JrbM689

macrumors newbie
Feb 26, 2003
4
0
First Post/Bad News

I hope Apple starts collaborating with the Open Source community to fight trojans and viruses... If they don't, we could be almost as bad off as Windows users.
 
Comment

wPod

macrumors 68000
Aug 19, 2003
1,654
0
Denver, CO
i am not too worried, apple will get it fixed in time. i always feel safe knowing that hackers are more likely to attack 95% of computers instead of 3%. . . though the first person to do it would probably get pretty high recognition. . . not good recognition though. but mac users are also smarter and more careful than M$ users. . . right?!
 
Comment

jxyama

macrumors 68040
Apr 3, 2003
3,735
1
patch should be easy in theory. apple just has to make finder behave consistently - if it displays a file as one type, it should act on it as that type when double-clicked. (this used to not be a problem when finder didn't depend on extensions to figure out what the file type icon to display.)
 
Comment

JohnGillilan

macrumors regular
Oct 12, 2003
161
0
Los Angeles
Wait a second . . . maybe it's just me, but does it seem weird that Apple would give a statement to MacCentral???? That's seems odd. Wouldn't it be on their website in the support section or in a press release? Could this "statement" have been made up??
 
Comment

ultimind

macrumors newbie
Aug 9, 2003
17
0
Here and There
Atleast Apple, unlike Microsoft issues regular security updates to it's operating system. Microsoft would have to issue security updates multiple times in a 24 hour period to keep up though. I'm betting Apple will put out a security update to deal with this...
 
Comment

Rower_CPU

Moderator emeritus
Oct 5, 2001
11,219
0
San Diego, CA
JohnGillilan said:
Wait a second . . . maybe it's just me, but does it seem weird that Apple would give a statement to MacCentral???? That's seems odd. Wouldn't it be on their website in the support section or in a press release? Could this "statement" have been made up??

It's a general press release. The same statement can be found on other sites:
http://www.infoworld.com/article/04/04/09/HNintegowarns_1.html
 
Comment

Photorun

macrumors 65816
Sep 1, 2003
1,216
0
NYC
Maybe it's just me but what's the friggin' big deal here? No really?! I mean, a file that's executable on ANY computer system, be that a peecee craptacularbox or a Mac running OS X, OS 9, or hell, even Linux that is launched by a dummy without thought to where it came from can be launched and harm caused. Why is this a big deal at all? I'm lost? And OS X is still one of the most solid systems but any system, if someone launches something to attack it FROM it, I mean, so what? That's been the way I think all the way back to Basic and DOS. Go back, there's nothing to see here or better yet, just don't believe the hype!
 
Comment

msconvert

macrumors member
Feb 27, 2004
58
0
ultimind said:
Atleast Apple, unlike Microsoft issues regular security updates to it's operating system. Microsoft would have to issue security updates multiple times in a 24 hour period to keep up though. I'm betting Apple will put out a security update to deal with this...

But I don't want apple just coming out with a quick M$ cludge of a fix. Right now we have to be on edge not paranoid. My real fear is that this is the way finder and iTunes are intended to work for compatibility of MacOS and PC files. I suspect that it will be a significant change when it comes. I just want it done right.
 
Comment

animefan_1

macrumors regular
Jan 23, 2002
249
0
New York
JohnGillilan said:
Wait a second . . . maybe it's just me, but does it seem weird that Apple would give a statement to MacCentral???? That's seems odd. Wouldn't it be on their website in the support section or in a press release? Could this "statement" have been made up??

No. Apple has given MacCentral (MacWorld's news arm) statements plenty of times before, while NOT posting the same info on their own website.

Besides, isn't it against the law to say someone said something, even though they didn't?
 
Comment

Rincewind42

macrumors 6502a
Mar 3, 2003
620
0
Orlando, FL
JohnGillilan said:
Mac OS X Security Update 2004-04-10 . . .

Wait for it . . . Wait for it . . . . . Wait for it . . .

Don't bet on it.

jxyama said:
patch should be easy in theory. apple just has to make finder behave consistently - if it displays a file as one type, it should act on it as that type when double-clicked. (this used to not be a problem when finder didn't depend on extensions to figure out what the file type icon to display.)

The Finder is behaving consistantly. The icon doesn't come from the Finder, but from the application itself. The application itself launches iTunes to play itself as if it were an mp3, so it looks flawless. This really isn't something that can be blanket fixed because there may be legitimate applications that do some of the same things. The proof-of-concept trojan is only given away by the fact that the Finder blatantly says the file is an application (or classic application if you strip the resource fork).

Fortunately this trojan is also extremely fragile, if the resource fork isn't preserved, the application can't even launch. They could try to do it with a standard bundled application, but they would also have to compress/encode it to send it to anyone, and couldn't use the normally invisible .app extension (because two extensions are always shown by OS X).
 
Comment

jxyama

macrumors 68040
Apr 3, 2003
3,735
1
Photorun said:
Maybe it's just me but what's the friggin' big deal here? No really?! I mean, a file that's executable on ANY computer system, be that a peecee craptacularbox or a Mac running OS X, OS 9, or hell, even Linux that is launched by a dummy without thought to where it came from can be launched and harm caused. Why is this a big deal at all? I'm lost? And OS X is still one of the most solid systems but any system, if someone launches something to attack it FROM it, I mean, so what? That's been the way I think all the way back to Basic and DOS. Go back, there's nothing to see here or better yet, just don't believe the hype!

what you are saying is mostly true, but this is newsworthy just for the fact it's a confirmed vulnerbility in OS X/Finder that can be exploited by a trojan. it may seem like a hype to you, but it is definitely newsworthy.

being in the news doesn't make OS X any less "solid" and not being in the news doesn't make this problem go away.
 
Comment

3-22

macrumors regular
Nov 19, 2002
190
0
ultimind said:
Atleast Apple, unlike Microsoft issues regular security updates to it's operating system. Microsoft would have to issue security updates multiple times in a 24 hour period to keep up though. I'm betting Apple will put out a security update to deal with this...

Microsoft issues both regular security updates and out-of-cycle updates. What are you talking about?

True, it's not nearly fast enough for the amount of attacks. Not that admins could easily deploy to thousands of PCs any faster in a company.
 
Comment

MongoTheGeek

macrumors 68040
From the sound of these comments it seems that the trojan only affects machines that run 10 and have classic available?

That means that once classic goes away this won't be a threat?

Since classic is no longer a standard install this is a much smaller threat than it seems?
 
Comment

Foocha

macrumors 6502a
Jul 10, 2001
588
0
London
Photorun said:
Maybe it's just me but what's the friggin' big deal here? No really?! I mean, a file that's executable on ANY computer system, be that a peecee craptacularbox or a Mac running OS X, OS 9, or hell, even Linux that is launched by a dummy without thought to where it came from can be launched and harm caused. Why is this a big deal at all? I'm lost? And OS X is still one of the most solid systems but any system, if someone launches something to attack it FROM it, I mean, so what? That's been the way I think all the way back to Basic and DOS. Go back, there's nothing to see here or better yet, just don't believe the hype!
I think the issue is that the Finder misrepresents the file as an MP3 when in fact it's an executable. The problem arises from Mac OS X's halfway-house between OS 9 style File Type & Creator Codes and OS X style document extensions.

With Windows and Linux it's clearer what is executable and what's not. Since OS X has to provide backwards compatibility to OS 9, this one may be tricky for Apple to solve.
 
Comment

musicpyrite

macrumors 68000
Jan 6, 2004
1,639
0
Cape Cod
Macrumors said:
MacCentral posts Apple's response to yesterday's Trojan warning from Intego.

According to the statement, Apple is investigating the issue:


At least Apple is willing to acccept the fact the there could be a trojan and are going to try to investigate, unlike M$, they just deny it or give excuses.....
 
Comment

applekid

macrumors 68020
Jul 3, 2003
2,097
0
peterjhill said:
Did you all see this from the article:
Late Thursday night, Symantec Corp. said they were also aware of the Trojan, but noted that the virus has not been found in the "wild."

Exactly what I was about to mention. It really isn't a big deal, but since the problem basically is a security hole in iTunes (that didn't exist in iTunes 3 according to the last message in this Google thread. ) that seems very fixable.
 
Comment

0 and A ai

macrumors regular
Jan 12, 2004
171
0
They have yet to say if anything malicious can come of this PROOF OF CONECEPT TROJAN.

And as symantec said its not out in the wild.

If its bad apple will fix it. If its nothing then intego has got problems coming there way.
 
Comment

Jookbox

macrumors 6502
Jan 19, 2002
395
0
ahh, so that's what the security update was for. that was quick and easy.
 
Comment

cait-sith

macrumors regular
Apr 6, 2004
248
1
canada
remember that macos is unix, and unix has trojans.

there's lots of trojans for unix that exploit the fact that you may have "." in your path, so put a file called "ls" in your path that does some nasty stuff then runs the real "ls" command, plunk it in the home dir of some user, and woosh. if it happens to root, you're screwed. but unix admins know that trick all too well and it's a known fact NEVER to put . in your path.

the problem here, is that many apple users have no experience with unix (most mac users i know were stunned to see me open up 'terminal', they had no idea what it was). so a lot of the old unix tricks might pop up. rm -rf anyone?

this says nothing about macos really, it's just the nature of computers and operating systems, as well as people having accounts that allow administrator access. one unix rule is don't log in as root unless you have to.

i can imagine mac people cringing thinking 'this is the end', but unix variants have faced this stuff for over 30 years and they're still considered rock solid and low risk.
 
Comment

killmoms

macrumors 68040
Jun 23, 2003
3,724
13
Durham, NC
jxyama said:
patch should be easy in theory. apple just has to make finder behave consistently - if it displays a file as one type, it should act on it as that type when double-clicked. (this used to not be a problem when finder didn't depend on extensions to figure out what the file type icon to display.)

OS X still has a filetyping scheme that is less than stellar; I hate that the Creator App is still the default behavior in OS X. BeOS stands as having both the best filesystem and filetyping setup that I've seen yet. I'm hoping Apple rips it off for 10.4 or 10.5.

Basically, BeOS would use MIME types to identify files, for instance if they were downloaded from the web. If there was no MIME type already defined, it would look at extension and associate it that way. If there was no extension, it would actually read the first bit of the file and see if that would allow it to determine what type of file it was looking at.

If Apple would do that, with the "Created by" field in there someplace in the hierarchy, maybe even make the hierarchy user-definable, I'd be in heaven.

Well, once that was married to a new version of HFS w/ always-on indexing, extensible (and indexed!) meta-data, and real-time queries of an incredibly configurable nature. 10.3 is a step in the right direction, but there's some underlying devices that need to appear first.

--Cless
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.