[Merged] Zombie Mac "Botnet" is Active

[Jethryn Freyman]

Use pirated software, you deserve what you get.

One day, a trojan will be planted in non-pirated software, thousands of macs will be infected, and Windows users will be laughing their heads off.

You can't stop user stupidity, but Mac users are, in general, not cautious. Every mac user I know blindly enters their password into dialog boxes without question or hesitation.

 

[clevin]

I have.

so microsoft said something like "u use pirated software, u deserve the problem"? kindly show me a link please.

 

[snowmoon]

so microsoft said something like "u use pirated software, u deserve the problem"? kindly show me a link please.

Google: Microsoft "blames users"

http://news.zdnet.co.uk/software/0,1000000121,39418108,00.htm

"The number of virus infections found by a virus vendor does not necessarily equal poor security," wrote Kleef in a blog post. "In many cases it equals poor user behaviour. If I, despite all prompting and consent behaviour, choose to go to a (probably dodgy) website, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code then I'm hosed."

Kleef claimed the number of infections was not purely the operating system's fault, but said that "in some cases it's the user and their lack of knowledge and their implicit 'it-won't-happen-to-me' complacency" that causes them to get infected.

OSX is just as vulnerable as long as untrained users type their password for every .pkg file they install or app that claims they need more permissions.

 

[clevin]

Google: Microsoft "blames users"

http://news.zdnet.co.uk/software/0,1000000121,39418108,00.htm

OSX is just as vulnerable as long as untrained users type their password for every .pkg file they install or app that claims they need more permissions.

Great find!

Now if only apple can just do as microsoft did as well, patch it! Or suggesting an AV app for mac users.

 

[Tallest Skil]

One day, a trojan will be planted in non-pirated software, thousands of macs will be infected, and Windows users will be laughing their heads off.

Why? Not the laughing, the trojan in non-pirated software. It STILL boils down to end-user stupidity because, guess what, they didn't look to see where it came from before installing it. The end-user must consciously click past OS X's warning when opening a downloaded file. If you ignore it, it's your problem.

 

[clevin]

Why? Not the laughing, the trojan in non-pirated software. It STILL boils down to end-user stupidity because, guess what, they didn't look to see where it came from before installing it. The end-user must consciously click past OS X's warning when opening a downloaded file. If you ignore it, it's your problem.

what i haven been saying is. (at least from this point on)

after blame users for "stupidity", what solution do you offer? when the botnet start to do DDoS attack, those who are not infected are also affected.

Simply blaming users won't won any heart from users. If thats the only thing apple can comes up with, then they should tell each every buyer who walks into the store

"I won't help you if you download from bt and got infected with problem".

and see if the buyers want to proceed with transaction, otherwise, they are guilty of witholding crucial information.

 

[snowmoon]

Steps that don't involve "blaming the user"

1) Better developer guidelines to prevent unnecessary use of credentials
2) Hardening of the /System and /Library directory to prevent malware hooks at the system level
3) Promotion of code signing
4) Firewalling of unsigned apps

You can already see some of this. The keychain will allow newer version of *signed* applications to access passwords without a dialog box, but unsigned applications will get a dialog box after each upgrade to make sure you want to give them access to keychain. Newer restrictions on Input Managers are also designed to prevent code level access to every application running in the system ( still needs a lot of work ).

Security need not be a burden on the end-users with good guidelines and requirements.

 

[lordthistle]

Like in MS world, there is no way to prevent this from happening on a Mac.

Frankly, I do not understand how people can think that OS X is structurally safer than Vista. In my case, the XP machine I use at work has been running without a single security "infection" for years.

- thistle

 

[clevin]

Steps that don't involve "blaming the user"

1) Better developer guidelines to prevent unnecessary use of credentials
2) Hardening of the /System and /Library directory to prevent malware hooks at the system level
3) Promotion of code signing
4) Firewalling of unsigned apps

You can already see some of this. The keychain will allow newer version of *signed* applications to access passwords without a dialog box, but unsigned applications will get a dialog box after each upgrade to make sure you want to give them access to keychain. Newer restrictions on Input Managers are also designed to prevent code level access to every application running in the system ( still needs a lot of work ).

Security need not be a burden on the end-users with good guidelines and requirements.

well I agree with all of that, I dont think we should ignore the pink elephant in the room.

It happened, what should apple do after that?

I say

patch it, OR, suggest a 3rd party solution, preferably, free.

final, i hope you are not suggesting that an OS can be so good that it can prevent any security threat all the time. because thats impossible.

 

[snowmoon]

It happened, what should apple do after that?

users affected should reinstall from scratch, it's not Apple's problem.

final, i hope you are not suggesting that an OS can be so good that it can prevent any security threat all the time. because thats impossible.

haha, no, I work with computers and users.

I'm suggesting that security need not be complicated or onerous for end users, in fact, a truly robust system is probably going to be easier for the end-user. Apple is already taking steps in the right direction and it will be interesting to see how it goes in the future.

 

[clevin]

users affected should reinstall from scratch, it's not Apple's problem.

lol..

we need to get practical here. shall we?

Microsoft patches the OS all the time, AV softwares are numerous for windows, and users are still very unhappy. Now can you imagine for every security problem, every user is offered a solution of "re-install from scratch"?

If apple store were to tell every buyer

btw. if you got infected with malware or viruses by downloading stuff from bt, you will need to re-install from scratch, and we won't help ya

what do you think will happen?

Apple is already taking steps in the right direction and it will be interesting to see how it goes in the future.

what right steps are we talking about? I really don't know, enlighten me please.

 

[Eric S.]

well I agree with all of that, I dont think we should ignore the pink elephant in the room.

It happened, what should apple do after that?

I say

patch it, OR, suggest a 3rd party solution, preferably, free.

final, i hope you are not suggesting that an OS can be so good that it can prevent any security threat all the time. because thats impossible.

Apple regularly patches security holes in OS X in minor updates to the latest OS and in special security updates for the previous OS version.

I run both OS X and Windows XP. I always install all the latest patches, on XP I run AV software because viruses are a problem with Windows but not with OS X, and I only install software from known reputable sources. I keep backups of all my important data, and I don't lose a minute of sleep worrying about either of my OS's being infected.

 

[bruinsrme]

How does one get malware?

How does one get a virus?

Unsigned apps. So when I update a driver that is unsigned the OS should block it?

MS sends out a patch to block conflickr. There are users that still don't patch their systems? Virus and malware programs are readily available for FREE.

MS provides Windows Update and the ability to automatically install updates behind the scene so it doesn't bother the user.

ISPs are scanning emails for viruses as well.

I am at a loss not understanding how much more MS and other companies can do to protect users.

Anything created by humans can be altered or destroyed by humans.

Apple users have enjoyed very few issues that windows users have experieinced but the future may hold something different.

Users HAVE TO assume a level of ownership and responisiblity when using a public frontier such as the internet.

 

[snowmoon]

lol..

we need to get practical here. shall we?

Microsoft patches the OS all the time, AV softwares are numerous for windows, and users are still very unhappy. Now can you imagine for every security problem, every user is offered a solution of "re-install from scratch"?

Even with windows, reinstalling is the only* way to ensure a clean system.

This is not a bug in the OS so therefore what would they patch? The OSX is doing exactly what the user requested. Currently the best way to avoid this bot is to not (re)install the offending software. It's not like this bug allows the bot to be installed via "drive by download" or bug in file sharing, the user is asked to give it root permission.

To blame the users may be futile, but so is expecting the OS to "fix" bad behavior.

* Not quite anymore, some malware is learning how to inject itself into the bios or other component that is not cleared even after formatting.

 

[Amdahl]

Apple regularly patches security holes in OS X in minor updates to the latest OS and in special security updates for the previous OS version.

Mac users used to talk about how they used Macs for much longer than Windows machines typically lasted.

What do they say about Apple only providing security updates for two years(Given the typical rate of OS releases)?

All I can say is that Apple has a major day of reckoning coming, and the apologetic attitude of their fan base doesn't help.

My recommendation is five years of security updates for any product from the last date of sale. That means Tiger gets security updates until October 2012.

 

[magamo]

Some people run suspicious code to get porn/software for free.
Some people create viruses/trojan/whatever to spite others for nothing.
While those stupids are playing well together, I receive another spam email.
Something has to be wrong, but I'm not sure if it's OS's that are wrong.

 

[clevin]

Some people run suspicious code to get porn/software for free.
Some people create viruses/trojan/whatever to spite others for nothing.
While those stupids are playing well together, I receive another spam email.
Something has to be wrong, but I'm not sure if it's OS's that are wrong.

1. when accusing windows being unsafe, most mac fanboys seems have absolutely no problem with saying OS is at fault.

2. whose fault is a secondary issue in face of a problem, whoever is at fault, somebody needs to take care of users and do something about it. In the land of Mac, who do you think have any influence to take care of the problem?

Even with windows, reinstalling is the only* way to ensure a clean system.

This is not a bug in the OS so therefore what would they patch? The OSX is doing exactly what the user requested. Currently the best way to avoid this bot is to not (re)install the offending software. It's not like this bug allows the bot to be installed via "drive by download" or bug in file sharing, the user is asked to give it root permission.

To blame the users may be futile, but so is expecting the OS to "fix" bad behavior.

* Not quite anymore, some malware is learning how to inject itself into the bios or other component that is not cleared even after formatting.

thats absurd, millions of people running AV software out there on pc, whats the "only way" to ensure a clean system?

according to your logic, windows is just as safe as OSX.

Im not expecting OS to fix the bad behavior, Im asking OSX to fix the holes, and take care of mess of user's bad behavior. After all, if microsoft is trying to take care users' bad behavior (malware removal tool for an example), why shouldn't apple be doing the same thing.

 

[snowmoon]

What do they say about Apple only providing security updates for two years(Given the typical rate of OS releases)?

Apple provides security patches for the OS far longer than 2 years. Tiger was released in April of 2005 it's last minor revision was November 2007 ( 2.5 years ). The latest security update for Tiger was October 2008 ( 3.5 years ).

Apple will continue to release special security updates for 10.4.11 as needed to correct any serious security bugs. Is it really that unreasonable to upgrade to leopard or get newer hardware. Leopard is supported on hardware that is over 6 years old ( I'm running it on a MDD G4 ) and counting.

1. when accusing windows being unsafe, most mac fanboys seems have absolutely no problem with saying OS is at fault.

2. whose fault is a secondary issue in face of a problem, whoever is at fault, somebody needs to take care of users and do something about it. In the land of Mac, who do you think have any influence to take care of the problem?

1) Because windows is full of holes, defaults are far to permissive, and their precious backwards compatibility keeps volumes of poorly tested code close in the system. It's just bad engineering. When holes in OSX begin to become responsible for malware I'll be happy to blame Apple as well.

2) At the end of the day it's the users responsibility. Apple will try and help, but they can not prevent the execution of malicious code, all they can do is attempt to make bug free software and fix known holes.

thats absurd, millions of people running AV software out there on pc, whats the "only way" to ensure a clean system?

Two different issues... keeping the system from getting infected and cleaning an infected system are two aspects. A/V software can prevent infections, but can in no way provide assurances that the system is clean after an infection takes hold.

 

[Eric S.]

Apple provides security patches for the OS far longer than 2 years. Tiger was released in April of 2005 it's last minor revision was November 2007 ( 2.5 years ). The latest security update for Tiger was October 2008 ( 3.5 years ).

Actually the latest one was 2009-001 which came out this February. And 2009-002 should be released very soon, concurrently with 10.5.7.

Apple will continue to release special security updates for 10.4.11 as needed to correct any serious security bugs.

But probably only until the release of Snow Leopard later this year. Historically Apple has only supported one previous OS release with security updates. Like it or not, that has been Apple's policy. Whether that might change because a substantial number of people are likely to remain on Tiger is something we'll just have to see.

Is it really that unreasonable to upgrade to leopard or get newer hardware. Leopard is supported on hardware that is over 6 years old ( I'm running it on a MDD G4 ) and counting.

Well, that's another debate. I'm also running Leopard on a PM G4, a Sawtooth. But Leopard is probably the end, since PPC support appears about to be dropped in SL. I wish Apple had something in my PM's original price range to replace it but there's that "gaping hole" between the Mac mini and the Mac Pro. As I said though, another debate.

 

[snowmoon]

The last production PPC system was, I think, the G4 mini sold through February 2006... oops, Mid 2006 with the iMac G5*. So that's 3 years and it's OS, Tiger, is still supported. If they had Leopard they would, more than likely be supported another year as well ( 4 ) at least and considering Leopard will be the last of the PPC systems I would not be surprised if it's support lasts a little longer than most.

http://en.wikipedia.org/wiki/Timeline_of_Macintosh_models

In retrospect, if you had bought Mid 2006 would you have expected for OS support for a full 4-5 years at that point? It's not like we didn't know that the winds were changing at that point and some pundits did not expect to see 2 full OS releases ( Tiger and Leopard ) with full PPC support. It's also not like the systems drop dead when support stops, but Apple will stop making patches for vulnerabilities ( which probably are too obscure for exploit anyways ).

 

[KingYaba]

If you must download stuff via P2P (I do sometimes to be fair) then for heaven's sake get a virus/trojan/malware scanner and scan your downloads before installing.

I'd like someone to test this. I believe iWork came as a disk image am I correct? Scan the disk image with the iWork trojan and let's see if it picks it up.

 

[Eric S.]

In retrospect, if you had bought Mid 2006 would you have expected for OS support for a full 4-5 years at that point? It's not like we didn't know that the winds were changing at that point and some pundits did not expect to see 2 full OS releases ( Tiger and Leopard ) with full PPC support. It's also not like the systems drop dead when support stops, but Apple will stop making patches for vulnerabilities ( which probably are too obscure for exploit anyways ).

Is that directed at me? Did I say I expected OS support for a full 4-5 years? Or that I expected Apple to continue PPC support? No I did not.

But like I said, that is another debate.

 

[snowmoon]

Is that directed at me? Did I say I expected OS support for a full 4-5 years? Or that I expected Apple to continue PPC support? No I did not.

But like I said, that is another debate.

Not directed at you, just a statement. I personally think Apple has gone a long way to supporting the PPC hardware despite the move to Intel. I expect them to continue support for leopard at a minimum until 10.7 and possibly longer for those G5 PowerMac holdouts.

 

[Eric S.]

Not directed at you, just a statement. I personally think Apple has gone a long way to supporting the PPC hardware despite the move to Intel.

I agree. (Although I do think there was no reason to kill Classic in Leopard for PPC.)

I expect them to continue support for leopard at a minimum until 10.7 and possibly longer for those G5 PowerMac holdouts.

Historically we should expect to only get security updates for Leopard once 10.6 comes out. Tiger did get one minor update (10.4.11) three weeks after Leopard was released, but that is the only time Apple ever did that.

 

[Michaelgtrusa]

It was only a mater of time before this happened. The cold hard reality is that viruses are here to stay and there are plenty of people (governments) looking to compromise mac os. China is one such entity.