SiliconAddict said:
This is no different then if someone was found to be susceptible to cancer. It means you can get cancer but doesn’t mean you have it, or that there aren’t things you can’t do to avoid it.
Best analogy I've read so far.
If I read another news story today claiming this is the "first found to target Mac OS X," I'll scream. It's not the first, and it's based on ideas used in past trojans! At least the BBC was way more accurate than Reuters (who waited until the end of the article to mention that you have to download and execute the program yourself).
What's annoying me most of all are all the posters here acting like anything has changed or that Apple has to patch something! Nothing has changed; this proof-of-concept trojan is no different from the other dozens of proof-of-concept trojans that have been written for OS X. Where OS X shines is the lack of propagataion of such malicious software. There are enough safeguards that it's hard for it to go anywhere.
This has gotten blown way out of proportion. It should have been a Page 2 story on MacRumors telling people about this isolated little incident...it was just somebody's personally written executable that was run by some forum members. It's not anything that's spreading in the wild, nor is it the "first OS X trojan!" There will be certain elements in the press who will use this against Macs now.
Please stop acting like the sky is falling or that anything is different. You people changing system permissions on your InputManagers folder and whatnot are crazy. You can't just get randomly infected with anything; you have to download and run it yourselves! You don't need to change anything in OS X; it's as secure as it was before. And if someone convinces you to run a strange program and grant it admin privileges, your freakin' InputManagers folder is the least of your worries.
paulwesley said:
The problem is that people don't know they are running an app - since it looked like a file.
Safari should have brought up its standard prompt telling you you're downloading an executable.
Once again--this is not news, it's not the "first OS X virus," and the trojan itself is based on earlier OS X trojans written in the past few years that have always been around. The point in saying OS X has no viruses or trojans is to mention that none spread in the wild to any notable degree, because OS X lacks the mechanisms or exploitable security flaws for that.
Somebody tricked some MacRumors posters into running his app on the forums before his post was deleted, and now it's international news from Reuters to the BBC. I really, really don't get this at all. None of the big news reports are mentioning that this was a minor forum incident on a Mac site, not a big trojan spreading around in the wild. Again, I blame MacRumors for not clarifying the nature of things in their original announcement. Even their claim that this event is significant because of the intention behind the executable is wrong, since malicious OS X trojans have existed since the operating system's first release five years ago.