Re: mac users no longer safe from virus

From: cquirke (MVP Win9x) (cquirkenews_at_nospam.mvps.org)
Date: 04/10/04 

Date: Sat, 10 Apr 2004 18:18:06 +0200

On Fri, 09 Apr 2004 16:04:47 -0400, octavius schmalz
>On Fri, 09 Apr 2004 08:29:55 -0700, sgopus wrote:

>> Symantec Security Response is aware of the MP3Virus.Gen Trojan,

What is interesting about this, is that it's an exploit of the worst
kind; converting a usually-safe file type to something that can bite
the user as soon as they look at it (the exploit involved a
specially-crafted MP3 that runs raw code that can then render other
"safe" media file types equally infectious). Stinks of "unchecked
buffer", and as it affects multiple file types, a bad one at that.

I remember a similar exploiter in Linux that spread through a
commonly-used MP3 player on that platform, again by exploiting an
unchecked buffer. Once again, a supposedly-safe file type becomes a
menace - which IMO charactarizes an unsafe platform.

>Safety is not based on software or even hardware - they are backups to
>intelligence - the first line of defense.

You can't apply intelligence if:
  - the software auto-runs stuff automatically
  - you are denied accurate information to assess risk

If a user gets a file that is recognisably raw code and runs it, well
duh. But if a user gets a file that is supposed to be of a safe type,
and it auto-runs when selected in the file manager, then you can't
blame the user for that. The fault is in the software.

>Anyone downloading MP3s or filesharing with random and unknown
>websites or computers should always realize that they can be downloading a
>virus or trojan.

The point is, what you see (in terms of info on which to assess risk)
should be what you get. If you can't assess risk because that info is
hidden (e.g. in UNIX where extensions are meaningless, or in duhfault
Windows where extensions are hidden), then you can't apply any
discernment other than don't use the computer or roll the dice.

>Still, the default user for the Mac OS X, unlike XP, is not the
>administrator. Admin and su are turned off by default. If a virus
>attempted to install itself, the OS would pop up a box asking for the
>Admin's password, which should be a big clue that something odd is going
>on. Most people running XP have never even created a limited user account,
>which is why the get infected so easily.

Limited user accounts in XP suck to the point of unusability, and not
only because of issues related to software that was not written with
user accounts in mind. As soon as I set a freshly-set-up user account
in XP Home from Admin to limited rights, a large swathe of settings
were discarded. Back to hidden file name extensions and other junk
that brings increased risk to offset the ?benefits of "non-admin".

>Most of my spam now comes from hijacked zombie XP boxes, no longer from
>open relays or purposeful accounts.

Yep. Business-orientated NT development can no longer afford to
ignore consumerland, because with broadband, what happens in
consumerland can bite everyone else.

>-------------------- ----- ---- --- -- - - - -
  Running Windows-based av to kill active malware is like striking
  a match to see if what you are standing in is water or petrol.
>-------------------- ----- ---- --- -- - - - -