Evidence suggests first zombie Mac botnet is active

Security researchers have discovered that payloads delivered by trojans in pirated versions of iWork and Photoshop earlier this year are being used to create a Mac botnet.

If you let yourself get tempted into installing the pirated versions of iWork or Photoshop CS4 that circulated on Bit Torrent (http://arstechnica.com/apple/news/2009/01/pirated-version-of-iwork-09-contains-a-nasty-trojan.ars) earlier this year (http://arstechnica.com/apple/news/2009/01/mac-trojan-variant-now-riding-along-with-pirated-photoshop.ars), you may have unwittingly turned your Mac into a zombie. Security researchers for Symantec have turned up evidence (http://blogs.zdnet.com/security/?p=3157) that these zombie machines are being used to create a Mac-based botnet.

Botnets are used to perform DDoS attacks on systems, gather sensitive personal information, and send out a majority of the spam (http://arstechnica.com/security/news/2009/03/spam-slightly-lower-in-february-but-botnets-still-lurking.ars) that clogs up the 'Net. While commonly made out of infected Windows computers, this is the first known attempt to create one from Macs.

The two variants of the iServices trojan, OSX.Trojan.iServices.A and OSX.Trojan.iServices.B, have been implicated in at least one DDoS attack (http://notahat.com/posts/28/). According to researchers Mario Ballano Barcena and Alfredo Pesoli, the malware has peer-to-peer communication, remote start-up, and encryption capabilities.

"The code indicates that, wherever possible, the author tried to use the most flexible and extendible approach when creating it—and therefore we would not be surprised to see a new, modified variant in the near future," according to their report. They also noted that the person who activated the botnet is not the same as the original author of the malware code.

After the trojans were reported in January, most anti-virus software was updated to remove the payloads associated with the iServices trojans. Removing the directories /System/Library/StartupItems/DivX and/or /System/Library/StartupItems/iWorkServices should help, but that doesn't rule out other remnants getting left behind—if you suspect you were infected with either of these trojans, you may want to look into AV software. We'll also again repeat our favored refrain of "Steer clear of pirated software and sketchy files from website or torrents," which should help you avoid infection in the first place.

While Mac OS X doesn't suffer from the sheer amount of malware that Windows does, the creation of this botnet should serve as a warning that security through obscurity isn't a sound security policy—and Macs are far from being obscure any more.


Further Reading

Researchers Mario Ballano Barcena and Alfredo Pesoli take a detailed look at what appears to be the first real attempt to create a Mac botnet in their report, "The new iBotnet," (http://www.virusbtn.com/virusbulletin/archive/2009/04/vb200904-ibotnet) available from Virus Bulletin (subscription required).

Source: Ars Technica (http://arstechnica.com/apple/news/2009/04/evidence-suggests-first-zombie-mac-botnet-is-active.ars)

For Apple's sake I hope it's DDOSing www.windows7.com !

HaHa!

well that should put the excuses, 'macs don't get infected' or 'you don't need a/v' to rest...curiosity will kill the cat.

Yawn. If people install software from unauthorised sources they only have themselves to blame.

Brains............

I think someone here needs to lookup the difference between a trojan and a virus.

Yawn. If people install software from unauthorised sources they only have themselves to blame.
doesn't change the fact of a security threat, we dont ask these details about windows users, do we? we blame windows no matter if the users initiated the process.

Its a threat, plain and simple. blame user wont solve it.
I think someone here needs to lookup the difference between a trojan and a virus.

nobody in this thread mentioned virus, but most anti virus softwares handle trojans, worms, malwars as well.

If anybody should, that would be apple, who claimed windows has 144000 viruses, which is 80+% malware, worms, trojans.

Anyone with any amount of common sense should know that installing an application downloaded from a P2P site and providing the admin password in the process is a very high risk activity. The fact that people are pirating iWork which costs only £80 or so to buy legitimately is particularly sad.

As for CS4, if you can't justify buying it (ie. if you're not a pro.) then there is a good chance you don't actually need it and might be better of with something like Aperture which is priced much more for the consumer market and yet delivers many pro features.

If you must download stuff via P2P (I do sometimes to be fair) then for heaven's sake get a virus/trojan/malware scanner and scan your downloads before installing. Also, make sure you have a good backup strategy in place so that you can recover from getting hacked more easily.

Personally, if I decide to buy iWork 09 (been thinking about it) then it would be a no-brainer to just get it from Apple. Different story perhaps if I needed Microsoft Office due to the fact it costs an arm and a leg. Fortunately OpenOffice is able to fill that need more than adequately and costs nothing.

Stay safe folks, it's a scary world out there... ;)
Craig.

doesn't change the fact of a security threat, we dont ask these details about windows users, do we? we blame windows no matter if the users initiated the process.

Thank you.

For a while, I thought I was the only person thinking about this.

Windows users are really going to get a good laugh when someone finds another way to deliver trojans to Mac users, and there are thousands of infections.

doesn't change the fact of a security threat, we dont ask these details about windows users, do we? we blame windows no matter if the users initiated the process.
Not in all cases. Many of us know full well that in most cases it is the system user that presents the biggest security hole.

I had an old copy of PC Tools and still get occasional emails from them.

Today, I got this:

"Mac Threat Alert
Know anyone that's a Mac User?

Then let them know that malware researchers have discovered what appears to be the first Mac OSX botnet, aka MacBot or iBotnet and its receiving a substantial amount of industry and media interest. "


Another marketing ploy or is this something I should watch out for?

I have all of the Apple software updates. I don't use torrents or download illegal music or porn.

This whole OS X and malware thing does get me thinking from time-to-time. Currently it is very much a non-issue, but if it started actually gearing up I fear what Apple would do:

(future timeline...)

Only odd pieces of malware appear, nobody cares.

More malware starts appearing, most Mac users don't care.

Apple Store Genius' start having to remove malware regularly, some Mac users are getting a little worried, Apple does nothing.

Malware is now fairly widespread for OS X, AV firms start shouting at Mac users to use their software, most Mac users are worried. Apple does nothing.

Eventually Apple caves (after a big one) and starts recommending the sort of security software PC users have always used. Apple start releasing security updates with speed for OS X. PC users have the smuggest looks on their faces.

THERE ARE NO VIRUSES on OSX.

Since there are no viruses, anti-virus cannot determine what is a virus at this time.

Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
http://i.gizmodo.com/5101337/giz-explains-why-os-x-shrugs-off-viruses-better-than-windows

The Mac Malware Myth
http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

The Unavoidable Malware Myth
http://www.roughlydrafted.com/2008/04/01/the-unavoidable-malware-myth-why-apple-wont-inherit-microsofts-malware-crown/

please. stop using this as excuse. security threat. does't have to be virus. every anti virus softwares out there handle trojan and worms.

why are we still staying at the stage of caring more about terminolgy than care about users' security?

apple itself thinks trojans and malwares are "viruses" after all.
THERE ARE NO VIRUSES on OSX.

Since there are no viruses, anti-virus cannot determine what is a virus at this time.

Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
http://i.gizmodo.com/5101337/giz-explains-why-os-x-shrugs-off-viruses-better-than-windows

The Mac Malware Myth
http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

The Unavoidable Malware Myth
http://www.roughlydrafted.com/2008/04/01/the-unavoidable-malware-myth-why-apple-wont-inherit-microsofts-malware-crown/

well that should put the excuses, 'macs don't get infected' or 'you don't need a/v' to rest...curiosity will kill the cat.

Wow, bad things happened after people installed BitTorrented, pirated software. Shocking!

Symantec is dying to get people to believe there's a security threat on Macs. It wouldn't surprise me at all if "security researchers for Symantec" created this Trojan, only to "discover" it later.

why are we still staying at the stage of caring more about terminolgy than care about users' security?
Because these security threats can be easily avoided by not downloading pirated software. Yes, it's still a threat because people will continue to do that, but no one else has to worry just yet. If trojans start making their way into more legitimate file downloads, then there will be something to talk about (and I've personally never encountered anything like that even in Windows).

Thank you.

For a while, I thought I was the only person thinking about this.

Windows users are really going to get a good laugh when someone finds another way to deliver trojans to Mac users, and there are thousands of infections.

+1

ALL computer users need to be careful if they want to avoid this kind of behavior. Installing certain pirated software can get you owned, as can being directed to a bad site using safari. This puts us in the same boat as a patched windows box.

A complacent/careless user can get their computer owned, both mac and windows.

This is the second confirmed botnet. The first was started in 1984 and run by Apple.

I run both Windows XP and OS X.

I have encountered a nasty once in the 5 years I have had internet access (on my own computers that is, can't speak for others I have tried to save).

It was from a torrent; fortunately I had a virus scanner running (in Windows). I guess this is a good lesson for Mac users that we are not invincible.

I think that the user is the biggest security threat. If someone runs trojan.exe or virus.exe and puts in the admin password, no amount of OS security will save them.

THERE ARE NO VIRUSES on OSX.

Since there are no viruses, anti-virus cannot determine what is a virus at this time.

Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
http://i.gizmodo.com/5101337/giz-explains-why-os-x-shrugs-off-viruses-better-than-windows

The Mac Malware Myth
http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

The Unavoidable Malware Myth
http://www.roughlydrafted.com/2008/04/01/the-unavoidable-malware-myth-why-apple-wont-inherit-microsofts-malware-crown/

Botnets are created by trojans. There are OS X trojans.

Because these security threats can be easily avoided by not downloading pirated software. Yes, it's still a threat because people will continue to do that, but no one else has to worry just yet. If trojans start making their way into more legitimate file downloads, then there will be something to talk about (and I've personally never encountered anything like that even in Windows).

the botnet is already launching DDoS attacks now. http://i.gizmodo.com/5217202/symantec-finds-first-mac-botnet-already-launching-ddos-attacks

easily avoid? today is pirated iwork, tomorrow might be pirate movies, are we expecting mac users not using bt?

lets get real, and understand blaming users is not the solution.

easily avoid? today is pirated iwork, tomorrow might be pirate movies, are we expecting mac users not using bt?

lets get real, and understand blaming users is not the solution.

Use pirated software, you deserve what you get.

Use pirated software, you deserve what you get.

how convenient. Why dont you go suggest apple to do a piracy test of each user before sell them computers then.

oh, its stupid users, my system is fine! Im sure Microsoft can say exactly same with windows.

Blaming users. lol, yeah right. Did you ever seen microsoft blaming users for trojans or worms? Now thats how a company takes care of its users.

Yawn. If people install software from unauthorised sources they only have themselves to blame.

True, you can never save the user from themselves, but I think there is more to be learned here.

It's dirt simple to get a Mac user to turn over credentials, just throw a .pkg at them. Legal software or not it could be harboring a bot. You have just given it root level access. Unsigned .app or .pkg files included in .zip or .dmg could even be altered in transit, if necessary, to include a bot.

Think about the level of freeware you download and install via pkg. On a complex package a bot would be dirt simple to slip into a framework.

Apple should be taking reasoned approaches to reducing this risk including building better installers and pushing devs to steer clear of root level access completely and pkg files when unnecessary. I think it's one of the reasons Apple has started a real code signing push, as it reduced the vectors for malware to spread effectively.

Did you ever seen microsoft blaming users for trojans or worms?
I have.

Danseglio said the success of social engineering attacks is a sign that the weakest link in malware defense is "human stupidity."

http://www.eweek.com/c/a/Security/Microsoft-Says-Recovery-from-Malware-Becoming-Impossible/1/

Use pirated software, you deserve what you get.

One day, a trojan will be planted in non-pirated software, thousands of macs will be infected, and Windows users will be laughing their heads off.

You can't stop user stupidity, but Mac users are, in general, not cautious. Every mac user I know blindly enters their password into dialog boxes without question or hesitation.

I have.


so microsoft said something like "u use pirated software, u deserve the problem"? kindly show me a link please.

so microsoft said something like "u use pirated software, u deserve the problem"? kindly show me a link please.

Google: Microsoft "blames users"

http://news.zdnet.co.uk/software/0,1000000121,39418108,00.htm

"The number of virus infections found by a virus vendor does not necessarily equal poor security," wrote Kleef in a blog post. "In many cases it equals poor user behaviour. If I, despite all prompting and consent behaviour, choose to go to a (probably dodgy) website, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code then I'm hosed."

Kleef claimed the number of infections was not purely the operating system's fault, but said that "in some cases it's the user and their lack of knowledge and their implicit 'it-won't-happen-to-me' complacency" that causes them to get infected.

OSX is just as vulnerable as long as untrained users type their password for every .pkg file they install or app that claims they need more permissions.

Google: Microsoft "blames users"

http://news.zdnet.co.uk/software/0,1000000121,39418108,00.htm

OSX is just as vulnerable as long as untrained users type their password for every .pkg file they install or app that claims they need more permissions.

Great find!:)

Now if only apple can just do as microsoft did as well, patch it! Or suggesting an AV app for mac users.

One day, a trojan will be planted in non-pirated software, thousands of macs will be infected, and Windows users will be laughing their heads off.

Why? Not the laughing, the trojan in non-pirated software. It STILL boils down to end-user stupidity because, guess what, they didn't look to see where it came from before installing it. The end-user must consciously click past OS X's warning when opening a downloaded file. If you ignore it, it's your problem.

Why? Not the laughing, the trojan in non-pirated software. It STILL boils down to end-user stupidity because, guess what, they didn't look to see where it came from before installing it. The end-user must consciously click past OS X's warning when opening a downloaded file. If you ignore it, it's your problem.

what i haven been saying is. (at least from this point on)

after blame users for "stupidity", what solution do you offer? when the botnet start to do DDoS attack, those who are not infected are also affected.

Simply blaming users won't won any heart from users. If thats the only thing apple can comes up with, then they should tell each every buyer who walks into the store "I won't help you if you download from bt and got infected with problem".

and see if the buyers want to proceed with transaction, otherwise, they are guilty of witholding crucial information.

Steps that don't involve "blaming the user"

1) Better developer guidelines to prevent unnecessary use of credentials
2) Hardening of the /System and /Library directory to prevent malware hooks at the system level
3) Promotion of code signing
4) Firewalling of unsigned apps

You can already see some of this. The keychain will allow newer version of *signed* applications to access passwords without a dialog box, but unsigned applications will get a dialog box after each upgrade to make sure you want to give them access to keychain. Newer restrictions on Input Managers are also designed to prevent code level access to every application running in the system ( still needs a lot of work ).

Security need not be a burden on the end-users with good guidelines and requirements.

Like in MS world, there is no way to prevent this from happening on a Mac.

Frankly, I do not understand how people can think that OS X is structurally safer than Vista. In my case, the XP machine I use at work has been running without a single security "infection" for years.

- thistle

Steps that don't involve "blaming the user"

1) Better developer guidelines to prevent unnecessary use of credentials
2) Hardening of the /System and /Library directory to prevent malware hooks at the system level
3) Promotion of code signing
4) Firewalling of unsigned apps

You can already see some of this. The keychain will allow newer version of *signed* applications to access passwords without a dialog box, but unsigned applications will get a dialog box after each upgrade to make sure you want to give them access to keychain. Newer restrictions on Input Managers are also designed to prevent code level access to every application running in the system ( still needs a lot of work ).

Security need not be a burden on the end-users with good guidelines and requirements.

well I agree with all of that, I dont think we should ignore the pink elephant in the room.

It happened, what should apple do after that?

I say

patch it, OR, suggest a 3rd party solution, preferably, free.

final, i hope you are not suggesting that an OS can be so good that it can prevent any security threat all the time. because thats impossible.

It happened, what should apple do after that?

users affected should reinstall from scratch, it's not Apple's problem.

final, i hope you are not suggesting that an OS can be so good that it can prevent any security threat all the time. because thats impossible.

haha, no, I work with computers and users.

I'm suggesting that security need not be complicated or onerous for end users, in fact, a truly robust system is probably going to be easier for the end-user. Apple is already taking steps in the right direction and it will be interesting to see how it goes in the future.

users affected should reinstall from scratch, it's not Apple's problem.


lol..

we need to get practical here. shall we?

Microsoft patches the OS all the time, AV softwares are numerous for windows, and users are still very unhappy. Now can you imagine for every security problem, every user is offered a solution of "re-install from scratch"?

If apple store were to tell every buyer btw. if you got infected with malware or viruses by downloading stuff from bt, you will need to re-install from scratch, and we won't help ya

what do you think will happen?

Apple is already taking steps in the right direction and it will be interesting to see how it goes in the future.

what right steps are we talking about? I really don't know, enlighten me please.

well I agree with all of that, I dont think we should ignore the pink elephant in the room.

It happened, what should apple do after that?

I say

patch it, OR, suggest a 3rd party solution, preferably, free.

final, i hope you are not suggesting that an OS can be so good that it can prevent any security threat all the time. because thats impossible.

Apple regularly patches security holes in OS X in minor updates to the latest OS and in special security updates for the previous OS version.

I run both OS X and Windows XP. I always install all the latest patches, on XP I run AV software because viruses are a problem with Windows but not with OS X, and I only install software from known reputable sources. I keep backups of all my important data, and I don't lose a minute of sleep worrying about either of my OS's being infected.

How does one get malware?

How does one get a virus?

Unsigned apps. So when I update a driver that is unsigned the OS should block it?

MS sends out a patch to block conflickr. There are users that still don't patch their systems? Virus and malware programs are readily available for FREE.

MS provides Windows Update and the ability to automatically install updates behind the scene so it doesn't bother the user.

ISPs are scanning emails for viruses as well.

I am at a loss not understanding how much more MS and other companies can do to protect users.

Anything created by humans can be altered or destroyed by humans.

Apple users have enjoyed very few issues that windows users have experieinced but the future may hold something different.

Users HAVE TO assume a level of ownership and responisiblity when using a public frontier such as the internet.

lol..

we need to get practical here. shall we?

Microsoft patches the OS all the time, AV softwares are numerous for windows, and users are still very unhappy. Now can you imagine for every security problem, every user is offered a solution of "re-install from scratch"?


Even with windows, reinstalling is the only* way to ensure a clean system.

This is not a bug in the OS so therefore what would they patch? The OSX is doing exactly what the user requested. Currently the best way to avoid this bot is to not (re)install the offending software. It's not like this bug allows the bot to be installed via "drive by download" or bug in file sharing, the user is asked to give it root permission.

To blame the users may be futile, but so is expecting the OS to "fix" bad behavior.

* Not quite anymore, some malware is learning how to inject itself into the bios or other component that is not cleared even after formatting.

Apple regularly patches security holes in OS X in minor updates to the latest OS and in special security updates for the previous OS version.

Mac users used to talk about how they used Macs for much longer than Windows machines typically lasted.

What do they say about Apple only providing security updates for two years(Given the typical rate of OS releases)?

All I can say is that Apple has a major day of reckoning coming, and the apologetic attitude of their fan base doesn't help.

My recommendation is five years of security updates for any product from the last date of sale. That means Tiger gets security updates until October 2012.

Some people run suspicious code to get porn/software for free.
Some people create viruses/trojan/whatever to spite others for nothing.
While those stupids are playing well together, I receive another spam email.
Something has to be wrong, but I'm not sure if it's OS's that are wrong.

Some people run suspicious code to get porn/software for free.
Some people create viruses/trojan/whatever to spite others for nothing.
While those stupids are playing well together, I receive another spam email.
Something has to be wrong, but I'm not sure if it's OS's that are wrong.

1. when accusing windows being unsafe, most mac fanboys seems have absolutely no problem with saying OS is at fault.

2. whose fault is a secondary issue in face of a problem, whoever is at fault, somebody needs to take care of users and do something about it. In the land of Mac, who do you think have any influence to take care of the problem?

Even with windows, reinstalling is the only* way to ensure a clean system.

This is not a bug in the OS so therefore what would they patch? The OSX is doing exactly what the user requested. Currently the best way to avoid this bot is to not (re)install the offending software. It's not like this bug allows the bot to be installed via "drive by download" or bug in file sharing, the user is asked to give it root permission.

To blame the users may be futile, but so is expecting the OS to "fix" bad behavior.

* Not quite anymore, some malware is learning how to inject itself into the bios or other component that is not cleared even after formatting.

thats absurd, millions of people running AV software out there on pc, whats the "only way" to ensure a clean system?

according to your logic, windows is just as safe as OSX.

Im not expecting OS to fix the bad behavior, Im asking OSX to fix the holes, and take care of mess of user's bad behavior. After all, if microsoft is trying to take care users' bad behavior (malware removal tool for an example), why shouldn't apple be doing the same thing.

What do they say about Apple only providing security updates for two years(Given the typical rate of OS releases)?

Apple provides security patches for the OS far longer than 2 years. Tiger was released in April of 2005 it's last minor revision was November 2007 ( 2.5 years ). The latest security update for Tiger was October 2008 ( 3.5 years ).

Apple will continue to release special security updates for 10.4.11 as needed to correct any serious security bugs. Is it really that unreasonable to upgrade to leopard or get newer hardware. Leopard is supported on hardware that is over 6 years old ( I'm running it on a MDD G4 ) and counting.

1. when accusing windows being unsafe, most mac fanboys seems have absolutely no problem with saying OS is at fault.

2. whose fault is a secondary issue in face of a problem, whoever is at fault, somebody needs to take care of users and do something about it. In the land of Mac, who do you think have any influence to take care of the problem?

1) Because windows is full of holes, defaults are far to permissive, and their precious backwards compatibility keeps volumes of poorly tested code close in the system. It's just bad engineering. When holes in OSX begin to become responsible for malware I'll be happy to blame Apple as well.

2) At the end of the day it's the users responsibility. Apple will try and help, but they can not prevent the execution of malicious code, all they can do is attempt to make bug free software and fix known holes.

thats absurd, millions of people running AV software out there on pc, whats the "only way" to ensure a clean system?

Two different issues... keeping the system from getting infected and cleaning an infected system are two aspects. A/V software can prevent infections, but can in no way provide assurances that the system is clean after an infection takes hold.

Apple provides security patches for the OS far longer than 2 years. Tiger was released in April of 2005 it's last minor revision was November 2007 ( 2.5 years ). The latest security update for Tiger was October 2008 ( 3.5 years ).

Actually the latest one was 2009-001 which came out this February. And 2009-002 should be released very soon, concurrently with 10.5.7.

Apple will continue to release special security updates for 10.4.11 as needed to correct any serious security bugs.

But probably only until the release of Snow Leopard later this year. Historically Apple has only supported one previous OS release with security updates. Like it or not, that has been Apple's policy. Whether that might change because a substantial number of people are likely to remain on Tiger is something we'll just have to see.

Is it really that unreasonable to upgrade to leopard or get newer hardware. Leopard is supported on hardware that is over 6 years old ( I'm running it on a MDD G4 ) and counting.

Well, that's another debate. I'm also running Leopard on a PM G4, a Sawtooth. But Leopard is probably the end, since PPC support appears about to be dropped in SL. I wish Apple had something in my PM's original price range to replace it but there's that "gaping hole" between the Mac mini and the Mac Pro. As I said though, another debate.

The last production PPC system was, I think, the G4 mini sold through February 2006... oops, Mid 2006 with the iMac G5*. So that's 3 years and it's OS, Tiger, is still supported. If they had Leopard they would, more than likely be supported another year as well ( 4 ) at least and considering Leopard will be the last of the PPC systems I would not be surprised if it's support lasts a little longer than most.

http://en.wikipedia.org/wiki/Timeline_of_Macintosh_models

In retrospect, if you had bought Mid 2006 would you have expected for OS support for a full 4-5 years at that point? It's not like we didn't know that the winds were changing at that point and some pundits did not expect to see 2 full OS releases ( Tiger and Leopard ) with full PPC support. It's also not like the systems drop dead when support stops, but Apple will stop making patches for vulnerabilities ( which probably are too obscure for exploit anyways ).

If you must download stuff via P2P (I do sometimes to be fair) then for heaven's sake get a virus/trojan/malware scanner and scan your downloads before installing.

I'd like someone to test this. I believe iWork came as a disk image am I correct? Scan the disk image with the iWork trojan and let's see if it picks it up.

In retrospect, if you had bought Mid 2006 would you have expected for OS support for a full 4-5 years at that point? It's not like we didn't know that the winds were changing at that point and some pundits did not expect to see 2 full OS releases ( Tiger and Leopard ) with full PPC support. It's also not like the systems drop dead when support stops, but Apple will stop making patches for vulnerabilities ( which probably are too obscure for exploit anyways ).

Is that directed at me? Did I say I expected OS support for a full 4-5 years? Or that I expected Apple to continue PPC support? No I did not.

But like I said, that is another debate.

Is that directed at me? Did I say I expected OS support for a full 4-5 years? Or that I expected Apple to continue PPC support? No I did not.

But like I said, that is another debate.

Not directed at you, just a statement. I personally think Apple has gone a long way to supporting the PPC hardware despite the move to Intel. I expect them to continue support for leopard at a minimum until 10.7 and possibly longer for those G5 PowerMac holdouts.

Not directed at you, just a statement. I personally think Apple has gone a long way to supporting the PPC hardware despite the move to Intel.

I agree. (Although I do think there was no reason to kill Classic in Leopard for PPC.)

I expect them to continue support for leopard at a minimum until 10.7 and possibly longer for those G5 PowerMac holdouts.

Historically we should expect to only get security updates for Leopard once 10.6 comes out. Tiger did get one minor update (10.4.11) three weeks after Leopard was released, but that is the only time Apple ever did that.

It was only a mater of time before this happened. The cold hard reality is that viruses are here to stay and there are plenty of people (governments) looking to compromise mac os. China is one such entity.

lol, I dont know why chinese government would want to compromise mac specifically, But I agree with your point.

We can blame users all we want, in the end, after you blame them, it has to get back to the problem and solve it.

Windows has an established system and procedures to handle the problem, with plenty 3rd party solutions out there.

Macs do not have that system, once the problem surface, most people have to rely on apple to help them, and a responsible company should do just that, take care of stupid users.

The attitude suggested here in many posts here are irresponsible, and harmful to the very image apple is portraying about itself. After all, when apple claimed in the ads "windows has 144000 viruses", it didn't care the difference between viruses and malwares, and it didn't care about if the stupid users are to be blamed.

the botnet is already launching DDoS attacks now. http://i.gizmodo.com/5217202/symantec-finds-first-mac-botnet-already-launching-ddos-attacks

easily avoid? today is pirated iwork, tomorrow might be pirate movies, are we expecting mac users not using bt?

lets get real, and understand blaming users is not the solution.

This is really idiotic. Blaming the user is exactly the "solution" in this case. We are talking about people who wanted to get illegal copies of iWork and Photoshop. Instead of going the safe route and finding someone who has the software and lets them have a copy, they had to go to a torrent with no reputation. They downloaded the software, and they must have been asked at least twice for their admin password and typed it in. But by now even the greatest imbecile around should know that copies of iWork and Photoshop coming from a torrent are trojans, and that trojan is really easy to remove. Anyone still having that software on their computer has only got themselves to blame.

This is not a security risk like in "under certain rare circumstances the airbag on your car could explode", it is a security risk as in "if you wrap your seatbelt round your neck and drive your car at 50 mph into a tree, you will die".

By the way, I'd like to see some real evidence for this. As far as I have seen so far, there is evidence that there is code that is supposed to be able to form a botnet, but those reports have since then been duplicated, transmogrified and turned into something that is likely not true. So I would ask for evidence that there actually _is_ a botnet, how many computers are part of it, and how this botnet has been used. How many machines to they need to call it a "botnet"? Two?

the botnet is already launching DDoS attacks now.

The article you quote doesn't actually say that.

Why? Not the laughing, the trojan in non-pirated software. It STILL boils down to end-user stupidity because, guess what, they didn't look to see where it came from before installing it. The end-user must consciously click past OS X's warning when opening a downloaded file. If you ignore it, it's your problem.

That's true, my only point was that I think it's going be to pretty ironic once a trojan actually appears in non-pirated software. What high horse are people going to be able to get on next? "Oh, you deserved that trojan, because you downloaded something from the internet."

I just think it's silly that every time there is a story about a Mac threat, people just start condemning piracy - in the Windows world, trojan come from more than pirate software.

I just think it's silly that every time there is a story about a Mac threat, people just start condemning piracy - in the Windows world, trojan come from more than pirate software.

True, they mostly come from buffer overflows in Internet Explorer. And from mistakingly embedding that app everywhere because clearly turning email into active content was just what users always wanted and needed.

It is kinda silly that every time there is a story about a Mac threat, there are some numbnuts who need to come state the obvious and crow over the fact that Macs are theoretically just as vulnerable. Of course they are. Which in no way changes the reality that there are only a handful of Mac threats, while there's a major new worm/virus/trojan scare about twice every year for as long as Windows has been around.

Windows is more vulnerable because it's more than just "bad users" that allow malware to propagate. It's bug after bug in IE, windows, network protocols, and/or other software that allows untrusted web code a backdoor all the way up to the kernel itself without intervention.

When OSX malware gets to the level of "drive by" infestations over safari then you can claim that OSX is no better off than Windows.

so microsoft said something like "u use pirated software, u deserve the problem"?
No, they blamed the user for malware which is something you said you had never seen Microsoft do, so I provided you a link to proof where they had. But rather than admit to anything, you just veer the argument off in a different direction.

No, they blamed the user for malware which is something you said you had never seen Microsoft do, so I provided you a link to proof where they had. But rather than admit to anything, you just veer the argument off in a different direction.

okay, now I officially admit M$ blamed users for getting infected with virus and malwares

now, what do you say if apple should come clean and patch the problem or offer a solution to end users, or stop pretending OSX to be completely safe?

http://www.theinquirer.net/inquirer/news/833/1051833/iwork-trojan-macs-zombies:

However since Apple tells users that no one has ever come up with a virus for their super secure software, many Apple users downloaded it.

Since most Apple users don't have virus protection at all, because they think their operating system is somehow safe, the virus spread like wildfire.

Apple wants publicity? Thats what it got by ignoring the problem, and I bet it gonna get worse. Deservedly so, mac users need to wake up to the situation and demand solution from apple, head in the sand is stupid and dangerous.

Some apple fanboys would defend apple's cash flow more than users safety, but sorry, I use a mac too, I dont want their stupid attitudes to get myself in the dangerous situation. Internet is connecting everyone, stupidity towards the dangerous situation gonna hurt everybody.

okay, now I officially admit M$ blamed users for getting infected with virus and malwares

now, what do you say if apple should come clean and patch the problem or offer a solution to end users, or stop pretending OSX to be completely safe?


Apple wants publicity? Thats what it got by ignoring the problem, and I bet it gonna get worse. Deservedly so, mac users need to wake up to the situation and demand solution from apple, head in the sand is stupid and dangerous.

Some apple fanboys would defend apple's cash flow more than users safety, but sorry, I use a mac too, I dont want their stupid attitudes to get myself in the dangerous situation. Internet is connecting everyone, stupidity towards the dangerous situation gonna hurt everybody.

Why does Apple have to solve human greed/stupidity? That's why God invented MacScan or what ever other solution you choose. Or you can choose to not be greedy or dishonest in which case Apple has already solved your problems.

Why does Apple have to solve human greed/stupidity? That's why God invented MacScan or what ever other solution you choose. Or you can choose to not be greedy or dishonest in which case Apple has already solved your problems.

Im not asking anybody to be justice or perfection, Im asking people to be practical.

whats the reality? when standing in front of dangerous reality, preaching the justice and finger pointing other people to blame, does that help anything? Does finger pointing reduces the possibility of yourself being affected? NO, it does NOT.

Whatever solution I choose? what are the solutions out there?

Human greedy cause problems on windows too, why do you think Microsoft patches their OS and offer malware removal tool for free?

Im not asking anybody to be justice or perfection, Im asking people to be practical.

whats the reality? when standing in front of dangerous reality, preaching the justice and finger pointing other people to blame, does that help anything? Does finger pointing reduces the possibility of yourself being affected? NO, it does NOT.

Whatever solution I choose? what are the solutions out there?

Human greedy cause problems on windows too, why do you think Microsoft patches their OS and offer malware removal tool for free?

If you're asking the question in a non-rhetorical way... I use MacScan. Just in case because some times I enter my PW too quickly. It has never found anything except tracking cookies. Makes me happy.

In extreme circumstances, the Zombie Trojan can be stopped by removing the head or destroying the brain. I will repeat that: by removing the head or destroying the brain.

how convenient. Why dont you go suggest apple to do a piracy test of each user before sell them computers then.

oh, its stupid users, my system is fine! Im sure Microsoft can say exactly same with windows.

Blaming users. lol, yeah right. Did you ever seen microsoft blaming users for trojans or worms? Now thats how a company takes care of its users.

There is one big difference with this trojan in that it can't self-install. Many (not all) trojans on Windows are installed without the user knowing by exploiting security holes in the operating system. There have been instances of legitimate sites being hijacked to deliver malware that is automatically installed on windows machines so users can get malware on their PC without ever going to a torrent / porn site.


Until that happens on OS X, it remains far more secure than Windows (note I didn't say immune!)

I think someone here needs to lookup the difference between a trojan and a virus.

CNN even used the term virus yesterday, but many non technical sources simplify the term trojan as a virus. Being a techie, I had to simplify concepts for customers and say, "I will fix your hard drive", instead of "I am going to fix boot sectors". I would tell somebody who has a very old computer why just a RAM upgrade won't always fix everything by saying, "You are due for a new machine" vs. "It has become painfully aware that your new software is being hindered by a slow bus system which cannot be repaired by RAM." :D

Like in MS world, there is no way to prevent this from happening on a Mac.

Frankly, I do not understand how people can think that OS X is structurally safer than Vista. In my case, the XP machine I use at work has been running without a single security "infection" for years.

- thistle

When XP was more of a target, I used Windows 98 without problems. Right now, Vista is the big target and focus.

I think OS X is more concise and Windows has issues just because of too much junk in there. I am not suggesting Apple programmers are smarter or better trained, but mainly that OS X is built on less junk and it's the system the programmers have to work with.

Apple's OS X is akin to a small business that gives you more personalized service since there are fewer to serve, where as MS is like Wal-Mart and not much can be done once something gets that big. :)

CNN even used the term virus yesterday

even apple itself is using the term "virus" in referring to malware.

Apple said 144000 viruses in windows, which includes predominantly malware

In recent ads, apple claim pc is bugged by "major virus" out there, which probably refers to the conficker, which is a worm.

If apple is using the term, others should be able to.

There is one big difference with this trojan in that it can't self-install. Many (not all) trojans on Windows are installed without the user knowing by exploiting security holes in the operating system. There have been instances of legitimate sites being hijacked to deliver malware that is automatically installed on windows machines so users can get malware on their PC without ever going to a torrent / porn site.

there are also instant on mac that safari will auto-download and open dmg files, how exactly do you know it can't be combined with something else? with less people try to exploit the OSX for now, it might not happen, but what do we know about future?

Currently safe doesn't mean we can ignore the trend. Not to mention right now its fact in the face, and people still trying to ignore it?

don't you see this is for your, and my own good? Why defending apple is more important than protect our own security?
If you're asking the question in a non-rhetorical way... I use MacScan. Just in case because some times I enter my PW too quickly. It has never found anything except tracking cookies. Makes me happy.
Is there a free way to make me happy too? I didn't spend a penny on my netbookk for AV, I hope to find a free solution for OSX as well.

Like in MS world, there is no way to prevent this from happening on a Mac.

Frankly, I do not understand how people can think that OS X is structurally safer than Vista. In my case, the XP machine I use at work has been running without a single security "infection" for years.

- thistle

I can't either. I can understand how OSX IS structurally safer than all other legacy Windows distros however. Much like you, I have been a Windows user for 19 years this year since the days of 3.1 and to my knowledge have NEVER been infected with a virus, malware, trojan, worm, etc. I always keep my computer updated, never install pirated or software from shady vendors, don't open strange email attachments, etc. The reason so many Windows computers get infected is because people are idiots and don't have common sense. I would like to note that I now only use Windows because I have to at work and even though Vista is fairly sound post SP1 it is still a bloated turd IMHO.

well that should put the excuses, 'macs don't get infected' or 'you don't need a/v' to rest...curiosity will kill the cat.

I don't download dubious software from questionable sites. I don't open attachments from sources I don't know. And most of all, I don't input my admin password unless I know what the hell I am doing.

So why do I need a/v?

I don't download dubious software from questionable sites. I don't open attachments from sources I don't know. And most of all, I don't input my admin password unless I know what the hell I am doing.

So why do I need a/v?

do you goto dubious internet websites? do you adventure through shortened URLs at twitter or digg or any other websites? safari's new preview function probably will exchange data with web servers behind the door as well.

yeah, if you are 100% sure you know your exact internet activity. you are save whichever OS you are using.

But the question is, are you sure?

there are also instant on mac that safari will auto-download and open dmg files, how exactly do you know it can't be combined with something else? with less people try to exploit the OSX for now, it might not happen, but what do we know about future?


OS X is inherently safer then Windows because it enforces secondary authentication (not just authorisation) for actions that write to system folders for auto startup, etc. However, if a system process that is open to the internet and runs with the SUID bit set is discovered with an exploitable hole in it, that's a different story.

In that case, it's all bets off because you would then have your remote attack vector with full access to the system to do what you want as any malware would then be running with root access. That's not happened yet but that's not to say it never will.
In some ways, OS X presents a very attractive platform for malware writers because a lot of the users are pretty blaze about security, which is due in no small part to the posturing by Apple which does imply OS X is impervious, which it clearly isn't. However, the fact does remain that it is architecturally far more secure against malware than Windows (definitely true for versions up to XP and probably Vista too)


Currently safe doesn't mean we can ignore the trend. Not to mention right now its fact in the face, and people still trying to ignore it?

The state of malware is very much in its infancy on OSX. That doesn't mean it should be ignored, nor does it mean people have to overreact


don't you see this is for your, and my own good? Why defending apple is more important than protect our own security?

No need to be condescending - I wasn't protecting Apple, just pointing out the facts.



Is there a free way to make me happy too? I didn't spend a penny on my netbookk for AV, I hope to find a free solution for OSX as well.

Try ClamX AV (http://www.clamxav.com/) although at the moment I think it only detects Windows viruses to prevent you from passing them on

On CNN today:

(CNN) -- Mac computers are known for their near-immunity to malicious computer programs that plague PCs.

Some security experts say viruses are moving toward Mac as those computers become more popular.

But that may be changing somewhat, according to computer security researchers. It seems that as sleek Mac computers become more popular, they're also more sought-after targets for the authors of harmful programs.

"The bad guys generally go toward the biggest target, what will get them the biggest bang for their buck," said Kevin Haley, a director of security response at Symantec.

Until recently, the big target always was Microsoft Windows, and Apple computers were protected by "relative obscurity," he said.

But blogs are buzzing this week about what two Symantec researchers have called the first harmful computer program to strike specifically at Mac.

This Trojan horse program, dubbed the "iBotnet," has infected only a few thousand Mac machines, but it represents a step in the evolution of malicious computer software, Haley said.

The iBotnet is a sign that harmful programs are moving toward Mac, said Paul Henry, a forensics and security analyst at Lumension Security in Arizona.

"We all knew it was going to happen," he said. "It was just a matter of time, and, personally, I think we're going to see a lot more of it."

The malicious software was first reported in January. It didn't gain widespread attention until recently, when Mario Ballano Barcena and Alfredo Pesoli of Symantec, maker of the popular Norton antivirus products, detailed the software in a publication called "Virus Bulletin."

Mac users at large, however, should not be alarmed by the incident, experts said. The program infects only computers whose users downloaded pirated versions of the Mac software iWork.

The harmful software is a Trojan horse, meaning it tries to sneak into the computer with some sort of permission from the user. Computer worms travel differently. They wiggle their way into computers and replicate without the owner's approval or knowledge.

The Mac program is called a botnet because infected computers become part of a network that is controlled by the program's author.

The Mac botnet is significantly less threatening than computer worms like the much-publicized Conficker.c, said Jose Nazario, a senior security researcher with Arbor Networks. Conficker was thought to have infected up to 10 million computers, compared with thousands for the iBotnet, researchers said.

There's also some question as to whether it is the first botnet to target Mac. Others have targeted both PCs and Apple computers.

"This isn't the first botnet that's been built using Mac computers," Nazario said. "This is an interesting one in that it's a little more flexible and includes some new features. ... It's getting a lot of press mostly because it's Mac and people are talking about how Macs are immune to malware -- and, sure enough, they're not."

The potential damage that could be caused by the Mac botnet is also less severe than other attacks, said Darrell Etherington, a contributor to theAppleBlog, which is not affiliated with the computer company.

"It's a very low-level attack," he said. "Some people won't even notice the effect of it."

It is in the interest of software companies like Symantec, who spread the news, and McAfee, which has downplayed the presence of the Trojan, to raise concerns so they can promote their antivirus software packages, he said.

"Yes, it is going to become a bigger problem and, yes, people have to become more aware, but I think that what McAfee and Symantec would like is for the panic to start and for people to start rushing to antivirus software," which isn't necessary yet, Etherington said.

In a statement, Apple said it is working to prevent security problems.

"Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," the statement says.

Only about 7.4 percent of computer users work on Macs, according to Gartner, a technology research firm.

That user base is proportionally more affluent than PC users, Etherington said, which may make Mac a bigger target. But overall, Macs are still far less vulnerable to attack than PCs, he said.

Haley said news of the Apple botnet is significant in part because it's something other authors of malicious code can build from.

"I don't think it's a tipping point; I think it's an evolutionary step. We see virus authors often use what somebody else has done," he said. "There's a model. There's something out there to follow."

http://www.cnn.com/2009/TECH/04/22/first.mac.botnet/index.html

Not that I don't believe them...but Symantec isn't exactly a disinterested third party. It is in their interests to convince everyone the sky is falling and macs are made of swiss cheese.

Not that I don't believe them...but Symantec isn't exactly a disinterested third party. It is in their interests to convince everyone the sky is falling and macs are made of swiss cheese.

I could not agree more. How better to drive up poor sales?

Very true, and it's not a secret that you can make programs that are malicious for Macs, but figured I would put it up anyways. :)

Not that I don't believe them...but Symantec isn't exactly a disinterested third party. It is in their interests to convince everyone the sky is falling and macs are made of swiss cheese.

It might be in their interests, but they've got more on their plate than they can handle anyways.

This is last week's news (http://voices.washingtonpost.com/securityfix/2009/04/worlds_first_mac_botnet_hardly.html?wprss=securityfix).

okay, now I officially admit M$ blamed users for getting infected with virus and malwares
Thank you. Finally.

now, what do you say if apple should come clean and patch the problem...
What problem is this again? That there is a vector to install trojans? That's called the application install procedure and if you patch that you can't install any applications. You do know that Leopard already provides some trojan protection by marking files that are downloaded and warning the user before installing them, right?

...or offer a solution to end users...
Besides the above-mentioned protection, how about?:
http://www.apple.com/downloads/macosx/networking_security/protectmacantivirus.html
or
http://www.apple.com/downloads/macosx/networking_security/avastantivirusmacedition.html

...or stop pretending OSX to be completely safe?
Mac OS X Security Configuration Guides (http://www.apple.com/support/security/guides/)
Apple doesn't pretend that OS X is completely safe. The link I've provided proves that.

Thank you.

For a while, I thought I was the only person thinking about this.

Windows users are really going to get a good laugh when someone finds another way to deliver trojans to Mac users, and there are thousands of infections.

No I think the blame for this one falls squarely on the users. Pirated software? Your begging for trouble.

This is just as bad as when people used hacked antivirus. "Look! I don't have to pay for it ever!"

Sure you can blame the users now, but this could just as easily have happend with LEGAL software as well. If somebody's computer is infected because they downloaded an Openoffice 3.0 torrent, who is to blame then?

Sure you can blame the users now, but this could just as easily have happend with LEGAL software as well. If somebody's computer is infected because they downloaded an Openoffice 3.0 torrent, who is to blame then?

You can't get magically infected through a torrent on any platform - someone has to put the Malware into the stuff you're downloading. If you are downloading software such as OpenOffice through an official torrent you are just as safe as downloading it through any other method

Sure you can blame the users now, but this could just as easily have happend with LEGAL software as well. If somebody's computer is infected because they downloaded an Openoffice 3.0 torrent, who is to blame then?

If someone downloads an Open Office torrent they deserve to be infected. You can download it, just like I did, right from Sun's website. That would be like buying a Gucci bag off the New York street and then complaining because you got a fake.

Ok that's true, but the point remains that you could be downloading legal software and still get infected. I'm not sure people who just type "openoffice torrent" in google would always end up with an official torrent. It may not be the smartest thing to do but I'm sure it happens.
Also, OOo was just an example, there are other legal reasons to download torrents.

"The bad guys generally go toward the biggest target, what will get them the biggest bang for their buck," said Kevin Haley, a director of security response at Symantec.

Until recently, the big target always was Microsoft Windows, and Apple computers were protected by "relative obscurity," he said.

I'm calling BS on this one. No viruses on the Mac because of it's small market share.:rolleyes: Any gray beards remember how many viruses the Mac (pre-OSX) had? Mac's market share back then didn't even top 5% and it had more viruses than the CDC's lab and more Trojans than the Iliad.:eek: No viruses because of small marketshare. Yeah right.:rolleyes::rolleyes::rolleyes:

It's time to retire that old record.

I'm calling BS on this one. No viruses on the Mac because of it's small market share.:rolleyes: Any gray beards remember how many viruses the Mac (pre-OSX) had? Mac's market share back then didn't even top 5% and it had more viruses than the CDC's lab and more Trojans than the Iliad.:eek: No viruses because of small marketshare. Yeah right.:rolleyes::rolleyes::rolleyes:

It's time to retire that old record.

Off the top of my head I remember the various WDEF variants along with Sevendust, Graphics Accelerator, Autostart WORM and a couple nasty HyperCard worms. IIRC, Sevendust was limited to 68k machines and Autostart was among the nastiest of the bunch. Honestly, anyone who thinks that any system is immune to viruses and worms is a fool.

Someone didn't do their research.

Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
http://i.gizmodo.com/5101337/giz-explains-why-os-x-shrugs-off-viruses-better-than-windows

The Mac Malware Myth
http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

The Unavoidable Malware Myth
http://www.roughlydrafted.com/2008/04/01/the-unavoidable-malware-myth-why-apple-wont-inherit-microsofts-malware-crown/

On CNN today:



http://www.cnn.com/2009/TECH/04/22/first.mac.botnet/index.html

Definitely not the first trojan horse for the Mac. And the scale of it is so small... I'm surprised to see it make such high news. It was the top item on the CNN morning report e-mail that I get every day.

If you're downloading illegal software from bittorrent -- well, then I don't feel bad at all if your computer gets wiped out.

Show me an exploit that replicates itself across a network and then I'll start paying attention.

If you're downloading illegal software from bittorrent -- well, then I don't feel bad at all if your computer gets wiped out.

Here in lies the problem, the general assumption is Macs don't get viruses, so the uninformed users think they can go anywhere, download anything and not have anything to worry about. So the myth that they are completely immune makes users more succeptable to infection when something really truely does get in the wild.

Agree with you though, downloading stuff of limewire etc and I don't feel sorry for you if your machine needs to be wiped completely.

Reminds me of a proof of concept thing I wrote. A simple shell script that renamed the system folder. I managed to fool my brother to install it on my iBook (bundled it with a piece of freeware) and I could have (but didn't) made it send itself (with that freeware) to everybody in my address book and manage to make their computers unusable. I sent it to my brother in a email titled "I found this cool program" with a modified installer that set it to run on shutdown as root (the installer asked for the root password). It tricked a non savvy user to install it.

It was my computer that I did this on (he uses PC's)

It would have worked on unix/linux if I bundled it with linux/unix freeware

This proves anybody can write a Mac Trojan. just requires a little fooling of the user to install it.

Still no PC style virus for Mac though (I could make one that spread by ssh if the admin user did not have a password and the web server was on.)

I am good with Mac related computer pranks. Shutting them down, sounding alarms, putting them to sleep, making them talk to the user, making fake error messages asking to reboot or quit the program they are using, even remotely formatting the HD(I did this to my brother when he was looking at bad stuff on my computer).

http://tech.yahoo.com/blogs/null/140226

Most mac users have a false sense of security...

From the article: "only a few thousand Macs are thought to be infected to date"

I agree that anyone is at risk so you should always "be safe" but it's the difference of playing with matches, and playing with a butane torch and a 50-gal drum of gasoline.

(Ahem. Windows would be the gasoline.)

OS X will never be as bad as Windows as far as security goes. UNIX is stronger than Windows, especially in regard to virus resistance.

There have never been any viruses for OS X, only trojans, which can be protected against by common sense.

OP: I agree with your point of view, though. It irks me to see Mac users saying things like "well if you pirate software you deserve a trojan." One day, someone will slip them a trojan into more "legitimate" software, and the users won't even know it until it's too late.

http://tech.yahoo.com/blogs/null/140226

Most mac users have a false sense of security...

When Mac's get infected via drive-by downloads from infected websites.... then you can gloat. In the meantime you can ponder this. Any system where the user can install software can be infected with a bot, that does not make it "insecure".

When Mac's get infected via drive-by downloads from infected websites.... then you can gloat. In the meantime you can ponder this. Any system where the user can install software can be infected with a bot, that does not make it "insecure".

Firefox + Adblock + NoScript :)

Even makes the internet on Windows safe(ish)

Most computer users have a false sense of security, it's not in any way limited to Macs. 99% of joe public doesn't have a clue how their computer works, less how its security works or how to bend the security.

Firefox + Adblock + NoScript

Even makes the internet on Windows safe(ish)

Windows isn't unsafe on its own anyway, it's only the stupidity of computer users that lead to problems.

http://tech.yahoo.com/blogs/null/140226

Most mac users have a false sense of security...

Most - means over half. So, over half of Mac users have a false sense of security. Not true.

"only a few thousand Macs are thought to be infected to date".

Most computer users have a false sense of security, it's not in any way limited to Macs. 99% of joe public doesn't have a clue how their computer works, less how its security works or how to bend the security.

Windows isn't unsafe on its own anyway, it's only the stupidity of computer users that lead to problems.

First paragraph is more or less correct.

The bold part isn't. Windows is unsafe after a fresh install. OS X isn't particularly strong, either, because some of Apple's default settings (e.g. Safari automatically opening files after download, weak firewall which is off by default.)

it does not matter if OSX is intrinsically safer than windows.

because its not much better, even if it is better.

the most important thing is that most OSX users KNOW how to handle it when their machines got infected. this need large scare re-education by influential organizations such a Apple Inc.

But apple is so soaked in its lame attack on windows' security, it wants to pretend that OSX is 100% safe.

Its extremely irresponsible, and this not only affect those whose machine got infected, it affect other people as well, since infected zombie machines are attacking the internet servers.

Simply ask mac users, see how many of them know what to do if they got infected? 1%, 2%? Its dangerous, not only to them, but also to me!

Not that I don't believe them...but Symantec isn't exactly a disinterested third party. It is in their interests to convince everyone the sky is falling and macs are made of swiss cheese.

I agree also. I'm not saying Macs are perfect or 100% secure, but I never believe things like this completely if there's a compromised party involved in getting the results (including the surveys Apple does).

I'm read a few times on various sites posts like "New Virus Targets Mac! Macs Are Insecure! Macintosh is Unsafe!" and then the article reads "...people who downloaded the cracked Creative Suite 4 fell victim to the virus." - Dont go download illegal software. Sheesh.

Here in lies the problem, the general assumption is Macs don't get viruses, so the uninformed users think they can go anywhere, download anything and not have anything to worry about. So the myth that they are completely immune makes users more succeptable to infection when something really truely does get in the wild.
Ah, but if you're so stupid that A. You'd go download pirated software, and B. You blindly assume that Macs are entirely immune, it serves you right that you toasted your system. If you're so dumb you think you're immune or so greedy you download illegal stuff with a virus, back at 'cha.

the most important thing is that most OSX users KNOW how to handle it when their machines got infected. this need large scare re-education by influential organizations such a Apple Inc.

If (and it's a big "if") you were capable of educating users on good security practices, why not just teach them how not to get infected in the first place?

EDIT: And why is this suddenly Apple's responsibility?

Duff-Man says...I've never seen a topic get brought up and flogged to death countless times over in countless threads like the whole virus/mac/malware/trojan etc etc etc....the same replies over and over again....oh yeah!

EDIT: And why is this suddenly Apple's responsibility?

Because they released such a buggy and inferior product that's been responsible for millions of computers becoming infested worldwide.

...... oh, that's right, they haven't. A few thousand people picked up some malware when installing bootleg software and suddenly the sky is falling.

Kind of jumping on at the end of this thread, but...

When installing a new program, I'm used to "blindly typing" my password. Seems like standard installer behavior, and something I would expect to do when installing iWork. I doubt there is any clear sign of something different when installing one of these trojan-infested apps. I don't think it's fair to call people dumb when they are used to typing in an admin password to install a program.

Because they released such a buggy and inferior product that's been responsible for millions of computers becoming infested worldwide.

...... oh, that's right, they haven't. A few thousand people picked up some malware when installing bootleg software and suddenly the sky is falling.


For the sky to fall, Apple would have to be Microsoft. So we Mac users have viruses and trojans to worry about, but in the context of that compared to Windows, our problems are low on the radar right now.

There really is nothing terrible about buying Symantec software. In older Macs, I noticed it slowing down my system, but now the faster processors, RAM, and hard drives make me not notice any drawbacks of some security software. There will be those who insist Symantec "planted" this into the Mac world to boost sales, but what is far more likely is that there are people out there who finally decided we are a good enough target to shoot for.

I think over the past few years, iPod and iPhone has made Apple more visible in popular culture, and thus OS X. In a way, we have hit the big time and are a player in the computer market, and the bad guys will want to take us down putting us in the same league as a Microsoft.

Because these security threats can be easily avoided by not downloading pirated software. Yes, it's still a threat because people will continue to do that, but no one else has to worry just yet. If trojans start making their way into more legitimate file downloads, then there will be something to talk about (and I've personally never encountered anything like that even in Windows).

People keeping saying that but I might like to point at that a vast majority of windows security threats are easy to avoid with out using AV software.

over 75% of all the "virus" for windows are Trojans so those are all easy to advoid and pure user stupidity. Next almost all the big worms out there for windows where patch by MS months before the worm was ever made. People where looking at the updates to figure out what it fix then exploit an unpatch computer.

That covers most 99% of windows problem right there. KEEP YOU COMPUTER UPDATED AND DO NOT INSTALL UNKNOWN SOFTWARE.

Wow. that where all the problems security wise lie.....

This is no different. Please get you head out of the sand or at least release microsoft is doing better. A better case is look at zero day exploits or exploits that have not been patch. If I remember some stuff correctly OSX is worse than windows in that department.

I guess Windows users need to find some comfort in their virus infected land.

There is currently no Mac botnet.

Kind of jumping on at the end of this thread, but...

When installing a new program, I'm used to "blindly typing" my password. Seems like standard installer behavior, and something I would expect to do when installing iWork. I doubt there is any clear sign of something different when installing one of these trojan-infested apps. I don't think it's fair to call people dumb when they are used to typing in an admin password to install a program.

Except that in this case these people were not using an installer they got from Apple; they got it from a BitTorrent site where they didn't have to spend $79 for the software. So I do think it's fair to call these people dumb, and to have no sympathy for any negative consequences they experienced.

Everyone gets viruses by installing something stupid, I dont see how this is any different than on Windows. Im sure the only reason it was limited to a torrent is because they couldnt find any buyers to run it on porn and game sites. Its ironic that people blame Windows for viruses but then dismiss it on OS X as user error when they all get installed the same way.

Everyone gets viruses by installing something stupid, I dont see how this is any different than on Windows. Im sure the only reason it was limited to a torrent is because they couldnt find any buyers to run it on porn and game sites. Its ironic that people blame Windows for viruses but then dismiss it on OS X as user error when they all get installed the same way.

It doesn't matter if it's Windows or OS X (because it's a trojan, not a virus - once again, no viruses on OS X). In either case, if I buy iWork for $79 from Apple I don't expect it to contain a trojan. If I get it free from some other site, obviously pirated, there is no one to blame but myself if it does bad things to my system.

When Mac's get infected via drive-by downloads from infected websites.... then you can gloat. In the meantime you can ponder this. Any system where the user can install software can be infected with a bot, that does not make it "insecure".

Unfortunately, it looks as if this may now be possible, due to an exploitable root access bug in DiskImageMounter. See here (http://www.h-online.com/security/Root-exploit-for-Mac-OS-X--/news/113075) and this thread (http://forums.macrumors.com/showthread.php?p=7522431#post7522431)

It doesn't matter if it's Windows or OS X (because it's a trojan, not a virus - once again, no viruses on OS X). In either case, if I buy iWork for $79 from Apple I don't expect it to contain a trojan. If I get it free from some other site, obviously pirated, there is no one to blame but myself if it does bad things to my system.
trojan is not viruses? why? apple itself claims malwares (trojans, worms) are viruses, why you want to use double standard? when bashing windows, everything is viruses, when comes down to OSX, you want to slice and dice and throw out whatever you can?

and blaming stupid users again!

Finger pointing game can cure the thousands of zombie macs out there that are attacking the internet servers which affect all of us?

How?

Fingering pointing is such an ancient game, I now understand that could be the first reaction from a over protective fan, but after that, settle down and push for a solution!

Pirate downloading again to be blamed! Now Snow Leopard build is on torrent again, lets see how many copies can be abused and carry something you dont like again.

This is a security threat, and what it need is a SOLUTION, not fingering pointing, at least not in this stage, weeks after the problem surfaced.

trojan is not viruses?

No, they is not.

and blaming stupid users again!

Yup. In this case, it was absolutely, 100% the users' fault.

Finger pointing game can cure the thousands of zombie macs out there that are attacking the internet servers which affect all of us?

Oh! Help! I'm under attack from thousands of zombie Macs! Whatever am I to do?

No, they is not.



Yup. In this case, it was absolutely, 100% the users' fault.



Oh! Help! I'm under attack from thousands of zombie Macs! Whatever am I to do?

Hehehehehe...:D

This does not mean in any way that OS X is insecure and a hole is being taken advantage of. The pirated versions of iwork that let this bug in ARE MODIFIED. Apple's software is still virtually virus-proof. This virus is only infecting people because they not only downloaded a modified version of iwork, but gave the hackers their admin password. So this is purely the users' fault.

Here's an interesting take on the matter:

Five Tips for Reading Mac Security Stories (http://db.tidbits.com/article/10218)

Most - means over half. So, over half of Mac users have a false sense of security. Not true.

"only a few thousand Macs are thought to be infected to date".

No, I meant it in a general way. Most mac users really believe they'll never get viruses...

.