Tymmz said:
Ohhhh....Yeah, I get the point.
Thanks!Guess I'll get started on iMeowbot's instructions...
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
The First Mac OS X Virus?
- Thread starter MacRumors
- Start date
- Sort by reaction score
Ohhhh....Yeah, I get the point.
Thanks!Guess I'll get started on iMeowbot's instructions...
EvilMole said:
Very true. Another intersting note is almost all the worms writen that effect windows computer are patch several months before hand. A lot of the worm/virus writers out there go and look though the patch notes and see what the secuirity hole was and then writing something to export that. I rememeber when MSblaster came out a few years ago and everyone was complaining about M$ and blaming them, just they negleted the fact that M$ had patch that hole several months before blaster ever came out.
The creature relay on 2 known facts. 1 people are very poor at updating their computers, 2 people are stupid very stupid (and yes mac users). A person is smart people are stupid and easy to trick. So trojans are a very easy way to cause a lot of damage because people dont think about looking at a file to closely before they open. To make matters worse for the mac comminity is mac users have almost no Antivirus programs on their computers so things that blood hound part of the AV software would get are not being protected. Not like people would bother scanning the stuff any ways. But then they open it and damaged is done.
Either way this little thing was just an example of how most damage is done to computers. Relay on users stupidity and nail them for it.
To clean up an infected machine?
Sorry, I'm still on page 7, so this may be covered already.
So after reading http://www.ambrosiasw.com/forums/index.php?showtopic=102379 it seems to be that the way to check if you're infected is:
1. Open Terminal
If latestpics.tgz is present, you're infected. Remove the file and return to your home Library subdirectory.
If InputManagers is present, remove it and go to the Applications folder:
Check the date in the directory listing. If it appears off, e.g. in the past two days but you've installed the app much earlier, delete the app and reinstall.
Does this seem comprehensive?
Sorry, I'm still on page 7, so this may be covered already.
So after reading http://www.ambrosiasw.com/forums/index.php?showtopic=102379 it seems to be that the way to check if you're infected is:
1. Open Terminal
Code:
cd /tmp
ls -la
Code:
rm latestpics.tgz
cd ~/Library
ls -laIf InputManagers is present, remove it and go to the Applications folder:
Code:
rm -R InputManagers
cd /Applications
ls -latCheck the date in the directory listing. If it appears off, e.g. in the past two days but you've installed the app much earlier, delete the app and reinstall.
Does this seem comprehensive?
You can certainly do that, if you don't mind fixing up the permissions on all your files. I know that I have files scattered across many disks, and changing my UID would make a big mess.annk said:
If you can move over to a new account with no pain, go for it
Sophos PR
Not sure if anyone else has posted this but here's the Sophos News Release:
http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html
According to this "it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call it a Trojan horse."
Not sure if anyone else has posted this but here's the Sophos News Release:
http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html
According to this "it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call it a Trojan horse."
iMeowbot said:You can certainly do that, if you don't mind fixing up the permissions on all your files. I know that I have files scattered across many disks, and changing my UID would make a big mess.
If you can move over to a new account with no pain, go for it
The extra info you and Tymmz have given me has answered my question. Your instructions were so clear that anyone should be able to follow them, so I'll declaw.
This isn't the first trojan on OS X and it won't be the last.
A trojan is a lie--a file that claims to do one thing, and does another instead.
No OS is safe from liars, and I hope nobody ever though OS X was
All an OS can do about trojans is put up warnings to make you think about the potential lie, and keep admin functions password-protected. OS X does these things.
There will be a virus on OS X, but that day is not today If you define virus so as to make this into one (or a worm), it's still not able to be effective--and that's still down to OS X's secure design.
Now... what about the press backlash? I'm thinking it's all for the good:
* Right now a few people know there are no viruses on OS X. Most people are not tech-savvy, and assume that all computers have viruses. They assume nothing can be better than Windows, because Windows sells the most copies.
* Now, SOME of the few people who knew there were no viruses will think there is one. Others will realize it's smoke without fire.
* Meanwhile, many other people will now see in the press that Macs have their first virus ever... and thus these people will be exposed for the first time to the idea that Macs are more secure. (ONE virus? Not thousands?) Especially when initial alarmist reports are then retracted.
A trojan is a lie--a file that claims to do one thing, and does another instead.
No OS is safe from liars, and I hope nobody ever though OS X was
All an OS can do about trojans is put up warnings to make you think about the potential lie, and keep admin functions password-protected. OS X does these things.
There will be a virus on OS X, but that day is not today
If you define virus so as to make this into one (or a worm), it's still not able to be effective--and that's still down to OS X's secure design.Now... what about the press backlash? I'm thinking it's all for the good:
* Right now a few people know there are no viruses on OS X. Most people are not tech-savvy, and assume that all computers have viruses. They assume nothing can be better than Windows, because Windows sells the most copies.
* Now, SOME of the few people who knew there were no viruses will think there is one. Others will realize it's smoke without fire.
* Meanwhile, many other people will now see in the press that Macs have their first virus ever... and thus these people will be exposed for the first time to the idea that Macs are more secure. (ONE virus? Not thousands?) Especially when initial alarmist reports are then retracted.
Diatribe said:
No, you're strictly correct, but it doesn't comfort me much calling this anything other than a virus simply because it fails to propagate - it's still trying and the next trojan/virus is likely to be more successful.
Whether it's a virus, trojan, whatever, don't get too upset. Remember the score is still:
Windows: 382905209587108157089502876023875
OSX: 1
Windows: 382905209587108157089502876023875
OSX: 1
L
Lau
Guest
annk said:
I may be doing this all wrong, but I just went to System Preferences, created a new account called "Big Dude", ticked the box that said "Allow this user to administrate", then went to "Lau" (my usual) and unticked the box that lets me administrate.
So now "Big Dude" is admin, and "Lau" is not. If I want to do anything (eg install) whilst in the "Lau" account it comes up with "Please enter a admin user name and password" and I enter "Big Dude" and my big dude password and it installs.
Did I do something wrong, because it was really easy and took about 1 minute....
Awww, but I wanted to make an installer with a big smiley face icon that nags you to pay a shareware fee! And if you don't cough up the cash, the virus would start printing slightly less optimistic phrases after fifteen days, then uninstall itself after 30. Remember, this is Sparky the Friendly Virus!jacobj said:
whooleytoo said:
Yeah, I was mostly pointing out a technicality. You're right though, it's still more than it should be. But there are 3 easy steps for Apple of which I am sure they will take some.
1. Find a way to let users know that a file disguises itself.
2. Reduce Admin priviledges for the admin account(require passwords to modify apps etc./alert people not to use an admin account as their regular account
3. Integrate an anti-virus software with automatically updated definitions via Software Update
well a lot of this sounds like FUD... but, as previously mentioned the NEWS of this supposed virus is spreading much faster than the "virus" itself.
In other news... Apple stock is up 1.62 as of now... either the FUD hasn't hit wallstreet yet, or no one cares.
Also as previously mentioned, a virus could come out today or tomorrow or in 10 years, it still beats all the countless thousands you get with windows.
-Royboy
In other news... Apple stock is up 1.62 as of now... either the FUD hasn't hit wallstreet yet, or no one cares.
Also as previously mentioned, a virus could come out today or tomorrow or in 10 years, it still beats all the countless thousands you get with windows.
-Royboy
"We'll call it "Oompa-Loompa" (aka "OSX/Oomp-A") for reasons that will become obvious." -- from Welch Update Linkejgisbert said:OSX.Leap.A
What kind of a name is that? Symantec are truly without fresh ideas. Yes, I know they have standards and conventions and such...
...but "OSX.TheFirstOne.A" would have looked better, right?
Link
Andrew and crew were, at least, a little more creative with their name.
Tymmz said:
When declawing...and changing the applications permissions/ownership to a new admin account,
Will it cause problems for non-admin users if the new Admin account also has File Vault enabled?
L
Lau
Guest
Tymmz said:
Ok, thanks, will get onto that.
(I won't ask you why, because I probably won't understand the answer anyway!
)
Lau said:I may be doing this all wrong, but I just went to System Preferences, created a new account called "Big Dude", ticked the box that said "Allow this user to administrate", then went to "Lau" (my usual) and unticked the box that lets me administrate.
So now "Big Dude" is admin, and "Lau" is not. If I want to do anything (eg install) whilst in the "Lau" account it comes up with "Please enter a admin user name and password" and I enter "Big Dude" and my big dude password and it installs.
Did I do something wrong, because it was really easy and took about 1 minute....
Uff, this brings another question to mind.
When I'm in my one and only account, which is the admin account, I can't install anything without giving my admin password. Before I create another user account, give it admin privileges and declaw the current admin account, can someone tell me why having to type in the admin password to install is not protection enough?
Sorry for what is probably a noob question, I'm just concerned I'll do something wrong and mess everything up.
Oh - and when I've declawed the old admin account and check to make sure that account doesn't own any apps, is there any practical difference between assigning ownership to the system or to the new admin account?
File Vault only encrypts the user's home directory, so the contents of the shared /Applications and /Library folders would not be affected by that.eme jota ce said:
You can probably skip using File Vault on a dedicated admin account, because you're not supposed to be doing regular work in there anyway.
Go into your Applications folder, and try Get Info on a few applications. On at least some of those applications, you will probably see "you can read and write". The "write" part is the kind of thing we are trying to avoid. "can write" means that you don't need a password to change those programs.
Ah, okay, if you've checked ownership then you have already made the write problem go away.
Not really.