Nothing to fear....right?

[rye9]

Now with this sudden trend of viruses for a Mac, which hopefully is over... should I worry? What precautions should I take just in case? Should I have my Firewall on? I checked and it was off... Is there anything else that I should make sure is on/off? (the only thing in the list checked is "network time") Should anything else be checked?

 

[risc]

Excuse me but what trend of Mac viruses? Some guy posts a program some people run it, that doesn't make a virus that just makes a bunch of dumb users. No settings could of stopped this happening.

As for your firewall if your router isn't doing NAT sure turn it on.

 

[rye9]

Excuse me but what trend of Mac viruses? Some guy posts a program some people run it, that doesn't make a virus that just makes a bunch of dumb users. No settings could of stopped this happening.

As for your firewall if your router isn't doing NAT sure turn it on.

True, nothing could have stopped that application posted. I guess I meant malicious software or whatever the term is . I just hope it stops. What does NAT stand for?

 

[trainguy77]

Network Address Translation. Check to see if you have a 192.168.*.*
or a 10.0.* ip address if so you have NAT on a router somewhere.

 

[javabear90]

NAT stands for Network Address Translation. See this: http://en.wikipedia.org/wiki/Network_address_translation for more info
-Ted

 

[risc]

http://www.webopedia.com/TERM/N/NAT.html

The only thing that can stop malicious software is the computer user. If you don't trust an app DON'T RUN IT! If you don't trust the site you got an app from DON'T RUN IT! If you downloaded a picture and it's an executable not a picture DON'T RUN IT!

I can't really see what Apple can do to fix this problem other than have a "This is an application, are you sure you want to run it?" dialog box the first time you open an app. Maybe that is what is required. Who knows?

 

[rye9]

Network Address Translation. Check to see if you have a 192.168.*.*
or a 10.0.* ip address if so you have NAT on a router somewhere.

The IP address is the 192.168.*.*. So should I leave things alone or turn Firewall on?

 

[rye9]

According to risc's first reply, I guess the answer's no. ok, i guess im set then, thanks for the instructions!

 

[Electro Funk]

According to risc's first reply, I guess the answer's no. ok, i guess im set then, thanks for the instructions!

Turn on your Firewall... and keep it on!

Why would you not want to run an extra level of protection?

 

[yoda13]

I don't because on my Powerbook, it makes airport drop its connection to the basestation, and many times I would have to reset the powerbook to get it back.

 

[ToastyX]

If you downloaded a picture and it's an executable not a picture DON'T RUN IT!

How's the user supposed to know it's an executable if there's no visual indicator?

 

[Electro Funk]

How's the user supposed to know it's an executable if there's no visual indicator?

Seeing filename extensions

A filename extension consists of a dot (.) followed by several letters that identifies the type of file. The extension may determine which application opens the file. Filename extensions are usually hidden in Mac OS X, but you can show them if you find them useful.

Select a file in the Finder and choose File > Get Info.
Click Name & Extension and deselect the "Hide extension" checkbox.

To show the extension for all files, choose Finder > Preferences and click Advanced.


In some applications, you can show extensions when you save a document.

 

[ToastyX]

What good does that do if the file name ends in .jpg?

 

[risc]

IMHO all this dodgy application has shown me is how little people actually know about their own computers. I come from a Linux / BSD background and even on those OSes which don't suffer from viruses you would never see an experienced user / admin downloading apps from untrusted sources.

The fact that some people ran this application just shows a lack of clues IMO. OS X has all the tools you needed to know this was an application. From Safari warning about applications when it downloads them, to Finder being able to display previews of pictures, to ctrl clicking and getting info about the download.

The only other thing I can see Apple doing to make sure this doesn't happen again (other than patching any exploits these apps may use) would be to have a dialog box come up saying "THIS IS AN APPLICATION. ARE YOU SURE YOU WANT TO RUN IT?".

People can try and lay blame about this but in the end you just need to take the time and learn how to use your computer correctly. I think people might need to remember that OS X is a UNIX like OS and as such it comes with a heap of powerful tools that you can either use for good, or in the case of this app bad!

 

[risc]

Here is a picture of my desktop 1 of these jpgs is a shell script can you guess which one?

 

[Electro Funk]

What good does that do if the file name ends in .jpg?

somebody correct me if im wrong... if you dont have file extensions turned on then it is easier for you to get fooled into thinking that executable is a .jpg (for example)... if you have file extensions on even if the file is trying to "mask" itself as something else you should still see the actual "real" extension... example you download what you think is a .zip and without extensions on it would look like MyPics.zip - but if this was infact a .tar file and you had file extensions on it would show as MyPics.zip.tar - you would therefore see that its actually not a .zip file and maybe think twice about opening it... Make sense? im a little buzzed at the moment so maybe im rambling....

 

[risc]

This is all completely pointless anyway I've proven here that you can tell when a jpg is not a jpg, but what if you download an app and you know it is an app but it just doesn't do what you expect? I guess it all comes back to what I said originally about only downloading from people / sites you trust.

Oh well I'm done with this whole "virus" on OS X thing it is kind of pointless. To the OP hopefully you feel your machine is secure enough for you, if not post some more questions.

 

[ToastyX]

if you have file extensions on even if the file is trying to "mask" itself as something else you should still see the actual "real" extension...

I'm saying, what if the "real" extension is .jpg?

 

[trainguy77]

The IP address is the 192.168.*.*. So should I leave things alone or turn Firewall on?

I don't have my firewall on, only because i trust everyone on the network, it would only slow down my computer. If there is people on your network you don't trust then you may want to turn it on.

 

[ToastyX]

Here is a picture of my desktop 1 of these jpgs is a shell script can you guess which one?

Your example assumes "Show icon preview" is enabled, which is not the default, and someone can just provide a custom icon that appears as a preview anyway, so that's not a good visual indicator.

 

[risc]

Your example assumes "Show icon preview" is enabled, which is not the default, and someone can just provide a custom icon that appears as a preview anyway, so that's not a good visual indicator.

Of course someone can make a custom icon which is exactly why I said this discussion is pointless, it all comes down to the user and NOT downloading files from the internet pictures or other wise if you don't trust where you are getting them from. Windows users know this, as a Linux / BSD / OS X user I know this, why is it so hard for you guys to grasp it?

 

[ToastyX]

I come from a Linux background as well, but all I see are people blaming the user when neither the icon nor the file name provides a visual indicator that the file is executable.

Safari warning about applications when it downloads them

Strange, I just managed to create an example where that's not the case: http://www.toastyx.net/example.zip

Even worse, if you're using Safari and 'Open "safe" files after downloading' is enabled, which is the default, it runs the script automatically without warning.

It doesn't do anything bad. It's just a simple shell script that runs the screen saver as the desktop background.

 

[risc]

Yeah and I have Safari set to not open safe files and I downloaded your file. Unzipped it it doesn't show me an icon preview as expected, so I do ls -l example.jpg and I can see it is an executable, I then use vi to view the source.

So who's fault is it Apple for shipping bad defaults or the users for not knowing the OS? Could it be a bit of both? Nice script btw flurry looks cool as a background.

Anyway I wont be replying in this thread anymore unless it actually has something to do with the OP. Once again if you follow the basic rule of network OSes and dont download from untrusted sources not even your script would work.

 

[VL-Tone]

This is a (serious) problem, and Apple has been notified, which is what you should have done ToastyX before posting your example.

(Edit: I deleted the rest of my posts since it could give ideas to some)

Everyone that uses Safari:
Go into the Safari--->Preference... dialog, and uncheck the "Open safe files after downloading"

 

[ericg]

I come from a Linux background as well, but all I see are people blaming the user when neither the icon nor the file name provides a visual indicator that the file is executable.



Strange, I just managed to create an example where that's not the case: http://www.toastyx.net/example.zip

Even worse, if you're using Safari and 'Open "safe" files after downloading' is enabled, which is the default, it runs the script automatically without warning.

It doesn't do anything bad. It's just a simple shell script that runs the screen saver as the desktop background.

Wow, that's really bad. When you open it in Get Info it's listed as a Terminal Command. But it looks like a JPEG, and it even has the proper extension.