Apple Response to Trojan Warning

Discussion in 'MacRumors News Discussion (archive)' started by MacRumors, Apr 9, 2004.

  1. macrumors bot


    Apr 12, 2001
    MacCentral posts Apple's response to yesterday's Trojan warning from Intego.

    According to the statement, Apple is investigating the issue:

  2. macrumors newbie

    Feb 26, 2003
    First Post/Bad News

    I hope Apple starts collaborating with the Open Source community to fight trojans and viruses... If they don't, we could be almost as bad off as Windows users.
  3. macrumors regular

    Oct 12, 2003
    Los Angeles
    Mac OS X Security Update 2004-04-10 . . .

    Wait for it . . . Wait for it . . . . . Wait for it . . .
  4. macrumors regular

    Dec 10, 2002
    LA la land...
  5. macrumors 68000


    Aug 19, 2003
    Denver, CO
    i am not too worried, apple will get it fixed in time. i always feel safe knowing that hackers are more likely to attack 95% of computers instead of 3%. . . though the first person to do it would probably get pretty high recognition. . . not good recognition though. but mac users are also smarter and more careful than M$ users. . . right?!
  6. macrumors 65816


    Jun 2, 2003
    round the corner
    Glad Apple is on the case

    This should encourage us that Apple does take these things seriously :)
  7. macrumors 68040


    Apr 3, 2003
    patch should be easy in theory. apple just has to make finder behave consistently - if it displays a file as one type, it should act on it as that type when double-clicked. (this used to not be a problem when finder didn't depend on extensions to figure out what the file type icon to display.)
  8. macrumors regular

    Oct 12, 2003
    Los Angeles
    Wait a second . . . maybe it's just me, but does it seem weird that Apple would give a statement to MacCentral???? That's seems odd. Wouldn't it be on their website in the support section or in a press release? Could this "statement" have been made up??
  9. macrumors newbie

    Aug 9, 2003
    Here and There
    Atleast Apple, unlike Microsoft issues regular security updates to it's operating system. Microsoft would have to issue security updates multiple times in a 24 hour period to keep up though. I'm betting Apple will put out a security update to deal with this...
  10. Moderator emeritus


    Oct 5, 2001
    San Diego, CA
    It's a general press release. The same statement can be found on other sites:
  11. macrumors 65816


    Sep 1, 2003
    Maybe it's just me but what's the friggin' big deal here? No really?! I mean, a file that's executable on ANY computer system, be that a peecee craptacularbox or a Mac running OS X, OS 9, or hell, even Linux that is launched by a dummy without thought to where it came from can be launched and harm caused. Why is this a big deal at all? I'm lost? And OS X is still one of the most solid systems but any system, if someone launches something to attack it FROM it, I mean, so what? That's been the way I think all the way back to Basic and DOS. Go back, there's nothing to see here or better yet, just don't believe the hype!
  12. macrumors member

    Feb 27, 2004
    But I don't want apple just coming out with a quick M$ cludge of a fix. Right now we have to be on edge not paranoid. My real fear is that this is the way finder and iTunes are intended to work for compatibility of MacOS and PC files. I suspect that it will be a significant change when it comes. I just want it done right.
  13. macrumors regular


    Jan 23, 2002
    New York
    No. Apple has given MacCentral (MacWorld's news arm) statements plenty of times before, while NOT posting the same info on their own website.

    Besides, isn't it against the law to say someone said something, even though they didn't?
  14. macrumors 6502a


    Mar 3, 2003
    Orlando, FL
    Don't bet on it.

    The Finder is behaving consistantly. The icon doesn't come from the Finder, but from the application itself. The application itself launches iTunes to play itself as if it were an mp3, so it looks flawless. This really isn't something that can be blanket fixed because there may be legitimate applications that do some of the same things. The proof-of-concept trojan is only given away by the fact that the Finder blatantly says the file is an application (or classic application if you strip the resource fork).

    Fortunately this trojan is also extremely fragile, if the resource fork isn't preserved, the application can't even launch. They could try to do it with a standard bundled application, but they would also have to compress/encode it to send it to anyone, and couldn't use the normally invisible .app extension (because two extensions are always shown by OS X).
  15. macrumors 68040


    Apr 3, 2003
    what you are saying is mostly true, but this is newsworthy just for the fact it's a confirmed vulnerbility in OS X/Finder that can be exploited by a trojan. it may seem like a hype to you, but it is definitely newsworthy.

    being in the news doesn't make OS X any less "solid" and not being in the news doesn't make this problem go away.
  16. macrumors regular

    Nov 19, 2002
    Microsoft issues both regular security updates and out-of-cycle updates. What are you talking about?

    True, it's not nearly fast enough for the amount of attacks. Not that admins could easily deploy to thousands of PCs any faster in a company.
  17. macrumors 68040


    Sep 13, 2003
    Its not so much where you are as when you are.
    From the sound of these comments it seems that the trojan only affects machines that run 10 and have classic available?

    That means that once classic goes away this won't be a threat?

    Since classic is no longer a standard install this is a much smaller threat than it seems?
  18. macrumors 6502a


    Jul 10, 2001
    I think the issue is that the Finder misrepresents the file as an MP3 when in fact it's an executable. The problem arises from Mac OS X's halfway-house between OS 9 style File Type & Creator Codes and OS X style document extensions.

    With Windows and Linux it's clearer what is executable and what's not. Since OS X has to provide backwards compatibility to OS 9, this one may be tricky for Apple to solve.
  19. macrumors 65816


    Apr 25, 2002
    Seattle, WA
    Did you all see this from the article:
  20. macrumors 68000


    Jan 6, 2004
    Cape Cod

    At least Apple is willing to acccept the fact the there could be a trojan and are going to try to investigate, unlike M$, they just deny it or give excuses.....
  21. macrumors 68020

    Jul 3, 2003
    Exactly what I was about to mention. It really isn't a big deal, but since the problem basically is a security hole in iTunes (that didn't exist in iTunes 3 according to the last message in this Google thread. ) that seems very fixable.
  22. macrumors regular

    Jan 12, 2004
    They have yet to say if anything malicious can come of this PROOF OF CONECEPT TROJAN.

    And as symantec said its not out in the wild.

    If its bad apple will fix it. If its nothing then intego has got problems coming there way.
  23. macrumors 6502

    Jan 19, 2002
    ahh, so that's what the security update was for. that was quick and easy.
  24. macrumors regular

    Apr 6, 2004
    remember that macos is unix, and unix has trojans.

    there's lots of trojans for unix that exploit the fact that you may have "." in your path, so put a file called "ls" in your path that does some nasty stuff then runs the real "ls" command, plunk it in the home dir of some user, and woosh. if it happens to root, you're screwed. but unix admins know that trick all too well and it's a known fact NEVER to put . in your path.

    the problem here, is that many apple users have no experience with unix (most mac users i know were stunned to see me open up 'terminal', they had no idea what it was). so a lot of the old unix tricks might pop up. rm -rf anyone?

    this says nothing about macos really, it's just the nature of computers and operating systems, as well as people having accounts that allow administrator access. one unix rule is don't log in as root unless you have to.

    i can imagine mac people cringing thinking 'this is the end', but unix variants have faced this stuff for over 30 years and they're still considered rock solid and low risk.
  25. macrumors 68040


    Jun 23, 2003
    Washington, DC
    OS X still has a filetyping scheme that is less than stellar; I hate that the Creator App is still the default behavior in OS X. BeOS stands as having both the best filesystem and filetyping setup that I've seen yet. I'm hoping Apple rips it off for 10.4 or 10.5.

    Basically, BeOS would use MIME types to identify files, for instance if they were downloaded from the web. If there was no MIME type already defined, it would look at extension and associate it that way. If there was no extension, it would actually read the first bit of the file and see if that would allow it to determine what type of file it was looking at.

    If Apple would do that, with the "Created by" field in there someplace in the hierarchy, maybe even make the hierarchy user-definable, I'd be in heaven.

    Well, once that was married to a new version of HFS w/ always-on indexing, extensible (and indexed!) meta-data, and real-time queries of an incredibly configurable nature. 10.3 is a step in the right direction, but there's some underlying devices that need to appear first.


Share This Page