Apple Response to Trojan Warning

Discussion in 'MacRumors News Discussion (archive)' started by MacRumors, Apr 9, 2004.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    MacCentral posts Apple's response to yesterday's Trojan warning from Intego.

    According to the statement, Apple is investigating the issue:

     
  2. macrumors newbie

    Joined:
    Feb 26, 2003
    #2
    First Post/Bad News

    I hope Apple starts collaborating with the Open Source community to fight trojans and viruses... If they don't, we could be almost as bad off as Windows users.
     
  3. macrumors regular

    Joined:
    Oct 12, 2003
    Location:
    Los Angeles
    #3
    Mac OS X Security Update 2004-04-10 . . .

    Wait for it . . . Wait for it . . . . . Wait for it . . .
     
  4. macrumors regular

    Joined:
    Dec 10, 2002
    Location:
    LA la land...
    #4
    apple is rad.
     
  5. macrumors 68000

    wPod

    Joined:
    Aug 19, 2003
    Location:
    Denver, CO
    #5
    i am not too worried, apple will get it fixed in time. i always feel safe knowing that hackers are more likely to attack 95% of computers instead of 3%. . . though the first person to do it would probably get pretty high recognition. . . not good recognition though. but mac users are also smarter and more careful than M$ users. . . right?!
     
  6. macrumors 65816

    Darwin

    Joined:
    Jun 2, 2003
    Location:
    round the corner
    #6
    Glad Apple is on the case

    This should encourage us that Apple does take these things seriously :)
     
  7. macrumors 68040

    jxyama

    Joined:
    Apr 3, 2003
    #7
    patch should be easy in theory. apple just has to make finder behave consistently - if it displays a file as one type, it should act on it as that type when double-clicked. (this used to not be a problem when finder didn't depend on extensions to figure out what the file type icon to display.)
     
  8. macrumors regular

    Joined:
    Oct 12, 2003
    Location:
    Los Angeles
    #8
    Wait a second . . . maybe it's just me, but does it seem weird that Apple would give a statement to MacCentral???? That's seems odd. Wouldn't it be on their website in the support section or in a press release? Could this "statement" have been made up??
     
  9. macrumors newbie

    Joined:
    Aug 9, 2003
    Location:
    Here and There
    #9
    Atleast Apple, unlike Microsoft issues regular security updates to it's operating system. Microsoft would have to issue security updates multiple times in a 24 hour period to keep up though. I'm betting Apple will put out a security update to deal with this...
     
  10. Moderator emeritus

    Rower_CPU

    Joined:
    Oct 5, 2001
    Location:
    San Diego, CA
    #10
    It's a general press release. The same statement can be found on other sites:
    http://www.infoworld.com/article/04/04/09/HNintegowarns_1.html
     
  11. macrumors 65816

    Photorun

    Joined:
    Sep 1, 2003
    Location:
    NYC
    #11
    Maybe it's just me but what's the friggin' big deal here? No really?! I mean, a file that's executable on ANY computer system, be that a peecee craptacularbox or a Mac running OS X, OS 9, or hell, even Linux that is launched by a dummy without thought to where it came from can be launched and harm caused. Why is this a big deal at all? I'm lost? And OS X is still one of the most solid systems but any system, if someone launches something to attack it FROM it, I mean, so what? That's been the way I think all the way back to Basic and DOS. Go back, there's nothing to see here or better yet, just don't believe the hype!
     
  12. macrumors member

    Joined:
    Feb 27, 2004
    #12
    But I don't want apple just coming out with a quick M$ cludge of a fix. Right now we have to be on edge not paranoid. My real fear is that this is the way finder and iTunes are intended to work for compatibility of MacOS and PC files. I suspect that it will be a significant change when it comes. I just want it done right.
     
  13. macrumors regular

    animefan_1

    Joined:
    Jan 23, 2002
    Location:
    New York
    #13
    No. Apple has given MacCentral (MacWorld's news arm) statements plenty of times before, while NOT posting the same info on their own website.

    Besides, isn't it against the law to say someone said something, even though they didn't?
     
  14. macrumors 6502a

    Rincewind42

    Joined:
    Mar 3, 2003
    Location:
    Orlando, FL
    #14
    Don't bet on it.

    The Finder is behaving consistantly. The icon doesn't come from the Finder, but from the application itself. The application itself launches iTunes to play itself as if it were an mp3, so it looks flawless. This really isn't something that can be blanket fixed because there may be legitimate applications that do some of the same things. The proof-of-concept trojan is only given away by the fact that the Finder blatantly says the file is an application (or classic application if you strip the resource fork).

    Fortunately this trojan is also extremely fragile, if the resource fork isn't preserved, the application can't even launch. They could try to do it with a standard bundled application, but they would also have to compress/encode it to send it to anyone, and couldn't use the normally invisible .app extension (because two extensions are always shown by OS X).
     
  15. macrumors 68040

    jxyama

    Joined:
    Apr 3, 2003
    #15
    what you are saying is mostly true, but this is newsworthy just for the fact it's a confirmed vulnerbility in OS X/Finder that can be exploited by a trojan. it may seem like a hype to you, but it is definitely newsworthy.

    being in the news doesn't make OS X any less "solid" and not being in the news doesn't make this problem go away.
     
  16. macrumors regular

    Joined:
    Nov 19, 2002
    #16
    Microsoft issues both regular security updates and out-of-cycle updates. What are you talking about?

    True, it's not nearly fast enough for the amount of attacks. Not that admins could easily deploy to thousands of PCs any faster in a company.
     
  17. macrumors 68040

    MongoTheGeek

    Joined:
    Sep 13, 2003
    Location:
    Its not so much where you are as when you are.
    #17
    From the sound of these comments it seems that the trojan only affects machines that run 10 and have classic available?

    That means that once classic goes away this won't be a threat?

    Since classic is no longer a standard install this is a much smaller threat than it seems?
     
  18. macrumors 6502a

    Foocha

    Joined:
    Jul 10, 2001
    Location:
    London
    #18
    I think the issue is that the Finder misrepresents the file as an MP3 when in fact it's an executable. The problem arises from Mac OS X's halfway-house between OS 9 style File Type & Creator Codes and OS X style document extensions.

    With Windows and Linux it's clearer what is executable and what's not. Since OS X has to provide backwards compatibility to OS 9, this one may be tricky for Apple to solve.
     
  19. macrumors 65816

    peterjhill

    Joined:
    Apr 25, 2002
    Location:
    Seattle, WA
    #19
    Did you all see this from the article:
     
  20. macrumors 68000

    musicpyrite

    Joined:
    Jan 6, 2004
    Location:
    Cape Cod
    #20

    At least Apple is willing to acccept the fact the there could be a trojan and are going to try to investigate, unlike M$, they just deny it or give excuses.....
     
  21. macrumors 68020

    Joined:
    Jul 3, 2003
    #21
    Exactly what I was about to mention. It really isn't a big deal, but since the problem basically is a security hole in iTunes (that didn't exist in iTunes 3 according to the last message in this Google thread. ) that seems very fixable.
     
  22. macrumors regular

    Joined:
    Jan 12, 2004
    #22
    They have yet to say if anything malicious can come of this PROOF OF CONECEPT TROJAN.

    And as symantec said its not out in the wild.

    If its bad apple will fix it. If its nothing then intego has got problems coming there way.
     
  23. macrumors 6502

    Joined:
    Jan 19, 2002
    #23
    ahh, so that's what the security update was for. that was quick and easy.
     
  24. macrumors regular

    Joined:
    Apr 6, 2004
    Location:
    canada
    #24
    remember that macos is unix, and unix has trojans.

    there's lots of trojans for unix that exploit the fact that you may have "." in your path, so put a file called "ls" in your path that does some nasty stuff then runs the real "ls" command, plunk it in the home dir of some user, and woosh. if it happens to root, you're screwed. but unix admins know that trick all too well and it's a known fact NEVER to put . in your path.

    the problem here, is that many apple users have no experience with unix (most mac users i know were stunned to see me open up 'terminal', they had no idea what it was). so a lot of the old unix tricks might pop up. rm -rf anyone?

    this says nothing about macos really, it's just the nature of computers and operating systems, as well as people having accounts that allow administrator access. one unix rule is don't log in as root unless you have to.

    i can imagine mac people cringing thinking 'this is the end', but unix variants have faced this stuff for over 30 years and they're still considered rock solid and low risk.
     
  25. macrumors 68040

    killmoms

    Joined:
    Jun 23, 2003
    Location:
    Washington, DC
    #25
    OS X still has a filetyping scheme that is less than stellar; I hate that the Creator App is still the default behavior in OS X. BeOS stands as having both the best filesystem and filetyping setup that I've seen yet. I'm hoping Apple rips it off for 10.4 or 10.5.

    Basically, BeOS would use MIME types to identify files, for instance if they were downloaded from the web. If there was no MIME type already defined, it would look at extension and associate it that way. If there was no extension, it would actually read the first bit of the file and see if that would allow it to determine what type of file it was looking at.

    If Apple would do that, with the "Created by" field in there someplace in the hierarchy, maybe even make the hierarchy user-definable, I'd be in heaven.

    Well, once that was married to a new version of HFS w/ always-on indexing, extensible (and indexed!) meta-data, and real-time queries of an incredibly configurable nature. 10.3 is a step in the right direction, but there's some underlying devices that need to appear first.

    --Cless
     

Share This Page