I found another example of Windows malware that uses privilege escalation.
http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html
Interestingly, privilege escalation is achieved via exploiting a previously patched exploit using code from an exploit database website.
The following condenses the information from one of my previous posts:
When comparing OS X to Windows in relation to privilege escalation through roughly the last 10 years, you have to include the factor that remote vulnerabilities provide system level access in Windows XP admin accounts. Many users run admin accounts in Windows XP for day to day computing. With this factored into the comparison, the number of privilege escalation vulnerabilities in Windows dwarfs that of OS X.
When comparing only the most recent releases of these OSs, Mac OS X Snow Leopard only has 4 privilege escalation vulnerabilities while Windows 7 has 58. Only 2 of these Mac vulnerabilities would have provided system level access if successfully exploited. At least 47 of these Windows 7 vulnerabilities are related to exploits in the wild or publicly available proof of concepts that provided system level access via exploitation. One of these Windows win32k.sys vulnerabilities is public and unpatched for 287 days as of today.
http://www.vupen.com/english/zerodays/
I think there should be some kind of extra protection in OS X to fight against such malware/spyware crap.
There already is that extra protection via XProtect built in to SL. But, like any antivirus software it is not 100% effective.
Also, relying on software leads to complacency. This is dangerous given that any software that provides this type of function, such as AV, is never 100% protection.
If you do want to rely on software, I recommend using ClamXav. It is updated more frequently than XProtect and detects threats for Windows as well. But, I don't recommend relying on software. See the links in my sig for more details.
It's not the users fault for the most part as I have understood that you can easily get this malware without violating any safe practices.
You have to enter your password into an installer that was automatically downloaded from the Internet after being redirected to a FUD website. Users should know that they shouldn't authenticate anything that is automatically downloaded in that manner.
Microsoft uses signed drivers, etc. to make sure you don't have some hacked driver in the field that's really screwing your computer up; I don't see anything like that on the Mac, but then there aren't a lot of 3rd party drivers floating around either.
True, Apple stays in house for the most part in relation to drivers. Regardless of a driver being signed or not, the needed capacity for components to hook into each other leaves open the ability for malware to hook into preexisting drivers. The only protection from malware doing this is a good implementation of DAC, which is disabled in Windows XP admin accounts.
Also, Apple installers verify MD5 checksums to make sure the data for updates has not been altered. I suspect this is true of any OS. I also suspect this is true for Adobe's update installer. Even the Sparkle framework, the free software update system that is used in most third party software for Macs, verifies MD5 checksums before completing installation.
