Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

novicew

macrumors member
Original poster
I have added some interesting links in my blog for those who are interested in mac security .

Happy reading!

Before you read any further you may read this article.
 
novicew said:
After all no operating system is safer today. This applies to OSX as well.

Just heard about “Leap -A” virus targeted at OSX 10.4.X. According to many anti-virus software firms the threat which course by this virus is not regarded major as it requires user intervention in several stages before it attacks the system.

But this could be the beginning of a new era for virus developers. I guess their understanding of intel processors are much more than PPC processors. Therefore writing a virus targeting future generation of intel based macs can be way more higher.

First off, Leap-A is a trojan. Not a virus. Second off, it doesn't target Intel, so Intel PPC has nothing to do with this. At all.
 
stridey said:
First off, Leap-A is a trojan. Not a virus. Second off, it doesn't target Intel, so Intel PPC has nothing to do with this. At all.

I know that certain ppl call it a trojan because it doesn't selfpropergate . But my sources of information are macworld and BBC. If you carefully read the comment by Sopho, ("Anti-virus software maker Sophos takes issue with this description, claiming this is the “first ever virus for Mac OS X.") you will know what I mean.

Second off, I never claimed that this purticular virus/trojan is targeted at intel. It was my prediction about the future tendency.

Sorry for the misunderstanding.
 
What is a virus?
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user.

What is a Trojan horse?
Trojan Horses are impostors--files that claim to be something desirable but, in fact, are malicious.

from www.symantec.com

It's a t-r-o-j-a-n...there still are no viruses for Mac OS X🙄
 
the architecture (ie Intel or PPC) doesn't make a difference when making a virus. i virus is software-based code. its knowing Windows vs. OS X vulnerabilities that is the difference, and how to exploit them. the switch to Intel makes no difference.
 
"looming threat of viruses" I don't think so....
This has been exaggerated out of proportion.
and as PlaceofDis said it has nothing at all to do with the architecture.
 
PlaceofDis said:
the architecture (ie Intel or PPC) doesn't make a difference when making a virus. i virus is software-based code. its knowing Windows vs. OS X vulnerabilities that is the difference, and how to exploit them. the switch to Intel makes no difference.

I think it does. Imagine if you install a Virtual PC running windows on an intel based Mac. If the Windows system become infected by a virus, it's propergation can be easily executed if you have only one platform. As the hackers have more access to intel based processor information their workload will be less.

Some more facts.

By the way, I don't believe the threat is comparable with Windows but it will be significantly higher than a PPC based system. That's what I think.
 
Um viruses/trojans/worms are for software not hardware. It's just a coincidence that it came out with the intel switch. Please explain how the chip makes a difference.....it doesn't. I could have a intel chip with no os on it and guess what I would have no virus. All about the code which is specific to the os
 
There is no "looming threat".

This is alarmist, upsetting twaddle that will unnecessarily frighten the ill-informed and the insecure, while failing to provide sufficient straightforward information to allow them to help diminish their (already well-known) vulnerability.

For the tech-savvy it contains so many half-truths, omissions and plain pointless speculation as to be annoying and so little of actual substance as to achieve anything.

And that's just the title.

Please cease and desist. This is helping no one.
 
novicew said:
I think it does. Imagine if you install a Virtual PC running windows on an intel based Mac. If the Windows system become infected by a virus, it's propergation can be easily executed if you have only one platform. As the hackers have more access to intel based processor information their workload will be less.
O my. I don't know what to say. I am sorry to tell you but THERE IS VIRTUAL PC FOR PPC ONLY, it does not exist yet for intel. Second any virus designed for XP in a x86 will also run in virtual PC for PPC. Same code different architecture. Explain this one please?
 
Some people just shouldn't be allowed to write on the internet about things they know absolutely nothing about.

This is just disgusting that you don't know that the architecture differences means nothing to viruses
 
Some things I've noticed:

A) News people tend to oversenationalize their tech stories.

B) Anti-virus companies jump on every oportunity to sell their products.

So, do you think your sources could be a little biased?
 
PlaceofDis said:
the architecture (ie Intel or PPC) doesn't make a difference when making a virus. i virus is software-based code. its knowing Windows vs. OS X vulnerabilities that is the difference, and how to exploit them. the switch to Intel makes no difference.
Right. To illustrate, I was playing around with this and can get a perfectly good OS X virus going using Python or Perl. App bundles make this really easy. The only place where a small universal binary might be helpful is in the form of a tiny setuid helper app, to eliminate the dependency on the default admin user situation. It would be trivial to integrate this into a widely distributed warez installer or drag-to-install program (say, a prerelease version of some Google product) and spread the love.
 
Well actually it does make a difference if it's PowerPC or Intel if we're talking about viruses that overrun the buffer, corrupt the heap or exploit similar low-level vulnerabilities in buggy software.

The differences aren't huge, but they could make a difference. The PowerPCs separate data and instruction cache is an additional obstactle that the attacker has to get past in a buffer overrun situation.

Then it's sometimes important for the attacker to be able to write meaningful machine instruction without using forbidden string character. The forbidden characters will depend on the protocol. Since the machine instructions are different between PowerPC and Intel, this may be easier or more difficult. I'm not sure which.

The PowerPC has no one byte machine codes, and the machine codes need to be aligned. That can make it difficult to reliably execute malicious virus code.

I would also guess that the difference in function calls and other details between the two architectures can make it more difficult or easier to for example jump to the malicious code that the attacker wants to execute.


For trojans and worms that don't exploit any low-level vulnerabilities, the architechture doesn't make a difference. That's true.
 
novicew said:
I know that certain ppl call it a trojan because it doesn't selfpropergate . But my sources of information are macworld and BBC. If you carefully read the comment by Sopho, ("Anti-virus software maker Sophos takes issue with this description, claiming this is the “first ever virus for Mac OS X.") you will know what I mean.

I can't believe how excited Sophos are geting over this.......
 
MacSA said:
I can't believe how excited Sophos are geting over this.......

I can... they're rubbing their dirty little hands in anticipation of the increased cash revenue that they might manage to get their hands on.

Sophos aren't too bad actually - although I thought they only did AV for businesses rather than individuals? It's Intego and Symantec that usually spread the FUD
 
MacSA said:
I can't believe how excited Sophos are geting over this.......
Of course they're exited. They might sell lots of additional antivirus software licenses if they hype this enough. 🙄 😉

Edit: Applespider beat me to it. As for the AV for businesses only. I suppose businesses are equally susceptible to FUD as individuals.
 
gekko513 said:
Well actually it does make a difference if it's PowerPC or Intel if we're talking about viruses that overrun the buffer, corrupt the heap or exploit similar low-level vulnerabilities in buggy software.

The differences aren't huge, but they could make a difference. The PowerPCs separate data and instruction cache is an additional obstactle that the attacker has to get past in a buffer overrun situation.

Then it's sometimes important for the attacker to be able to write meaningful machine instruction without using forbidden string character. The forbidden characters will depend on the protocol. Since the machine instructions are different between PowerPC and Intel, this may be easier or more difficult. I'm not sure which.

The PowerPC has no one byte machine codes, and the machine codes need to be aligned. That can make it difficult to reliably execute malicious virus code.

I would also guess that the difference in function calls and other details between the two architectures can make it more difficult or easier to for example jump to the malicious code that the attacker wants to execute.


For trojans and worms that don't exploit any low-level vulnerabilities, the architechture doesn't make a difference. That's true.


Minus the fact that intel I believe has put in a hardware side way of protecting agaist that and preventing it from happening. I know for a fact the AMD chips that run on socket 754 and above have that procetion built in hardware side and that was over 2 years ago and I rememeber intel stating they where planning on putting that in there chips as well. I think in 2 years they would of finished that. The chips them selves do not allow that to happen so buffer over run is no longer a problem. So that stupid little fear can go way. The chip set up does not make a diffence to a virus, trojin or any thing else.

Also you all are spliting hairs over the trojin not being a virus. I have a feeling if a worm gets out on a mac you all will make the agrument that it a worm not a virus. Less then 2% of all new virus/worms/trojins that come out each year a true viruses. Vaste majority are Trojins, followed by worms and then in that very very distance 3rd is viruses. I think facts should just be facts that weakness in the OS are starting to be found. Trojins being the easies, Besides it so much easier to just work with user stupidity that get stuff working over the internet or other ways.
 
Timepass said:
Minus the fact that intel I believe has put in a hardware side way of protecting agaist that and preventing it from happening. I know for a fact the AMD chips that run on socket 754 and above have that procetion built in hardware side and that was over 2 years ago and I rememeber intel stating they where planning on putting that in there chips as well. I think in 2 years they would of finished that. The chips them selves do not allow that to happen so buffer over run is no longer a problem. So that stupid little fear can go way. The chip set up does not make a diffence to a virus, trojin or any thing else.
The NX bit adds an additional layer of protection, but there are several pieces in the system that has to work together to make it work. For one thing the OS needs to support it. If you read more about it you may be surprised. It doesn't mean an end to buffer overruns. It's just another hurdle in the way of the attacker.

Anandtech has something to say about it.
 
DaftUnion said:
What is a virus?
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user.

Once you've downloaded and opened the file, it will infect other applications (thus altering the way the computer operates, without the consent of the user).

However, that's an unusual definition of a virus - typically a virus is defined as a piece of malware which attempts to propagate/self-replicate, but requires user interaction (launch an infected application/open an email attachment etc.) to do so.

This is both a trojan and a virus. It was initially distributed as a Trojan, and then once upon victim's Macs, would then attempt to propagate as a virus; both to other applications on the user's Mac and to other Macs via iChat.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.