Looming threat of viruses

Discussion in 'macOS' started by novicew, Feb 19, 2006.

  1. novicew macrumors member


    Jan 4, 2006
    I have added some interesting links in my blog for those who are interested in mac security .

    Happy reading!

    Before you read any further you may read this article.
  2. stridey macrumors 65816


    Jan 21, 2005
    Massachusetts, Connecticut
    First off, Leap-A is a trojan. Not a virus. Second off, it doesn't target Intel, so Intel PPC has nothing to do with this. At all.
  3. novicew thread starter macrumors member


    Jan 4, 2006
    I know that certain ppl call it a trojan because it doesn't selfpropergate . But my sources of information are macworld and BBC. If you carefully read the comment by Sopho, ("Anti-virus software maker Sophos takes issue with this description, claiming this is the “first ever virus for Mac OS X.") you will know what I mean.

    Second off, I never claimed that this purticular virus/trojan is targeted at intel. It was my prediction about the future tendency.

    Sorry for the misunderstanding.
  4. DaftUnion macrumors 6502a


    Feb 22, 2005
    What is a virus?
    A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user.

    What is a Trojan horse?
    Trojan Horses are impostors--files that claim to be something desirable but, in fact, are malicious.

    from www.symantec.com

    It's a t-r-o-j-a-n...there still are no viruses for Mac OS X:rolleyes:
  5. PlaceofDis macrumors Core

    Jan 6, 2004
    the architecture (ie Intel or PPC) doesn't make a difference when making a virus. i virus is software-based code. its knowing Windows vs. OS X vulnerabilities that is the difference, and how to exploit them. the switch to Intel makes no difference.
  6. trainguy77 macrumors 68040

    Nov 13, 2003
    "looming threat of viruses" I don't think so....
    This has been exaggerated out of proportion.
    and as PlaceofDis said it has nothing at all to do with the architecture.
  7. novicew thread starter macrumors member


    Jan 4, 2006
    I think it does. Imagine if you install a Virtual PC running windows on an intel based Mac. If the Windows system become infected by a virus, it's propergation can be easily executed if you have only one platform. As the hackers have more access to intel based processor information their workload will be less.

    Some more facts.

    By the way, I don't believe the threat is comparable with Windows but it will be significantly higher than a PPC based system. That's what I think.
  8. dukebound85 macrumors P6


    Jul 17, 2005
    5045 feet above sea level
    Um viruses/trojans/worms are for software not hardware. It's just a coincidence that it came out with the intel switch. Please explain how the chip makes a difference.....it doesn't. I could have a intel chip with no os on it and guess what I would have no virus. All about the code which is specific to the os
  9. frankblundt macrumors 65816


    Sep 19, 2005
    South of the border
    There is no "looming threat".

    This is alarmist, upsetting twaddle that will unnecessarily frighten the ill-informed and the insecure, while failing to provide sufficient straightforward information to allow them to help diminish their (already well-known) vulnerability.

    For the tech-savvy it contains so many half-truths, omissions and plain pointless speculation as to be annoying and so little of actual substance as to achieve anything.

    And that's just the title.

    Please cease and desist. This is helping no one.
  10. trainguy77 macrumors 68040

    Nov 13, 2003
    O my. I don't know what to say. I am sorry to tell you but THERE IS VIRTUAL PC FOR PPC ONLY, it does not exist yet for intel. Second any virus designed for XP in a x86 will also run in virtual PC for PPC. Same code different architecture. Explain this one please?
  11. eva01 macrumors 601


    Feb 22, 2005
    Gah! Plymouth
    Some people just shouldn't be allowed to write on the internet about things they know absolutely nothing about.

    This is just disgusting that you don't know that the architecture differences means nothing to viruses
  12. Oryan macrumors 6502a


    Apr 1, 2005
    Lincoln, NE
    Some things I've noticed:

    A) News people tend to oversenationalize their tech stories.

    B) Anti-virus companies jump on every oportunity to sell their products.

    So, do you think your sources could be a little biased?
  13. iMeowbot macrumors G3


    Aug 30, 2003
    Right. To illustrate, I was playing around with this and can get a perfectly good OS X virus going using Python or Perl. App bundles make this really easy. The only place where a small universal binary might be helpful is in the form of a tiny setuid helper app, to eliminate the dependency on the default admin user situation. It would be trivial to integrate this into a widely distributed warez installer or drag-to-install program (say, a prerelease version of some Google product) and spread the love.
  14. iBlue macrumors Core


    Mar 17, 2005
    London, England
    what you may call fact, most might call poppycock.
  15. gekko513 macrumors 603


    Oct 16, 2003
    Well actually it does make a difference if it's PowerPC or Intel if we're talking about viruses that overrun the buffer, corrupt the heap or exploit similar low-level vulnerabilities in buggy software.

    The differences aren't huge, but they could make a difference. The PowerPCs separate data and instruction cache is an additional obstactle that the attacker has to get past in a buffer overrun situation.

    Then it's sometimes important for the attacker to be able to write meaningful machine instruction without using forbidden string character. The forbidden characters will depend on the protocol. Since the machine instructions are different between PowerPC and Intel, this may be easier or more difficult. I'm not sure which.

    The PowerPC has no one byte machine codes, and the machine codes need to be aligned. That can make it difficult to reliably execute malicious virus code.

    I would also guess that the difference in function calls and other details between the two architectures can make it more difficult or easier to for example jump to the malicious code that the attacker wants to execute.

    For trojans and worms that don't exploit any low-level vulnerabilities, the architechture doesn't make a difference. That's true.
  16. MacSA macrumors 68000


    Jun 4, 2003
    I can't believe how excited Sophos are geting over this.......
  17. Applespider macrumors G4


    Jan 20, 2004
    looking through rose-tinted spectacles...
    I can... they're rubbing their dirty little hands in anticipation of the increased cash revenue that they might manage to get their hands on.

    Sophos aren't too bad actually - although I thought they only did AV for businesses rather than individuals? It's Intego and Symantec that usually spread the FUD
  18. gekko513 macrumors 603


    Oct 16, 2003
    Of course they're exited. They might sell lots of additional antivirus software licenses if they hype this enough. :rolleyes: ;)

    Edit: Applespider beat me to it. As for the AV for businesses only. I suppose businesses are equally susceptible to FUD as individuals.
  19. Timepass macrumors 65816

    Jan 4, 2005

    Minus the fact that intel I believe has put in a hardware side way of protecting agaist that and preventing it from happening. I know for a fact the AMD chips that run on socket 754 and above have that procetion built in hardware side and that was over 2 years ago and I rememeber intel stating they where planning on putting that in there chips as well. I think in 2 years they would of finished that. The chips them selves do not allow that to happen so buffer over run is no longer a problem. So that stupid little fear can go way. The chip set up does not make a diffence to a virus, trojin or any thing else.

    Also you all are spliting hairs over the trojin not being a virus. I have a feeling if a worm gets out on a mac you all will make the agrument that it a worm not a virus. Less then 2% of all new virus/worms/trojins that come out each year a true viruses. Vaste majority are Trojins, followed by worms and then in that very very distance 3rd is viruses. I think facts should just be facts that weakness in the OS are starting to be found. Trojins being the easies, Besides it so much easier to just work with user stupidity that get stuff working over the internet or other ways.
  20. gekko513 macrumors 603


    Oct 16, 2003
    The NX bit adds an additional layer of protection, but there are several pieces in the system that has to work together to make it work. For one thing the OS needs to support it. If you read more about it you may be surprised. It doesn't mean an end to buffer overruns. It's just another hurdle in the way of the attacker.

    Anandtech has something to say about it.
  21. whooleytoo macrumors 603


    Aug 2, 2002
    Cork, Ireland.
    Once you've downloaded and opened the file, it will infect other applications (thus altering the way the computer operates, without the consent of the user).

    However, that's an unusual definition of a virus - typically a virus is defined as a piece of malware which attempts to propagate/self-replicate, but requires user interaction (launch an infected application/open an email attachment etc.) to do so.

    This is both a trojan and a virus. It was initially distributed as a Trojan, and then once upon victim's Macs, would then attempt to propagate as a virus; both to other applications on the user's Mac and to other Macs via iChat.

Share This Page