Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
The First Mac OS X Virus?
- Thread starter MacRumors
- Start date
- Sort by reaction score
Can I just say...
All these people blanket changing the permissions on the /Applications folder. I have to warn that the next time you run 'Repair Permissions' that'll all get changed.
Also, and most importantly, you may find that this causes some problems running some applications, especially if the application in question tries to write back into its own bundle or folder, which while they shouldn't some DO. Mainly the problems will occur if the folder/application is writable by admin only and you're running the application from a non admin account.
One lot that springs to mind that has problems if the folder it's in has permissions set like that is Microsoft's Office Suite, especially Entourage. I can also see it being a problem for certain GUI front ends for *nix software that have the *nix software contained within them.
Just my tupp'orth
(edit: if you rtfm, you'd know this...
)
All these people blanket changing the permissions on the /Applications folder. I have to warn that the next time you run 'Repair Permissions' that'll all get changed.
Also, and most importantly, you may find that this causes some problems running some applications, especially if the application in question tries to write back into its own bundle or folder, which while they shouldn't some DO. Mainly the problems will occur if the folder/application is writable by admin only and you're running the application from a non admin account.
One lot that springs to mind that has problems if the folder it's in has permissions set like that is Microsoft's Office Suite, especially Entourage. I can also see it being a problem for certain GUI front ends for *nix software that have the *nix software contained within them.
Just my tupp'orth
(edit: if you rtfm, you'd know this...
)
"...sends itself to people on your iChat Buddy List."
I'm always amused, actually I think I mean "irritated," by vague statements like this. Does it use iChat to open a connection with another user and send itself to them through the IM or does it just use the buddy name that has "@mac.com" and append "@aol.com" domain to the ID if "@mac.com" is not present, or does it actually pull the buddy's email address from the address book card? Does it send email? If so, does it do it with it's own SMTP engine or does it use something already on the Mac, like UNIX's sendmail? It seems to me that how it accomplishes what it accomplishes is important, but I see no mention of this. I just want to know if it's sending via IM or email and from where exactly it gets the address.
I'm always amused, actually I think I mean "irritated," by vague statements like this. Does it use iChat to open a connection with another user and send itself to them through the IM or does it just use the buddy name that has "@mac.com" and append "@aol.com" domain to the ID if "@mac.com" is not present, or does it actually pull the buddy's email address from the address book card? Does it send email? If so, does it do it with it's own SMTP engine or does it use something already on the Mac, like UNIX's sendmail? It seems to me that how it accomplishes what it accomplishes is important, but I see no mention of this. I just want to know if it's sending via IM or email and from where exactly it gets the address.
Anyone operating mac enviornments (like i do everyday) should be well informed about these types of issues.
I think its funny though that everyone in this thread feels like their big brother just kicked them in the nuts. You run a computer - if its written by man it is far far far from perfect. Either be secure or get owned in the process. O/S, hardware, none of that matters. What matters is the people writing the software and the people working to crack/hack/infect the software. It's a constant battle - anyone who didn't by their computer based on what the shell looks like should know this by 2006.
I think its funny though that everyone in this thread feels like their big brother just kicked them in the nuts. You run a computer - if its written by man it is far far far from perfect. Either be secure or get owned in the process. O/S, hardware, none of that matters. What matters is the people writing the software and the people working to crack/hack/infect the software. It's a constant battle - anyone who didn't by their computer based on what the shell looks like should know this by 2006.
Some are saying it is best to make a new admin account, and remove the "admin" label from the old one.
Why not just create a new account without admin privileges and use that?
Why not just create a new account without admin privileges and use that?
WHOOOOSH!
<the noise of the thread suddenly going way over most people's heads>
Glad we have you *nix experts on board!
<the noise of the thread suddenly going way over most people's heads>
Glad we have you *nix experts on board!
woodgie said:All these people blanket changing the permissions on the /Applications folder. I have to warn that the next time you run 'Repair Permissions' that'll all get changed.
Also, and most importantly, you may find that this causes some problems running some applications, especially if the application in question tries to write back into its own bundle or folder, which while they shouldn't some DO. Mainly the problems will occur if the folder/application is writable by admin only and you're running the application from a non admin account.
One lot that springs to mind that has problems if the folder it's in has permissions set like that is Microsoft's Office Suite, especially Entourage. I can also see it being a problem for certain GUI front ends for *nix software that have the *nix software contained within them.
Just my tupp'orth
(edit: if you rtfm, you'd know this...
Hmm. That makes sense, but is there not one particular and safe way to go about this? I mean, this is the third different view of the same thing ive read so far lol. Im confused as hell.
I'll go give Word a test now. Dont use Entourage so dont care about thaT..
woodgie said:
well that's ok since it only changes the Apple apps to owner UID 0 the way they are supposed to be. Doesn't touch any others.
woodgie said:
Yes but then the program would have had problems with anyone running it from a new non-admin account regardless of if the permissions had been changed, right?
It seems you are saying that some of the M$ Office programs can only be run by 1) someone with admin or 2) the account that installed them.
Really? If so I'm glad my system is a M$ free zone.
ijimk said:why not just make a new account as admin then log in under that and make your regular account standard? I know this was said earlier many times in this thread.
of course, that's what I did but EricNau was proposing NOT doing that and just making a new account rendering changing app r/w permissions unnecessary. I was explaining why I didn't find that a practical alternative. 
well, it's not a virus, but something that has been a friend of the Mac for a long time: Trojan Horse.
it's weird, there was an article posted last week or earlier this month about this being the year of exposing OS X. since we're now on the same playing field as our Linux and Windows friends, this gives hackers and virus writers a familiar platform to work on (x86/Intel).
those of us on the PowerPC, i don't if we have anything to worry about. since the article that was posted about this was about a hacked Powerbook G4. now, i'm not contradicting myself, but it was a pretty big accomplishment, the scientist heard cheers and applauding for this when it happened. hacking a PowerPC Mac is an achievement i guess. now that we're in the x86 arena, i think that puts quite the Mac community in danger.
this may be the beginning, Apple can't hold not having a security division for OS X. Steve you made the call to switch, now start investing in the Mac user safety. OS X is no different from any other UNIX OS, especially on an x86 platform running the soon-to-be-standard EPS instructing on our fellow Intel friends (Dell, HP, Gateway, Alienware, etc.)
so, everyone who bought an x86 Mactel, welcome to thunderdome b****.
it's weird, there was an article posted last week or earlier this month about this being the year of exposing OS X. since we're now on the same playing field as our Linux and Windows friends, this gives hackers and virus writers a familiar platform to work on (x86/Intel).
those of us on the PowerPC, i don't if we have anything to worry about. since the article that was posted about this was about a hacked Powerbook G4. now, i'm not contradicting myself, but it was a pretty big accomplishment, the scientist heard cheers and applauding for this when it happened. hacking a PowerPC Mac is an achievement i guess. now that we're in the x86 arena, i think that puts quite the Mac community in danger.
this may be the beginning, Apple can't hold not having a security division for OS X. Steve you made the call to switch, now start investing in the Mac user safety. OS X is no different from any other UNIX OS, especially on an x86 platform running the soon-to-be-standard EPS instructing on our fellow Intel friends (Dell, HP, Gateway, Alienware, etc.)
so, everyone who bought an x86 Mactel, welcome to thunderdome b****.
progx said:
A little confused...
I thought that this "trojan - whatever" actually was written to affect PPC applications and in fact does not affect UB or x86.So not really understanding what you are saying - quite frankly any application can be made to be malicious and then propagated on any OS for any machine assuming you have the ability to "fool" the user into running it.
Here is something Apple must fix
Just downloaded a new version of an application with my declawed non-admin account bobvb - it unpacked and has bobvb as the owner and the group.
So making sure there are only admin alterable apps will be an ongoing process.
Just downloaded a new version of an application with my declawed non-admin account bobvb - it unpacked and has bobvb as the owner and the group.
So making sure there are only admin alterable apps will be an ongoing process.
EricNau said:
On the reinstall i was logged in as standard. The first time around i was admin and it aksed me nothing.
What does "declawing" do?
I'm sure this has been discussed ad nauseum, so forgive me please. What exactly does this declawing procedure do? How will it affect my day-to-day use of my (now non-admin) user account?
Thanks!
I'm sure this has been discussed ad nauseum, so forgive me please. What exactly does this declawing procedure do? How will it affect my day-to-day use of my (now non-admin) user account?
Thanks!
rbswitch said:A little confused...
So not really understanding what you are saying - quite frankly any application can be made to be malicious and then propagated on any OS for any machine assuming you have the ability to "fool" the user into running it.
you are correct.
Thanks for clarifying.yankeefan24 said:
I am curious what happends to people logged in as standard installing if for the first time.
- Maybe it's already been said and I just missed it.
The goal isn't always total prevention, which is impossible. But stupidity REDUCTION is possible, and desirablemrichmon said:
Plus if a file does a good job disguising itself (in theory) then it's NOT stupid to be "fooled" by the disguise. Maybe you're just in a hurry. But the text-and-mouse method I described would make such a disguise impossible, which WOULD reduce the likelihood of a trojan fooling a person.
PS, "declawed"? That term caught on fast! Is it too late to go with "spayed?"
No. If I download a program and it asks for my password I hit Cancel! Same when my bank emails me for my checking account numbergrussgott said:
Some system utils (like Yasu) might have a legitimate reason for asking, of course. And how do you know they are safe?
1. Download from VersionTracker or other common, public site.
2. Wait until a LOT of other people have downloaded and recommended it (THAT version) first
Let them be the guinea pigs who catch the trojans. Some of them have Little Snitch, some have antivirus software, some pore over their logs with UNIX expertise... one way or another, an app that thousands of people have downloaded and used for days or weeks is a pretty safe bet.
I think I speak for a whole lot of people when I say...
HUH?!?!
Declaw? Demote? Use an admin at this time, but not at that time? /$ r/-s???? Somebody please clear all this up for me before I decide that the Macintosh world as I knew it is dead forever.
HUH?!?!
Declaw? Demote? Use an admin at this time, but not at that time? /$ r/-s???? Somebody please clear all this up for me before I decide that the Macintosh world as I knew it is dead forever.
Isn't this any easy security fix?
I think this is being overblown.. it should be an easy fix.. Apple will just do something like this:
I think(I have about a 2 years programming, but I haven't programmed in awile so I may be wrong) to fix the altering of the programs like Camino, Google Earth, etc all that is needed is a simple check that calls up the admin password request screen IF an outside application is trying to alter the internals of the another application. That should stop the Trojan from being able to alter the code of an application unless the user wishes that application code changed.
I haven't really studied system programming at all so I am not sure how easy this would be and how well it will work.. Can anyone tell me how viable this solution is?
I think this is being overblown.. it should be an easy fix.. Apple will just do something like this:
I think(I have about a 2 years programming, but I haven't programmed in awile so I may be wrong) to fix the altering of the programs like Camino, Google Earth, etc all that is needed is a simple check that calls up the admin password request screen IF an outside application is trying to alter the internals of the another application. That should stop the Trojan from being able to alter the code of an application unless the user wishes that application code changed.
I haven't really studied system programming at all so I am not sure how easy this would be and how well it will work.. Can anyone tell me how viable this solution is?