Re: [Full-disclosure] mac trojan in-the-wild



On 11/1/07, nnp <version5@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There's a difference between ignoring something and making a statement like

'OS X is the new Windows 98.'

OK How about "iPhone is the new Win9x"? It is running a type of OSX,
one that is configured to use root for everything.

I repeatedly hear that OSX is secure because BSD is a well picked
through OS. Developers have had 30 some odd years to work out the
bugs/vulns. What people are not taking into consideration is that if
you install a single insecure app, (I.E: IE for Mac or Safari) and
then use it to update your myspace profile and browse pr0n; you have
to take additional preventative measures or will no longer have a
secure system.

This will be compounded by the fact that most corporations don't see a
need to shell out the bucks for AV/AS for Macs. AV/AS by itself is not
a great defense, but at least its something.

Anyhoo, to reiterate: OSX !BSD. Windows had a hell of a time securing
its OS in part due to all the bells and whistles and also in part
because they would release an insecure product with the semi-intention
of patching later. The iPhone's configuration proves that Apple will
release products that do not conform to well known security best
practices as well (the least of which is don't run everything as
root). This makes me think that Apple is 1990's-M$-like in its pursuit
of functionality over security .

BTW: Did anyone test out whether the Mac AV/AS products detected this trojan?

-JP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: MacBook/Parallels/Vista
    ... For comprehensive, bootable backups, I use SuperDuper!. ... mutliple computers (Windows and Mac) accross a network, ... If you are serious about network security, ...
    (microsoft.public.windowsmedia.player.mac)
  • Re: New Patch Fixes 43 Flaws In OS X, Many Serious
    ... one used for security checks. ... As compared to windows, UNIX has an excellent track record. ... Mac OS X would then become higher ... So it is with any kernel, ...
    (comp.sys.mac.advocacy)
  • Re: Antivirus
    ... Oblivion on it and maxed out the graphics settings, ... the Mac, and since I don't have a personal Mac, I use an old Windows ... of the security concerns would have been partially stamped out. ...
    (Ubuntu)
  • Re: Attention Windows Users
    ... > This is the FIRST time that an exploit has existed prior to a security ... > That's hardly a compelling case that Windows is more vulnerable. ... Applications run in "user space" on Mac, ... > default required to enter a password to install the software. ...
    (rec.aviation.piloting)
  • How To Utterly Destroy The Security By Obscurity Myth
    ... The Financial Times tries spreading some Apple Mac security FUD ... Take the number of known malware in the wild for Mac. ... verifiable data there are 2036x more malware for Windows than Mac. ...
    (comp.sys.mac.advocacy)