (#32627640)

trojan != virus

Re:You have to wonder? (1)

phoenix321 (734987) | more than 4 years ago | (#32627844)

Don't malware writers turned over to writing malware for profit AND mischief instead of just mischief?

Do non-trojan viruses even exist anymore? Isn't all malware today some kind of trojan?

Re:You have to wonder? (0)

Anonymous Coward | more than 4 years ago | (#32627990)

Don't malware writers turned over to writing malware for profit AND mischief instead of just mischief?

Do non-trojan viruses even exist anymore? Isn't all malware today some kind of trojan?

True. The 'traditional' virus today mostly exists only in the minds of non-Windows users.

Re:You have to wonder? (2, Informative)

Ethanol-fueled (1125189) | more than 4 years ago | (#32627892)

Every pedant in this thread likes to say that trojans are technically different than viruses.

The kind of person who would buy a mac because they "don't get viruses" would be very pissed after stumbling upon this article and especially this condescending, duplicitous thread.

People from the Windows world know this - the average user dosen't give a shit about the differences between viruses and trojans. If it makes their AV software blink red, it's bad.

Re:You have to wonder? (4, Informative)

jedidiah (1196) | more than 4 years ago | (#32628022)

The kind of user that buys a Mac probably doesn't care about "details".

A virus is called a virus for a reason. It's called a virus because it
shares an important characteristic with biological organisms.

It can replicate itself.

A Trojan is just a stupid program that doesn't do what it says.

Similarly, a Trojan is called that for a reason. You have to go outside
the city walls and drag it back inside your perimeter before it does you
any damage.

Yes, these little "details" like words and terms that have actual specific meaning are important.

Re:You have to wonder? (3, Funny)

thms (1339227) | more than 4 years ago | (#32627934)

While we are nitpicking, the Trojans are the good guys. You have to be on the lookout for the sneaky Greeks.

Beware of Greeks bearing gifts! And in all seriousness, using the proper term might cause a few more users to think twice about clicking "Ok" and instead thinking about ancient stories and their modern parallels.

Re:You have to wonder? (0)

toadlife (301863) | more than 4 years ago | (#32628002)

trojan != virus

Nobody cares.

The virus/trojan/worm debate is like the hacker/cracker debate. Nobody outside of a small circle of pedant techies with an agenda give a shit.

To the general public (the people who Apple commercials target), the term virus is an all-encompassing term for malware.

Re:You have to wonder? (5, Funny)

kdogg73 (771674) | more than 4 years ago | (#32627644)

Sometimes a trojan prevents a virus.

Re:You have to wonder? (1, Informative)

topham (32406) | more than 4 years ago | (#32627646)

Trojans aren't viruses.

Please list off all the viruses that will run on Snow Leopard.

Re:You have to wonder? (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32627792)

Trojans aren't viruses.

Please list off all the viruses that will run on Snow Leopard.

Mac users are very fond of pointing out this distinction, leaving out that trojans and malware, and social engineering, these days are the overwhelming majority of Windows issues as well. The traditional virus is mostly a thing of the past.

Re:You have to wonder? (2, Interesting)

jedidiah (1196) | more than 4 years ago | (#32628048)

...except Windows is automated to the point that "trojans" become viruses.

That is the whole problem that Windows has created and magnified. They
have taken situations that previously didn't have any risk of viral
infection and added automatic execution of random untrusted programs.

It's like having walls that pull through any Athenians or Spartans that happen to standing outside.

Suddenly, the Trojans are wondering WTF is Achilles doing in the middle of the Palace.

Re:You have to wonder? (1)

an unsound mind (1419599) | more than 4 years ago | (#32628278)

So, what? It's okay to twist terminology to make it look like Windows is full of holes and Macs are vulnerability-free?

The same types of vulnerabilities and same types of malware exist on both; less of either have been found on Macs, but that's explained by the lower market share. The architecture of Mac OS X may make cleanup easier, but viruses stuck in user space aren't harmless.

Re:You have to wonder? (1, Funny)

RobertM1968 (951074) | more than 4 years ago | (#32627960)

Trojans aren't viruses.

Please list off all the viruses that will run on Snow Leopard.

Well, via Parallels or VirtualBox, one can run the following viruses on Snow Leapard: Windows XP, Windows Vista, Windows 2000... and I am sure others. ;-)

Re:You have to wonder? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32627652)

Yeah, because a file that you have to manually download and install is TOTALLY the same as the drive-by malware and / or remote kernel exploits that IE / Windows users know and love. And before you go back to licking Steve Ballmer's asshole, you may want to note that there's a difference between a virus and a trojan.

Re:You have to wonder? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32627732)

>And before you go back to licking Steve Ballmer's asshole

Apple zealot detected.

Re:You have to wonder? (-1, Troll)

jedidiah (1196) | more than 4 years ago | (#32628092)

He could be a Linux Zealot too...

Avoiding Microsoft as much as you can is the best anti-virus by far.

Re:You have to wonder? (1, Insightful)

Graff (532189) | more than 4 years ago | (#32627686)

There's no wondering involved. They had a commercial that blatantly said that Macs don't get viruses. Liars.

This may be news to you but trojans are not viruses. There are, in fact, no Mac OS X viruses in the wild. There are some spyware, adware, and trojans but they are few and far between and there is protection built-in to the operating system to deal with most of them.

Saying that Mac OS X does not have any viruses at this point in time is 100% true.

Re:You have to wonder? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32627832)

There's no wondering involved. They had a commercial that blatantly said that Macs don't get viruses. Liars.

This may be news to you but trojans are not viruses. There are, in fact, no Mac OS X viruses in the wild. There are some spyware, adware, and trojans but they are few and far between and there is protection built-in to the operating system to deal with most of them.

Saying that Mac OS X does not have any viruses at this point in time is 100% true.

Only problem being, by that definition, Windows nowdays doesn't have viruses either. They just have spyware, adware, and trojans. Which work just as well, thank you very much.

So either Apple was lying or they're just as slimy as the used car salesman who'll sell you a lemon on technicalities.

Re:You have to wonder? (1, Informative)

Graff (532189) | more than 4 years ago | (#32628238)

Only problem being, by that definition, Windows nowdays doesn't have viruses either. They just have spyware, adware, and trojans.

Oh really? You mean these aren't viruses?

These all fit the definition of a virus and there are tons more in the McAfee Threat Center.

Re:You have to wonder? (1)

Khyber (864651) | more than 4 years ago | (#32627862)

"This may be news to you but trojans are not viruses."

This may be news to you but I've written several trojans for DOS that were indeed viruses.

You might wish to rethink that statement you just made.

Re:You have to wonder? (1)

Jeremi (14640) | more than 4 years ago | (#32627986)

I know a guy who made a car that also works as a boat.

Therefore cars are boats. Anyone who says differently is lying,

A Billion Monkeys (1)

Gary W. Longsine (124661) | more than 4 years ago | (#32628114)

Well, assuming your claim is true, you wrote malware which included trojan and virus features. There are tens of thousands of those on Windows. They can replicate through a variety of mechanisms which don't require users to provide special authorization, or even take any action (viruses), propagate to other systems via network accessible security holes (worms) or trick the user into clicking something (trojans). Perhaps you have an english-as-a-second-language issue, but trojans are still not viruses, even when you link them into the same binary. You might want to rethink that last statement you just made.

Re:You have to wonder? (1)

Graff (532189) | more than 4 years ago | (#32628132)

This may be news to you but I've written several trojans for DOS that were indeed viruses.

A trojan is a program that appears to do something the user desires but instead does something malicious behind the scenes. A virus is a self-replicating bit of code that attaches to executing code in order to replicate.

You may have written a trojan that released a virus but that doesn't mean that a trojan is a virus.

There are currently no viruses in the wild for Mac OS X. Trojans are another story.

Re:You have to wonder? (1)

Nerdfest (867930) | more than 4 years ago | (#32628156)

You an really only go as far as saying "There are, in fact, no known Mac OS X viruses in the wild".

Re:You have to wonder? (1)

Graff (532189) | more than 4 years ago | (#32628270)

You an really only go as far as saying "There are, in fact, no known Mac OS X viruses in the wild".

Of course! Just like you can say "There are, in fact, no known Flying Spaghetti Monsters in the wild."

Re:You have to wonder? (1)

dfghjk (711126) | more than 4 years ago | (#32628170)

"Saying that Mac OS X does not have any viruses at this point in time is 100% true."

I'm sure that will be great comfort to the victims of OS X malware.

You hear it all the time. (0)

Anonymous Coward | more than 4 years ago | (#32627654)

Macs are secure, zero viruses, etc etc!
Why wouldn't this attitude go all the way to the top?

Well, you see... (1, Funny)

Anonymous Coward | more than 4 years ago | (#32627710)

We PCs like to hear about updates about malware, trjoans or some new exploit in the system was found, and when a fix is available, because then we are then warned about the dangers of it, and ways to avoid it until we get the fix.

With Macs, it seems they aren't getting a warning at all, and thus, could get into trouble before a fix arrives.

It's good to be a PC.

Security as it should be (3, Interesting)

GreatBunzinni (642500) | more than 4 years ago | (#32627722)

This is a good opportunity for the world to rethink its perception of what viruses, trojans and the like are. Due to the vast and never ending list of problems and software defects that plague the dominating platform (i.e., microsoft windows) since it's inception and continue to affect it up to this day, the world has been conditioned to think that having a base system with so many profoundly serious defects is somehow acceptable. I mean, these bugs are so serious that they even let other people take over your system, a system that you've paid with your hard-earned money to be able to use as you use fit. Why exactly should this be normal, let alone acceptable?

In this instance we have a very rare glimpse of what the issue of software vulnerabilities is and how it should be handled. A very serious software bug could be exploited by malicious people to be able to gain control of the system and that problem was fixed by fixing the software bug. That is exactly how it should be. Yet, what Microsoft forced us to believe it is the right way of handling this thing is let that security hole stay wide open. What Microsoft forced the world to believe is that you solve the problems arising from any security bug by paying some third-party vendor for a piece of software that monitors your system for a hand full of instances of malicious code that made it's way into your system through those security holes. And this has become acceptable why? It's as you've bought a house with so many holes that could be used by malicious people to enter your house as they see fit and take over it. The problem lies in those holes being there and the problem doesn't go away if you employ security guards instead of plugging those damn holes your incompetent builder left there.

Re:Security as it should be (1)

toadlife (301863) | more than 4 years ago | (#32628054)

Due to the vast and never ending list of problems and software defects that plague the dominating platform (i.e., microsoft windows) since it's inception and continue to affect it up to this day, the world has been conditioned to think that having a base system with so many profoundly serious defects is somehow acceptable.

So what are the architectural differences in OSX or Linux that would protect everyone from malware if they were the dominant platforms?

Yet, what Microsoft forced us to believe it is the right way of handling this thing is let that security hole stay wide open.

What the hell are you talking about?

Get a clue Clulely! (-1, Troll)

lemur3 (997863) | more than 4 years ago | (#32627742)

BREAKING NEWS!!! Stop The Presses!

"Apple has updated XProtect.plist - the rudimentary file that contains elementary signatures of a handful of Mac threats"

How dare they not tell us about such an important change... With such dramatically huge changes like this one going undocumented I just don't know how much longer I can trust these guys.

Re:Get a clue Clulely! (1)

phoenix321 (734987) | more than 4 years ago | (#32627864)

Being open about one's shortcomings is a prerequisite for trust.

I'd rather drive a car that underwent several public recalls instead of a car with defects that the manufacturer kept silent about.

Re:Get a clue Clulely! (1)

lemur3 (997863) | more than 4 years ago | (#32627898)

remember that one Dr Who episode?

"If I told you everything you wouldn't need to trust me"

No reason to speak up (0, Troll)

Anonymous Coward | more than 4 years ago | (#32627764)

Many Mac users don't mind being back doored.

The issue is more secure (0)

Anonymous Coward | more than 4 years ago | (#32627780)

Nothing is a 100% secure. I own both Macs and PCs and neither is a 100% secure but the Macs probably after five years of owning them along side PCs, I've used PCs for 23 years, I'd say the Macs have 5% of the security issues the PCs do. Windows 2000 was worse yet although it wasn't a bad OS to use. I did recently get some malware that was slowing down a Snow Leopard Mac. The one cool thing is I redid the OS quick and painless and just dragged my software back into the folder from a backup drive, no installing needed. I was back up and running in two hours where as to do the same with a PC would have cost me a day or two.

OMG (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32627782)

I need to install this security vendor's third-party software to protect myself from installing third-party software.

BTW what's the ETA on the next Slashdot complaint on the iPhone/iPad closed ecosystem?

When will we get automatic patching? (4, Insightful)

zerofoo (262795) | more than 4 years ago | (#32627910)

I use apple's software update server to distribute patches and updates at my company. I never understood why apple gives us a mechanism to centrally control and distribute patches, but no way to automatically install them.

This is one thing that Microsoft got right. Centrally distributing and installing patches is stupidly easy in the windows world. It pains me to say this, but the lack of automatic patching will bite apple and their users one day.

Re:When will we get automatic patching? (1)

jjoelc (1589361) | more than 4 years ago | (#32628234)

agreed.. but I'm not holding my breath. Apple has just never really shown much interest in the enterprise market. If they had, they would undoubtedly have more... enterprise features... the tools are certainly out there, and Apple really wouldn't have that hard a time implementing them, I wouldn't think...

It is kind of a vicious circle in a way.. lack of tools prevents wider enterprise acceptance, lack of acceptance means the company has less reason to focus on the category and make improvements...

But I really think it all starts with Apple not really caring about that segment of the market.

I'm confused (1)

selven (1556643) | more than 4 years ago | (#32628014)

While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.

How exactly are these two objectives different from each other?

The inevitable words of Nelson (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32628044)

HA HA

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>