I was searching images at google, and when I clicked an image, there was this web page which said something like "Are you trying to hack us?", and then in 3 seconds or so, my MacBook suddenly shut down! Did the web page cause this? After that happend I could start my MacBook normally, but are there any things that I should worry about? I haven't been online on that MacBook after that.

I'd reformat the drive and reinstall the operating system.

But hey, I'm paranoid :P

O.o ... that sounds worrying... was it porn or something? ... no joke, its just that u have to be careful as some porn sites contain virus, etc

Do you know the website? That may be the java whole that Apple didn't yet patch..

As a recent PC to Mac switcher... this is where I'm confused.

Is OSX really that vulnerable to something like this? Could it be that easy?

I'm not naive enough to think macs are immune from *all* hacks but this is one of the main reasons I switched.

Plus, those Mac/PC guys on TV say so. :D

THERE ARE NO VIRUSES on OSX.

Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
http://i.gizmodo.com/5101337/giz-explains-why-os-x-shrugs-off-viruses-better-than-windows

The Mac Malware Myth
http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

The Unavoidable Malware Myth
http://www.roughlydrafted.com/2008/04/01/the-unavoidable-malware-myth-why-apple-wont-inherit-microsofts-malware-crown/

How to check for Trojans
http://www.macworld.com/article/60823/2007/10/trojanhorse.html

Market Share Myth
http://blogs.bellinghamherald.com/index.php?blog=14&title=setting_the_computer_virus_record_straig&more=1&c=1&tb=1&pb=1

I was searching images at google, and when I clicked an image, there was this web page which said something like "Are you trying to hack us?", and then in 3 seconds or so, my MacBook suddenly shut down!

Sure it did... :rolleyes:
Give us a link and some evidence otherwise I'm finding this story tough to swallow.

First post, huh? Welcome aboard.

There might be no or less viruses on the OS, but there could be a software virus, like the java bug which has been recently publicized.

Sure it did... :rolleyes:
Give us a link and some evidence otherwise I'm finding this story tough to swallow.

First post, huh? Welcome aboard. Maybe the battery went flat ;)

Thank you for your replys! I have to admit the image was porn-ish... but I am a girl and I was just curious for no sexual reason. Anyway, I don't know the website's url because I called Japan's Apple support and she said I should reset safari, which I did. She said there's nothing to worry about and there's no need to buy any security software, but really...??
And no, the battery was full because the power charger was plugged.

THERE ARE NO VIRUSES on OSX.Well, I'm sure this horse is dead. :D

Great reading though!

Since this issue seems to be part of Apple's marketing hype, I tend to believe that any malware/virus author would be revered as a god in hacker heaven among his peers should he succeed in doing this. (Regardless of the low market share theory)

As far as I know, this hasn't happened on any large scale so there must be something to it.

Well, I'd be amazed if a website was capable of sending a shutdown command to a Mac

Well, I'd be amazed if a website was capable of sending a shutdown command to a Mac

Especially since that requires sudo and a password.

Especially since that requires sudo and a password.

No it doesn't. You don't need to be root to shut down OS X.

It wasn't like usual shutting down, it was more sudden, like when you force it to shut down when it's freezing. Maybe the website and the shutting down was unrelated? Is this sudden shutting down a common thing?

THERE ARE NO VIRUSES on OSX.
Actually there are. They're just rare and not as effective as Windows viruses. It also depends on what you mean by virus. It's very easy to write code that delete all your files and shut down your computer. All you need is an exploit to launch that code arbitrarily.

Actually there are. They're just rare and not as effective as Windows viruses.

Depends on what you define "virus" as.

There is currently no self-propagating malicious software out there capable of infecting Mac OS X machines.

The malicious software that has been seen "in the wild" requires the user to either execute it or give it their root password in order to do anything.

self-propagating malicious software
Those are called worms :)

The malicious software that has been seen "in the wild" requires the user to either execute it or give it their root password in order to do anything.That's Malware I think. And I've always thought a virus is something that hops from machine to machine without anyone's knowledge.

But what's a trojan? (Not the kind you keep your wallet).

I was searching images at google, and when I clicked an image, there was this web page which said something like "Are you trying to hack us?", and then in 3 seconds or so, my MacBook suddenly shut down! Did the web page cause this? After that happend I could start my MacBook normally, but are there any things that I should worry about? I haven't been online on that MacBook after that.

To the best of my knowledge, the main Safari related viruses such as the Safari Bomb were already patched. Regardless of which, unless you explicitly downloaded content from a website, performing a lower level system call like a "battery pull" style shut down is a pretty big issue. If websites are able to do that, we've got bigger fish to fry...

My advice to you, see if you can find good virus scanner for your Mac, run it. To be honest, i'd try to replicate the problem to see if it happens again. If it happened again to me, i'd format my Mac because I have credit card info on it.

That's Malware I think. And I've always thought a virus is something that hops from machine to machine without anyone's knowledge.

But what's a trojan? (Not the kind you keep your wallet).

It's a similar concept as a Trojan horse, yah from (Greek / Roman perhaps?) history. It is a file or series of files disguised as something harmless, when indeed they are there to alter your existing files, flood you Mac with files, or download / upload information through your network connection...among many other harmful things they can do. Typically Trojans don't replicate.

Those are called worms :)

There's no formal definition of either, and the line between the two is fuzzy at best.

Any sense of security is fool hearted. At recent hacking competitions Mac OSX was usually always the first to be hacked. Exploits are just as disastrous as a virus. There are viruses as well for the OSX. The only reason why Apple can tout safety and give users "a sense of security" is simply because at this point the user install base vs pc users aren't of much interest for time and effort involved for hackers and etc. As the user install base increases - you have to be prepared for an increase and that armor starting to chip away. Nothing is fail safe. Nothing.

Keep in mind Apple continues to neglect to correct reoccurring Safari exploits. The most current one is the Java exploit. The only way to prevent being a victim is to disable Java completely in Safari.

The only reason why Apple can tout safety and give users "a sense of security" is simply because at this point the user install base vs pc users aren't of much interest for time and effort involved for hackers and etc. As the user install base increases - you have to be prepared for an increase and that armor starting to chip away. Nothing is fail safe. Nothing.


No.

Look, I'm not going to claim that OS X is invulnerable (it really, really isn't) -- but the marketshare argument is BS.

Why? Well someone else has said it best. From this Slashdot comment (http://linux.slashdot.org/comments.pl?sid=234809&cid=19134297):

Linux isn't more secure because it is targetted less. It is more secure because it uses a different security model with a whole lot fewer holes in it; *nix in general has been designed to be secure and account for restricting one portion of the system from other portions since very early days. Windows started wide open, and remained wide open for a long time, a lot of system software was written to be wide open, and even more importantly, a lot of system concepts, like activeX, were not designed with security in mind. Consequently, Windows security, such as it is, is an afterthought layer that was added to the original functionality, whereas *nix security, specifically linux security, is built in at the bedrock level.

The fact is, it is a lot more difficult to hack a *nix system by design. Something else to note: A huge proportion of the servers out on the net are linux machines running apache. These machines are powerful (that's why they are servers), the tend to have big pipes (again, they're servers, they need relatively big pipes) they're online all the time (they're servers!) and so they are ideal for a botnet or a spamming system, etc. And so, the majority of spamming systems and botnets are linux machines, right? Because they're common and have the perfect set of capabilities for these tasks? No. Wrong. Most mal-servers are Windows machines. But why? All those many linux machines would be great mal-servers! They are a huge target! Well, the why is simple, and it's just what I said above: It is hard to hack a linux server, even one that isn't that well patched. A linux machine that is properly kept up to date is even harder. Macs are basically the same kind of hard target; they're *nix underneath.

The bottom line is that Windows has the malware because it has been the easy target. Not because it is the common target.

Same applies for OS X (although to a lesser extent, in part due to Apple's prioritization of user experience over security.)

That's not to claim that OS X won't ever be exploited, but I do think that it presents a much, much smaller target than Windows. Dig?

Can you do it again?

No.

Look, I'm not going to claim that OS X is invulnerable (it really, really isn't) -- but the marketshare argument is BS.

Why? Well someone else has said it best. From this Slashdot comment (http://linux.slashdot.org/comments.pl?sid=234809&cid=19134297):



Same applies for OS X (although to a lesser extent, in part due to Apple's prioritization of user experience over security.)

That's not to claim that OS X won't ever be exploited, but I do think that it presents a much, much smaller target than Windows. Dig?

I am not attempting to be a pundit or what not - but, I will have read too many articles from security analysts (which I will not go tracking down - google is for that) and hacking competitions that i am going to have to side with them.

lets just agree to disagree. going to sleep. laters.

Well, I'd be amazed if a website was capable of sending a shutdown command to a Mac

Porn is the ultimate power ;D it can do anything hahaha

I am not attempting to be a pundit or what not - but, I will have read too many articles from security analysts (which I will not go tracking down - google is for that) and hacking competitions that i am going to have to side with them.

Security analysts have been predicting the fall of Linux and Mac OS X every year for years now. One day they're bound to get it right -- but until they can actually point to some piece of evidence of malicious software that supports their claims, I'm going to tend to believe that they're just doing what they do best: blustering and kicking up a big fuss in an attempt to make a name for themselves.

Security analysts have been predicting the fall of Linux and Mac OS X every year for years now. One day they're bound to get it right -- but until they can actually point to some piece of evidence of malicious software that supports their claims, I'm going to tend to believe that they're just doing what they do best: blustering and kicking up a big fuss in an attempt to make a name for themselves.

umm...they do and at hacking events reflect that as well. osx is generally the first to become compromised. these guys aren't trying to make a name for themselves whenever they are talking about the faults for generally every os. news flash - its their job. i don't know what articles you are reading but, not one have i read was about the "fall of osx." simply that company "x" or "y" needs to go back to the drawing board to fix a broken wall.

b-e-z. :rolleyes:

Actually there are. They're just rare and not as effective as Windows viruses. It also depends on what you mean by virus. It's very easy to write code that delete all your files and shut down your computer. All you need is an exploit to launch that code arbitrarily.

A virus has to be able to do this itself. That's where the security of Unix helps - if anything wants to do serious damage, the user has to enter their admin password unless there is an exploit, which then again, wouldn't open the door to a virus. There is plenty OS X trojans and malware about - it is user stupidity/incompetence that will get them infected.

There is no viruses for OS X. There's nothing that can infect your computer undetected/unknown to the user and manipulate itself.

There's nothing that can infect your computer undetected/unknown to the user and manipulate itself.

I disagree to some extent with this generalization. If a trojan is nested in an install there is nothing that OS X will do as far as notifying the user of a specific threat. OS X will traditionally challenge you for your password and be done with it.

I think you should have said:

Silent malware does not exist on OS X that I have found. However, they can be nested within an install. When the parent install asks for the password, there is NOTHING that alerts the user that they are doing anything out of the ordinary.

THUS, a silent install without a user knowing.

FTW.

User stupidity is not an excuse for security, you should know that.

I disagree to some extent with this generalization. If a trojan is nested in an install there is nothing that OS X will do as far as notifying the user of a specific threat. OS X will traditionally challenge you for your password and be done with it.

I think you should have said:

Silent malware does not exist on OS X that I have found. However, they can be nested within an install. When the parent install asks for the password, there is NOTHING that alerts the user that they are doing anything out of the ordinary.

THUS, a silent install without a user knowing.

FTW.

User stupidity is not an excuse for security, you should know that.

Not really..

If the user is installing a legit application, what is there to worry about? The only trojans that have infected people are ones that have come from pirated torrents.

The trojan doesn't "silently" install itself - nested or not, it still requires your username and password. And if you are using dodgy software, you should know better.

User stupidity is an excuse for security. Are you seriously not blaming user stupidity on things like following spam emails.. or even giving their credit card details to someone dodgy over the phone..?

There's only so much "security" we can implement before user stupidity outweighs it. Yes, OS X isn't perfect, and there is loop holes, but a lot of this virus and trojan talk is purely based on user stupidity..

Your fine, that kind of thing happened to me once.

ChrisN

Any sense of security is fool hearted. At recent hacking competitions Mac OSX was usually always the first to be hacked. Exploits are just as disastrous as a virus. There are viruses as well for the OSX. The only reason why Apple can tout safety and give users "a sense of security" is simply because at this point the user install base vs pc users aren't of much interest for time and effort involved for hackers and etc. As the user install base increases - you have to be prepared for an increase and that armor starting to chip away. Nothing is fail safe. Nothing.

Keep in mind Apple continues to neglect to correct reoccurring Safari exploits. The most current one is the Java exploit. The only way to prevent being a victim is to disable Java completely in Safari.You do understand what you're saying, right? First off, the hacking was done in under a few minutes, not researched or found in under those minutes. They found a simple exploit under Safari which probably took them a few hours to manipulate. The second part. You're saying that, as Apple professes to have an untarnished "no-virus" record, that no one would dare touch them just because of a smaller market share? Extremely doubtable and coincidental. No, they, the virus makers, would make a big name for themselves if they made one that infected millions of users.

User stupidity is an excuse for security. Are you seriously not blaming user stupidity on things like following spam emails.. or even giving their credit card details to someone dodgy over the phone..?

There's only so much "security" we can implement before user stupidity outweighs it. Yes, OS X isn't perfect, and there is loop holes, but a lot of this virus and trojan talk is purely based on user stupidity..

I agree...I have never gotten a virus even under windows because I'm careful with what I do. My sister on the other hand has thrown out computers due to viruses.

umm...they do and at hacking events reflect that as well. osx is generally the first to become compromised. these guys aren't trying to make a name for themselves whenever they are talking about the faults for generally every os. news flash - its their job. i don't know what articles you are reading but, not one have i read was about the "fall of osx." simply that company "x" or "y" needs to go back to the drawing board to fix a broken wall.


Ok, let's go over a couple things "RiCEADDiCTBOY":

1) OS X is indeed often the first to fall. The reason for that is not necessarily due to the availability of an exploit, but rather the PR value of the exploit. If I have a "drive-by" browser exploit for IE and a "drive-by" exploit for Safari, which do you think will get me in the headlines? Both take about about the same amount of effort/time to execute -- but one will get me on the front page of every single tech. rag for the better part of a week, and the other (if I'm lucky) will get my name at the bottom of a Secunia bulletin.

2) Yes, they're doing it for PR. Oh hell yes. Take a look at Charlie Miller, for example -- why do you think he sat on the recent "Pwn2Own" exploit for as long as he did? In his words:

Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away.

In this case, the value was press time -- he got interviews in ZDnet and the like, and I'm sure his consulting business benefited quite a bit from all the press he got.

3) Yes, none of the articles I had in mind had the exact phrase "fall of OS X" -- but there is no shortage of articles predicting the imminent rise of rampant malware for OS X; a quick Google search will yield hundreds if not thousands of such predictions.

As for what articles I read, I don't usually. I prefer to either watch the presentations from the researchers themselves or, if they're not presenting at CCC or DEFCON, read their whitepaper/slides. I find that reading the write-up from the researchers themselves gives me far more accurate information than I'd obtain from a digested, dumbed-down article. I want to know _why_ OS X's NX support is broken, not just that the exploit "let me put code in memory" (an explanation which is essentially worthless.) (As an aside, the answer to that question is that with Leopard while the stack is not executable by default, the heap is.)

The trojan doesn't "silently" install itself - nested or not, it still requires your username and password. And if you are using dodgy software, you should know better.


From a pure messaging perspective there is nothing that an ignorant end-user (I don't assume my users' intelligence level) would be aware of that an install is "dodgy". I also do not assume in my systems that the person downloading the software is the same user as the installer.



User stupidity is an excuse for security. Are you seriously not blaming user stupidity on things like following spam emails.. or even giving their credit card details to someone dodgy over the phone..?


Social engineering's relationship to security is something entirely different and complex. A system needs to be aware of behavior and look for changes. Unless you want that system to be spying on you moment to moment you have to be proactive and anticipate. There is a lot of value in analysis of this type from security breach to customer retention.




There's only so much "security" we can implement before user stupidity outweighs it. Yes, OS X isn't perfect, and there is loop holes, but a lot of this virus and trojan talk is purely based on user stupidity..

User stupidity and User ignorance are not the same thing. Would you prefer some sort of 'phone home' validation [DRM to the rescue!]...

Depends on what you define "virus" as.

There is currently no self-propagating malicious software out there capable of infecting Mac OS X machines.

The malicious software that has been seen "in the wild" requires the user to either execute it or give it their root password in order to do anything.

Agreed.

Everything discovered so far (vulnerability-wise) are proof-of-concepts. Also, writing code to delete files and shut down computers isn't the definition of of a virus. Viruses usually take advantage of known vulnerabilities and are usually automatons (meaning the code automatically executes).

*MacBook snuffles*

SWINE 'FLU!

But in all seriousness, no it was likely just one of those freak things that happens once in a blue moon. Either that or something caused Safari to crash in an epic proportion, which can happen on rare occasion.