Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
It's more like we're talking generic terms, and you're splitting hairs. Viruses per the classical term are practically nonexistent now.

Well, your instructor apparently taught you this generic use of "virus", but, it is not correct. Sorry. Correct usage does matter in this case. This is not splitting hairs.

They're nigh impossible to get on OSX, and don't show up all that often (if at all) on modern Windows machines. But the term has stuck around, and has more or less become a blanket statement for any type of malicious piece of software designed to screw over you or your computer nowadays.

There are O(1000000) Windows viruses still in the wild. You are correct that (up-to-date, patched) Vista/Win7 don't get them. If only we could kill off all previous versions of Windows before I die ...

You know what form most bugs take these days? Socially engineered malware. They don't actually exploit any OS weakness. No. They go after the weakest link of security of any computer: the user. I mean why spend all this time trying to find a hole in an operating system, then spend even more time finding another when it's eventually closed when it's so much easier to scare the hell out of someone and trick them into installing the ... malware themselves?

... But you do want to target the largest demographic most likely to install it. Right now, it's Windows. Macs users are more the enthusiast types, and are more likely to know better. Windows, by dint of market share, is more likely to be used by people who aren't quite as comfortable with their machines, and are thus more likely to grab something they shouldn't, and freak out over a popup saying they're infected with a virus.

Agree 100% that for Vista/Win7 systems, more modern approaches are much more effective.

Now if you were a malware manufacturer, which platform would you prefer to take advantage of? The OS with the smaller market share, used mostly by professionals and enthusiasts, or the OS most commonly used by millions of gullible grandmas?

And if Macs are selling a million a month, do you think all those sales are to professionals and enthusiasts?

Ultimately, what you'd have is the Windows malware scene, transplanted to OSX. It's all about who's using what the most. Malware programmers don't give a damn about which OS is better. They don't argue about it. They don't care. What they do care about are credit cards and exploitable email addresses. And they're going to go where the action is.

Course it isn't all doom and gloom. If Apple were to sale a billion iMacs tomorrow, the Apple scene wouldn't suddenly turn into a stark wasteland of malware, requiring you to repair you OS install every other day. Ultimately, things wouldn't be much different for most of us here, besides getting updates a little more often than what you used to. What you would have is a bunch of moms and dads running en masse to the Apple store, cuz they all want to know why Buddy Bear The Freeware Game Genius is sending midget porno to grandma and asking for their social security number to make it stop.

Yes and no. Recently it has gotten much more difficult to attack kernels, whether Linux, OS X, or Windows (Vista/7). That is why browsers, PDF and Flash are so inviting, even if they "only" attack user space. Especially if you are mainly looking for user data (Quicken data, credit cards, etc) anyway. This is where the next level of protection, sandboxing, will help somewhat. Some forms of phishing will never go away.

But, at this point, there is no known method by which OS X and/or Win7 will become like the "stark wasteland" that Windows (XP and older) has been.
 
Last edited:
Once people lose the ability to tell the difference between Trojans and Viruses, Apple becomes justified in removing the ability from users to install apps from outside of the curated App Store.

We all know it's coming. Both Apple and MS are laying the foundations today. MS is taking an active lead in this with Windows 8. Apps using the new Windows Metro UI are only allowed via their App Store.
 
Especially if you are mainly looking for user data (Quicken data, credit cards, etc) anyway. This is where the next level of protection, sandboxing, will help somewhat. Some forms of phishing will never go away.

Quicken data has the option to be encrypted and that type of data should be encrypted. Most financial apps have the option.

Or, users can do it themselves using encrypted sparse bundle disk images via Disk Utility in OS X.

But, many users don't encrypt this data. So, why isn't this user data targeted more often by malware?

The malware developers sell the credit card info in bulk (bundle of 50) for on average 50 cents per set of credit card info. So, malware has to gather this info in high volumes to be profitable relative to the costs of producing the malware.

The malware developers also have overhead to their activities, such as bandwidth costs and time to data mine the collected data. Also, not all users have this type of software to target so the return on the time invested in development is lost due not all targets using the software. Bandwidth overhead and data mining time per target only becomes greater if the attacker discriminates less in the files that are collected.

The effectiveness of high volume simple phishing emails and other phishing scams makes the investment in malware that targets user data not cost effective.

Malware targeting user data files isn't even common in Windows. This type of malware is typically used to gather intellectual property from corporate or government targets.

When malware is used, credit card numbers are typically collected via auto mass malware that includes a keylogger or scrapes the data out of protected storage. This is because the data mining is done on the target machine with much smaller data files being sent to the attacker and the method will be productive on most infected targets because it doesn't rely on any specific software being present on the target computer.

Keyloggers that are able to collect protected data entry, such as masked passwords (online banking password) and masked text fields (credit card field in web forms), require system-level access to install.

Protected storage in OS X is actually protected given keychain entries include ACLs and non-default keychains can be protected even if the attacker achieves system-level access.

Protected storage in Windows doesn't include ACLs so any app can access the storage of other apps. Protected storage in Windows doesn't allow the extension of security provided by keychains in OS X either.

Sandboxing doesn't provide any protection from trojans. Sandboxing works against malware that uses exploitation rather than social engineering.

But, at this point, there is no known method by which OS X and/or Win7 will become like the "stark wasteland" that Windows (XP and older) has been.

Methods are known for both Windows 7 and Windows 8.

http://vulnfactory.org/blog/2011/09/21/defeating-windows-8-rop-mitigation/

It is rare to see these methods used in malware in the wild targeting fully patched systems but it does occur.
 
Last edited:
At its core, the "App Store" idea is a great one, as it gives customers a verified source to install their Applications from. Of course this does not give you a 100% guarantee that the program does not contain malicious code, as it has been proofed several times on the iPhone, but its a step in the right direction.

I´m fine with it as long as my computer can still install any other Application from the Internet or from any other source I choose. This is what defines a computer, right? Doing what I want it to do. This being said, I would not want to be limited to the store. If Apple takes this direction, I´d stop buying Macs all together and instead switch to Linux.
 
Last edited:
Does Apple shipping Macs without Flash preinstalled help this type of Malware to propagate? If I was an uninformed user and I wanted to watch a Flash video I would just click install, not thinking about the website Im watching it on.

Seems like a flaw in Apple's logic here.
 
At its core, the "App Store" idea is a great one...
I´m fine with it as long as my computer can still install any other Application from the Internet or from any other source I choose...
That's the kicker. As fear of Trojans increase, consumers will demand more protection. Trojans are not a technology issue, they are a user issue. The user is explicitly asking the OS to allow the Trojan rights to infect the machine. By their very nature, the only way to prevent Trojans is to remove the users right to install arbitrary apps.
I agree that it is disappointing, but I fully believe that companies like Apple and MS will use the threat of Trojans to push an agenda where the only means of application distribution is via their curated store.

Does Apple shipping Macs without Flash preinstalled help this type of Malware to propagate?...
Probably not. The key is to prey upon uninformed users. A malicious site will just claim that Flash needs to be installed, whether or not it is already there.
Also Apple is taking the right approach by removing Flash from the base install. The distribution of the OS quickly gets out of date and new installs will deploy with know vulnerabilities. Adobe has chastised Apple for this in the past. This is right for Apple, Adobe or their users.
 
At its core, the "App Store" idea is a great one, as it gives customers a verified source to install their Applications from. Of course this does not give you a 100% guarantee that the program does not contain malicious code, as it has been proofed several times on the iPhone, but its a step in the right direction.

It should be noted that none of the apps in the iOS app store that contained unauthorized or controversial functions were malicious in nature.

But, those apps do show the potential that something might slip through Apple's approval process.

Despite that curated repositories are much better sources to get software than other methods.
 
It should be noted that none of the apps in the iOS app store that contained unauthorized or controversial functions were malicious in nature.

That's not entirely true. A few apps have been pulled for collecting passwords and personal data from minors. Fortunately the apps where pulled and the offenders were identified and banned.
 
That's not entirely true. A few apps have been pulled for collecting passwords and personal data from minors. Fortunately the apps where pulled and the offenders were identified and banned.

What apps?

I know of the one that collected the app specific 4 digit passwords for the purpose of gathering data on 4 digit password trends but the passwords the app collected weren't used for anything malicious and the premise of the research is pointless given that this information is already known. This was a blatant attention grab.

Gathering personal data from minors is an oversight of the app developer but it doesn't mean that the intent of the app was to be malicious.

No apps have been released on the iOS app store that attempt to collect online banking data or compromise online accounts, such as email, for the purpose of resetting other account passwords or sending spam.
 
No apps have been released on the iOS app store that attempt to collect online banking data or compromise online accounts, such as email, for the purpose of resetting other account passwords or sending spam.
I agree that these apps were not a real threat to anybody, since the developers did not have malicious intent. However this type of data collection can be used maliciously. These violations show that such apps can and have been made and distributed over the App Store.
 
It's ironic that people believe dOoBiX's and even cnet's post. This is exactly how you get trojans in the first place. Neither of these things would be hard to fake at all!

I'd certainly be down with a walled garden as long as apple ate the cost or did something to support freeware developers.
 
I'd certainly be down with a walled garden as long as apple ate the cost or did something to support freeware developers.

What else can they do? XCode is free, Dev registration is cheap, App distribution is free. Apple is already subsidizing a lot. The biggest issue with OOS on the App Store is the GNU license. Apple can't fix that.

Still, I don't want to see a walled garden on the Mac.
 
Anybody notice when XProtect was updated to include a definition for the FlashBack trojan?

Screen Shot 2011-10-05 at 1.43.13 PM.png
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.