New 'Yontoo' Adware Trojan Targets Major Browsers on OS X

[samcraig]

"can EVER" would be the key as it speaks to possibilities in the future.

"asking 'May I install this app please?'" did not apply to your example in the sense that you would had to have specifically sought out the app.
"and allowing the user click 'Yes'" must be followed by a password.

Oh sorry. I didn't realize we were going to split hairs. Nahhhhh just kidding BaldiMac - totally knew you were going to!

Whether it's the same exact scenario or not - the simple fact is (and something some are in denial about) is that operating systems are vulnerable - no matter who makes them.

 

[BaldiMac]

Whether it's the same exact scenario or not - the simple fact is (and something some are in denial about) is that operating systems are vulnerable - no matter who makes them.

Sure. But we weren't talking about vulnerabilities in general. My point was that iOS security model addresses the exact scenario that the poster was referring to.

 

[Renzatic]

My parents have in the past, and will today press the continue button or the install button, they can't differentiate between what's legit software and what's a trojan.

You can always do what I did, and drill the point home by scaring the hell out of your mom and dad about the horrors of the internet. It's worked pretty well for me. In the 5 years mom's been using her laptop, I've only had to deal with a couple of weird issues.

Though it does have it's downsides. Like the other day this Chrome plugin updated, and would automatically send people to their website to inform everyone of the fact. Of course I immediately get a phonecall from mom, with her screaming "what's smooth gestures? I didn't go there, but it went there anyway. I don't even know what it is. Do they have my credit card now? Are they buying illegal drugs using my name"?

Yes, mom. They are. And probably Singaporean ping pong porn, too. You got sloppy, and now you have to pay the price. I'll come visit you in the poor house.

 

[samcraig]

You can always do what I did, and drill the point home by scaring the hell out of your mom and dad about the horrors of the internet. It's worked pretty well for me. In the 5 years mom's been using her laptop, I've only had to deal with a couple of weird issues.

Though it does have it's downsides. Like the other day this Chrome plugin updated, and would automatically send people to their website to inform everyone of the fact. Of course I immediately get a phonecall from mom, with her screaming "what's smooth gestures? I didn't go there, but it went there anyway. I don't even know what it is. Do they have my credit card now? Are they buying illegal drugs using my name"?

Yes, mom. They are. And probably Singaporean ping pong porn, too. You got sloppy, and now you have to pay the price. I'll come visit you in the poor house.

Your mom sounds a lot like Kathy Bates in Misery (at least in my head)

 

[Renzatic]

Your mom sounds a lot like Kathy Bates in Misery (at least in my head)

Nah. Mom's crazy, but it's an entertaining way, not a scary one.

 

[bbeagle]

I love the "you just don't get it" responses. It's like an instant win button for the internet. You don't have to supply a counterpoint, bring up any pertinent information, do any research. You just go "FOOL! YOU FAIL TO GRASP THE MEANING OF MY WORDS! LIVE IN IGNORANCE! ...olol", then pat yourself on the back, and scootch on out.

And you keep relying on the old standby: 'Mac OS X' is insecure, just because I say it is, even though the stats don't back me up. And the stats don't back me up because Mac OS X has such a low market share, yeah, that's it. Wait until the get a bigger market share. Oh, here now is an article about a user error, but I'll attribute this to an OS problem, because that's what I continue to believe, despite anything to back me up.

Let's play your game. Show me a hole in Mac OS X, where someone can compromise the Mac without touching it, with it just being connected to the internet. For every one of those, I'll show you 10 for Windows. Oh, and don't go back to your old standby, 'low market share'.

 

[Renzatic]

And you keep relying on the old standby: 'Mac OS X' is insecure, just because I say it is, even though the stats don't back me up.

I never said OSX is insecure. Rather, it's not as secure as you think it is. And stats? You got a guy just a couple pages back that posted an article talking about a Mac botnet that's been running for a bit.

Windows and OSX are about on par securitywise in this day and age. Most every argument you see stating otherwise are mostly based upon XP, which...yeah. It was terrible. Everyone was an administrator, and anything could be installed behind the scenes without explicit permission from the user. While there are elevation exploits on Vista/7/8, they're a rare thing more often than not, and happen roughly about as often as they do on the 'nix OSes.

 

[samcraig]

I never said OSX is insecure. Rather, it's not as secure as you think it is. And stats? You got a guy just a couple pages back that posted an article talking about a Mac botnet that's been running for a bit.

Windows and OSX are about on par securitywise in this day and age. Most every argument you see stating otherwise are mostly based upon XP, which...yeah. It was terrible. Everyone was an administrator, and anything could be installed behind the scenes without explicit permission from the user. While there are elevation exploits on Vista/7/8, they're a rare thing more often than not, and happen roughly about as often as they do on the 'nix OSes.

And this is why I refuse to give a red cent to Apple or Microsoft. I am happily posting this on either my Atari 800 or TRS-80 (depending if I am at work or at home) via my 300 baud modem!

 

[Renzatic]

And this is why I refuse to give a red cent to Apple or Microsoft. I am happily posting this on either my Atari 800 or TRS-80 (depending if I am at work or at home) via my 300 baud modem!

An Atari800? What are you? Poor? I'm ripping up the asphalt on the information superhighway with an 800XL.

It's so rad.

 

[samcraig]

An Atari800? What are you? Poor? I'm ripping up the asphalt on the information superhighway with an 800XL.

It's so rad.

Well I have the 130xe - but it's still mint in the box. I'm waiting for ebay to recognize the museum piece it is so I can retire

 

[bbeagle]

While there are elevation exploits on Vista/7/8, they're a rare thing more often than not, and happen roughly about as often as they do on the 'nix OSes.

You do realize that OS X is Unix, right?

 

[Renzatic]

The 130xe? You mean your wannabe ST? Pffttt. Ain't worth nothin.

----------

You do realize that OS X is Unix, right?

 

[bbeagle]

I am happily posting this on either my Atari 800 or TRS-80 (depending if I am at work or at home) via my 300 baud modem!

Don't use AOL, I beg you! Only use local BBSes to post through. You might have to wait until after 11pm to sign on those, though.

 

[HenryDJP]

And you keep relying on the old standby: 'Mac OS X' is insecure, just because I say it is, even though the stats don't back me up. And the stats don't back me up because Mac OS X has such a low market share, yeah, that's it. Wait until the get a bigger market share. Oh, here now is an article about a user error, but I'll attribute this to an OS problem, because that's what I continue to believe, despite anything to back me up.

Let's play your game. Show me a hole in Mac OS X, where someone can compromise the Mac without touching it, with it just being connected to the internet. For every one of those, I'll show you 10 for Windows. Oh, and don't go back to your old standby, 'low market share'.

Here here!! 10 Chars!

 

[JosephAW]

Is the code universal or i386?

If it's only i386 code then I don't have to worry about this. My Dual 2.7 G5 runs fine without plugins anyway with it's own variation of FF 19.

 

[Amazing Iceman]

If you're on XP, maybe. The later OSes? Not so much.

True, but still risky.

The problem is that no matter how secure the computer is, if the user gets fooled, the hack succeeds.

 

[Renzatic]

True, but still risky.

Eh. Not really. In all the years I've been using Windows, I've only caught a virus once. Like someone else said previously, as long as you keep everything up to date and don't download anything suspicious, you're pretty well and good.

Not perfectly secure, as nothing's 100% foolproof, but you're no worse off than you would be on any other OS.

The problem is that no matter how secure the computer is, if the user gets fooled, the hack succeeds.

That's the basic truth of the whole argument. No matter which OS you're using, no matter how many malware scanners you've got running, if you let something in, it's in. These days, drive by infections are the rare exception rather than the norm. They don't happen often at all on Windows, and only occasionally on OSX/Linux. You have to be tricked to get infected now.

 

[Amazing Iceman]

Eh. Not really. In all the years I've been using Windows, I've only caught a virus once. Like someone else said previously, as long as you keep everything up to date and don't download anything suspicious, you're pretty well and good.

Not perfectly secure, as nothing's 100% foolproof, but you're no worse off than you would be on any other OS.



That's the basic truth of the whole argument. No matter which OS you're using, no matter how many malware scanners you've got running, if you let something in, it's in. These days, drive by infections are the rare exception rather than the norm. They don't happen often at all on Windows, and only occasionally on OSX/Linux. You have to be tricked to get infected now.

We can say that, but regular 'dumb' users would easily fall for anything.
Anyway, after switching to MAC, my downtime has been minimal. I was getting tired of trying to work on my PC in the morning and something would have screwed up by itself. Very annoying.

 

[Renzatic]

We can say that, but regular 'dumb' users would easily fall for anything.

Yup, and there's not anything you can do about it except educate them.

Anyway, after switching to MAC, my downtime has been minimal. I was getting tired of trying to work on my PC in the morning and something would have screwed up by itself. Very annoying.

I think this is a YMMV type situation. The reason I've never switched to a Mac is because I've never had all that much trouble out of Windows. It does what it's supposed to do, and doesn't give me any trouble. The only reason why I'm considering a switch now is because the new iMacs are pretty nice, and I kinda want a change of scenery (also the iPad and iPhone have kinda got me all halo effected).

 

[TheHateMachine]

Eh. Not really. In all the years I've been using Windows, I've only caught a virus once. Like someone else said previously, as long as you keep everything up to date and don't download anything suspicious, you're pretty well and good.

Not perfectly secure, as nothing's 100% foolproof, but you're no worse off than you would be on any other OS.



That's the basic truth of the whole argument. No matter which OS you're using, no matter how many malware scanners you've got running, if you let something in, it's in. These days, drive by infections are the rare exception rather than the norm. They don't happen often at all on Windows, and only occasionally on OSX/Linux. You have to be tricked to get infected now.

Yea, a lot of people just cling to the days of XP when discussing Window's vulnerabilities. Even though most of the share seems to be XP to this day, those are typically business machines with non administrator users on locked down machines via policies. They can't install anything anyways. This day an age you only really get hit by stuff when you are tricked into installing it yourself. Malicious software is almost nearly 100% social engineering these days. I have personally only ever received one Virus and it was back in 98 through an IE Java exploit. I also administer a lot of XP Machines and from both of my hospitals I have yet to get one machine infected with malware or terrible software. However Physician offices have this problem but they do not run the same image and the users tend to have much more power and install every damn toolbar that comes across their path.

 

[Amazing Iceman]

Yup, and there's not anything you can do about it except educate them.



I think this is a YMMV type situation. The reason I've never switched to a Mac is because I've never had all that much trouble out of Windows. It does what it's supposed to do, and doesn't give me any trouble. The only reason why I'm considering a switch now is because the new iMacs are pretty nice, and I kinda want a change of scenery (also the iPad and iPhone have kinda got me all halo effected).

There's more to it than just that. I used to hate MACs before... And very badly!

 

[macintoshi]

I'd say they're about equal these days, with maybe a slight advantage to Macs. Malware like this hit almost the exact same type of exploits on OSX as they do on Windows. It's not just you connect to the internet, and you've got a virus these days. They'll find a way to crawl through an opening in a 3rd party program. And unless Apple goes 100% iOS style sandboxing, this will always be a weakness.

Yes and probably this is what they want, apple forces hackers todo this to scary people, so they can say, we had a reason todo so lazic.

 

[MacDav]

If it's only i386 code then I don't have to worry about this. My Dual 2.7 G5 runs fine without plugins anyway with it's own variation of FF 19.

Yeah, just stick with your G5 until you die. No problem.

----------

Yes and probably this is what they want, apple forces hackers todo this to scary people, so they can say, we had a reason todo so lazic.

What?

 

[Renzatic]

What?

I think he's saying that Apple wants hackers to exploit free standing 3rd party software so they'll have an excuse to force everyone into the sandboxed Mac App Store.

And I think Apple knows enough to realize doing so would be the death knell of OSX.

 

[MacDav]

True, but still risky.

The problem is that no matter how secure the computer is, if the user gets fooled, the hack succeeds.

Little Snitch works great. Even if I got real dumb one day and installed "Twit Tube", Little Snitch would alert me the first time it tried to connect to an outside server. "Twit Tube wants to connect to the server xxx" Allow? Yes, No. Well it's a tough decision but I'll say no.