What you are describing is a classic Windows exploit. On the victim's computer, it begins with autoexecuting email attachments. However, MacOS X has no autoexecuting email attachments. Neither does it have autoexecuting downloads. Therefore, any social engineering required to get the ignorant administrator to install MacOS X malware has to be external to the malware itself. As for installing an SMTP server and the other things, well MacOS X ships with an SMTP server installed. It's called sendmail. You hypothetical malware would simply have to trick sendmail to do its bidding. The fact that it has not happened should be a strong hint that it is much harder to exploit vulnerabilities in MacOS X than talking about them.SiliconAddict said:Right there is your first clue that it could succeed in the correct circumstances. Its called social engineering my friend and can be as simple as an e-mail that looks harmless enough because its from someone you know but who's contents is far from.
This is what has always worried me about OS X and MOS. Overconfidence in the OS. Its a given that default rights in X is 10 times stronger, prob more, then in Windows, but a virus is simply a program that runs on a computer just like any other. It simply needs root. And if for some reason it can convince a user that yes it really does need your username password, because hey! There arent any viruses on X so what harm can come from it right?, it owns you which in turn makes me wonder how far it can go from there. Install a SMTP engine, read your address book, scan your files for @x.com addresses to replicate itself to? Etc.
Until an OS is smart enough to distinguish malicious intent from user made configurations and nuke it from orbit before it can do anything OS X along with every other OS on the planet will still be susceptible to viruses in one form or another.
Blue Velvet said:I thought that you needed an admin password to install any application anyway? Or logged in as admin...
Axeon said:That is why your friend here used John the ripper to brute-force password hashes (once again, I don't know much about Mac OS X, but I assume it encrypts passwords in a similar fashion as Linux).
Axeon said:Rower_CPU: Since our server is based in Dallas, and we do not have physical access to it, the people who actually OWN the server (we lease) simply throw out harddrives instead of formatting them. The harddrives are cheap enough for this to be the easiest solution.
...
Axeon said:I run a Linux server and have experienced the horrors of a rootkit. We had to throw away the harddrive and have a new one installed.
gerardrj said:... then I strongly suggest you learn about the lsattr and chattr commands which allow you to make file immutable (they can't be changed).
gerardrj said:Then you are a fool or at least woefully ignorant. Simply re-writing the boot sector and re-partitioning will erase any and all remnants of malicious code from a drive. There is nothing a hacker can do to a drive with code that will permanently alter the drive so as to allow a re-infection after the drive is cleaned. Period.
In most cases, simply removing any "infected" files will eliminate the problem.
If you are running a Linux based server and are using ext2/3 filesystems, then I strongly suggest you learn about the lsattr and chattr commands which allow you to make file immutable (they can't be changed). While immutable files are not 100% guaranteed safe, the method of removing the immutable flag is quite restricted.
aarond12 said:Speaking of that... why hasn't Apple or Micro$oft or anyone else put the CORE of their operating system on a read-only partition?
-Aaron-![]()