Potential for Creating OS X Virus

[ClarkeB]

I was (re) installing the HP drivers on my iMac (no drivers for it come w/ OS X Panther) and so then it says "No other applications can be on for this process" and you press a button like "Proceed" and then it closes everything but Finder. Would someone be able to integrate this sort of a feature into a program to create a somewhat virus that would just plant itself to start on login and it wouldn't allow you to run anything?

 

[MBHockey]

Yes. But you'd have to give it your admin password before installing it.

So yes...if someone created a virus, and a user was enough to run the installer, give it your administrator password, and let it install, yes, you could have a virus...theoretically.

MacOS X is very secure, but there's a line between being overly secure, and letting the end-user decide what they want to install themselves...

 

[Bradley W]

_

 

[PlaceofDis]

this actually would be called a Trojan and not a virus, as it is not self replicating nor does it install on its own, you have to give it permission

 

[musicpyrite]

That doesn't sound like it would be a true virus. More or less like a simple, annoying script. Though you could still do it.

Open the Script Editor (Applications>AppleScript) and enter this:

tell application "Finder" to quit

Then click "Run". It has the same effect, and can be adaped to quit all/some applications.

If you didn't want to create an AppleScript, just use the Terminal. Open the Terminal, type "pico script" (with out the quotes) and type in "killall Finder" on one line. Press return and type in "killall Dock". Next press the control + X buttons to exit, it will ask you if you want to save it, press "Y" for yes. Then type "chmod 700 script" to give it executable permissions. Next type "./script" into the Terminal. Viola! Your Dock and Finder should have quit.

Those are just examples. you could adapt it more to do something else, if you wanted.

Edit: you might be apple to add something to the startup list by putting it in /Library/StartupItems.

 

[iMeowbot]

A trojan horse would be easy. All the installer has to do is lie about what is being installed (or install some extra files that it doesn't bother to mention). A vendor could trivially install spyware etc. this way, much as Kazaa has done on Windows. There is really nothing an operating system can do about this, at some point you simply need to decide whose files you are going to trust when you see that password prompt.

Is there such a thing as a trojan horse in the Mac universe? Absolutely. The latest example was the fake OS X install disk that displayed the ****** guy. That particular hoax didn't do serious damage (well, maybe some brains were scarred), but it demonstrates the problem: people would even be willing to boot random CDs downloaded from unknown sources!

Getting an actual automated virus to work under OS X would be a lot harder, because the hooks to make major things happen without user interaction aren't there. Malware will be much more successful (from the malware writers point of view) if it relies on social engineering.