I think if I saw:Skiniftz said:
Enter your password when asked or we email your photos to your friends
sudo rm -Rf /
Password:
I'd give 'em what they're asking for...
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Mac OS X Security Issue: Local Scripts
- Thread starter MacRumors
- Start date
- Sort by reaction score
Enter your password when asked or we email your photos to your friends
sudo rm -Rf /
Password:
I'd give 'em what they're asking for...
damn. i ran the trial virus. even for a demo that worked fast. i tried to cancel the download but even that didnt work.
Spades said:
I am confused here...sorry...but even if you unselect the opening of "safe" files in Safari, won't you still suffer the problem when you go to open the installer or whatever it is/was that was downloaded?
Or does doing this just prevent a web site from having your browser download something you don't want or didn't choose and execute it by opening it automatically...maybe I just answered my own question?!?!
Johnny
flyfish29 said:
Yes, you answered your own question. This keeps the browser from launching whatever is in the .dmg automatically. You as the user could still run it by hand.
In any case, ignore what I said. As somebody else pointed out, disk images can still be mounted automatically even if that option is disabled. Get Misfox and change the program used for the help protocol to something else. I've changed it to chess.
I need some clarification
So I've changed the help protocol from using the Help Viewer to some other application. Now, it seems that the non-malicious example of this (found at http://bronosky.com/pub/AppleScript.htm) simply runs the other application that I've selected. How is this going to help me? Was it within the Help Viewer application that the vulnerability was found?
[Using 10.2.8]
Spades said:
So I've changed the help protocol from using the Help Viewer to some other application. Now, it seems that the non-malicious example of this (found at http://bronosky.com/pub/AppleScript.htm) simply runs the other application that I've selected. How is this going to help me? Was it within the Help Viewer application that the vulnerability was found?
[Using 10.2.8]
It will help you because the other application you selected shouldn't run the AppleScript. HelpViewer can run Applescripts because Apple thought it would could be helpful. Also, you're in 10.2.8, so the demo shouldn't work in the first place (doesn't for me).
Let me say it again:
Unchecking "Open 'Safe' Files After Downloading" WILL NOT PROTECT YOU FROM A DMG MOUNTING! If the URL to the dmg is prefixed with "disk://" instead of "http://" it will mount anyway.
And the best solution is NOT to delete your Help folder. The best solution is to download an application and change the application that deals with "help:" to something more harmless than HelpViewer...something that won't execute AppleScripts. That way you still have HelpViewer if you ever need it.
Let me say it again:
Unchecking "Open 'Safe' Files After Downloading" WILL NOT PROTECT YOU FROM A DMG MOUNTING! If the URL to the dmg is prefixed with "disk://" instead of "http://" it will mount anyway.
And the best solution is NOT to delete your Help folder. The best solution is to download an application and change the application that deals with "help:" to something more harmless than HelpViewer...something that won't execute AppleScripts. That way you still have HelpViewer if you ever need it.
you are correct, i think all of this "Mac OS can't get a virus" talk is nonsense, and only drives people to write viruses just to shut those people up. It's become the holy grail of virus writing in a sense, anyone can code a Windows virus, but to do damage on the Mac platform requires a respectable level of knowledge.leftbanke7 said:
How do you set it back?
I'm a Mac newbie... so how do I change the help protocol helper back to Help Viewer? I got misfox and can easily see how to change it to be Chess or any other app I know about. But to change it back to Help Viewer I have to be able to find the Help Viewer app using the file open (finder) dialog that misfox uses. I can't see anything called Help Viewer (except a classic version). What file on my hard drive is the OS X Help Viewer app?
jessefoxperry said:
I'm a Mac newbie... so how do I change the help protocol helper back to Help Viewer? I got misfox and can easily see how to change it to be Chess or any other app I know about. But to change it back to Help Viewer I have to be able to find the Help Viewer app using the file open (finder) dialog that misfox uses. I can't see anything called Help Viewer (except a classic version). What file on my hard drive is the OS X Help Viewer app?
leftbanke7 said:
leftbanke7 said:
Forgive me for the semi-trolling rant but...
I love you leftbanke7... thank you for giving me some hope that not all Mac users are just Apple sycophants trying to justify their expensive computer purchases to each other. I'm waiting for the next G5 Powermacs to come out before I buy my first ever Apple computer. I'm not switching completely because I love my Opteron system and my Sun workstation (well, really I hate all operating systems equally, just for different ones for different reasons). I'm going to test the Apple water and trying to keep an open mind. But I swear, most of the people on here (and the Mac nerds I know in real life) make me scared to buy one because I don't want to be associated with this crowd, haha. I guess I just won't tell anyone I own a Mac.
I think most anyone will agree that Mac OS X is inherently more secure than Windows, no matter how hard Microsoft tries to fix it. But don't forget that the best security is anonymity... Most hackers and script kiddies grew up on Windows and don't want to waste their time learning the quirks of a new OS especially one that hardly anyone uses. If tens of thousands of people concentrated on breaking Mac OS X, Linux, FreeBSD, Solaris or whatever like they do on Windows, then they're going to find ways in... even if it takes a lot longer.
So you guys can keep telling yourselves that either no one can hack your Mac or that no one will ever really try. As for me, I'm going to buy the Norton Anti-virus for my G5, encrypt my personal data and back it up regularly... just like I do with all my computers, just in case. All it takes is for one creative person to come up with that one nifty worm to ruin your day.
~Shard~ said:Hmm, I typed in rm -rf ~, smartass. and it doesn't seem to work...
HAHAHAHA made my morning
still not really worried; i dont go downloading random dmg files anyway
Analog Kid said:
why wouldn't you just disable airport connection or disconnect bluetooth connection or unplug the ethernet cable? there's no way anyone is sending anything from your computer if it doesn't have network connection?
think, people, think.
i have still not heard of a mac osx VIRUS, by definition: a malicious code that infects your computer without your approval and spreads to another computer without you knowing anything about it, and finally doing something to your computer that you have not asked to.
trojans and such are just showing people's stupidity.
back in the days of 300baud modems everyone (that was using a network connection) knew BY HEART that you should never trust anyting you download to be safe. now (that everyone uses a network connection) hardly nobody (other than the people who knew back then) knows that the network can contain files that are not safe. this is the problem.
if i have a script on my desktop that wipes my whole home directory clean, is it a virus? no. it is a script, made by me, and i would be stupid to run it. is the os insecure because i can make such a script? no. it is a feature that is intended to be used wisely.
if the operating system lets me destroy MY home directory, is it insecure? no. it has given me a right to have files and do whatever i wish with them. is it insecure because i can authorize some malicious code from somewhere-in-the-internet to be run and do anything? no. but i am, if i do such a stupid thing.
there's a joke about this: "user error. replace user and press any key when ready." or, "memory overflow. add memory for user and press any key when ready."
bottom line: it is THE USER who is insecure. stupid things happen for stupid people. click anything if you want anything to happen. click nothing if you want nothing to happen. expect anything (in the internet) to be insecure to be safe. get it?
i wish apple could upgarde users to have a brain
rm -Rf ~ will start recursively deleting from your HOME FOLDER.Zardoz said:
rm -Rf / will start recursively deleting from the root directory.
Point of note is that rm with -f option will not stop if it encounters files it cannot delete for whatever reason, so in other words if you start at the directory root it would delete ALL files that your user account is able to delete.
Still may not be so bad, however considering that many Mac users have a blank password on an administrative user (this is the DEFAULT setup behaviour in OSX) then this is a serious problem.
AT71 said:
Well judging from the article it's quite recent, you have to give them some time to respond to it.
Anyway, why not actually read the article and follow some of the exemplry advice from jessefoxperry and take some precautions? First thing you should probably due is go into Safari's preferences and uncheck the "Open Safe files after downloading" check box.
Cheers,
PolarbearTed
So you'd rather not have the ability to delete your own files? rm -rf / is there for a reason. It's called unix.elmimmo said:
Anyway, these 'viruses' aren't really 'viruses'. Any bozo can write a program that can delete all your files - hell we could do it in C if you're bored of looking at bash or applescripts. It's malicious code true but a virus - I think not. A true mac virus is perfectly possible but these aren't it.
elmimmo said:
Oh please... get real...
IF you don't back up your data you WILL lose everything at some point in the rest of your life. Your hard-drive WILL fail or your computer WILL get stolen or you WILL get hit by a virus, or something.
Something will wipe everything out. It's a 100% certainty.
The platform you use is completely irrelevant. And it's not exactly difficult or expensive to backup to a firewire external drive (or preferably two if you are cautious by nature, and preferably leave one with a friend - it might sound paranoid but once you've been burgled once you get twitchy).
The security flaw discussed here is definitely serious, but at least it is true to say it can only wipe out whatever you have permission to access on a unix system.
And if you don't back that up you're going to lose it one day anyway.
m
Is it too simplistic to download files to a separate partition open them and see what happens. If OK just install in your working partition.
Taking your Help Viewer application in System/Library/CoreServices and placing in on a cd, etc. and removing the original works very well to stop the exploit.
We all talk up how wonderful Mac OS X security is and it is more seucre than Winblows by a thousand percent.
But Apple not providing a sort of firewall for downloads and letting dmg's to automagically appear on our computers is such a security lapse oversight it's beyond beleif.
Who knows what some dumb newbie or kid will doubleclick on?
Actually this exploit has been denomstrated on Slashdot and I personally notified Apple several months ago about it.
If you want to see something scarry, download Little Snitch and watch as Apple's Address Book makes a outgoing connection.
Now WTF is up with that?
Don't get me wrong, I love Apple, but some things don't look all that nice. Is Apple following M$ lead and working for the spooks in DC?
Creepy, now give me back my tinfoil hat.
We all talk up how wonderful Mac OS X security is and it is more seucre than Winblows by a thousand percent.
But Apple not providing a sort of firewall for downloads and letting dmg's to automagically appear on our computers is such a security lapse oversight it's beyond beleif.
Who knows what some dumb newbie or kid will doubleclick on?
Actually this exploit has been denomstrated on Slashdot and I personally notified Apple several months ago about it.
If you want to see something scarry, download Little Snitch and watch as Apple's Address Book makes a outgoing connection.
Now WTF is up with that?
Don't get me wrong, I love Apple, but some things don't look all that nice. Is Apple following M$ lead and working for the spooks in DC?
Creepy, now give me back my tinfoil hat.
Who the heck makes a URL protocol that can execute shell scripts? Crazy stuff. They must have been assuming that if its a local script then you trust it. Well then they shouldn't make automounting things.
Another way to get a malicious shell script on to someone's machine without using a dmg would be to put in in the public folder of their iDisk. It will be synched to /Volumes/dotmac.user.name/Public where the URL can execute it.
Another way to get a malicious shell script on to someone's machine without using a dmg would be to put in in the public folder of their iDisk. It will be synched to /Volumes/dotmac.user.name/Public where the URL can execute it.