Two Apple Trojans Threaten users - Page 2

Dopefish · #11 (**permalink**) 06-25-2008, 10:28 AM

I'd hardly call that a "trojan." It doesn't even fit the virus part. This is nothing more than a shell script. If you were to call this a trojan, then Linux and BSD have been having these since before Windows was around.

Hell, even the article above calls the second one nothing more than a shell script.

You just have to love these misleading articles that are really only out there to purposely make Mac OS X look bad.

Just like any UNIX, OS X can never have a true virus because of the format executables are in. As for shell scripts, every OS in the world is susceptible to these.

CoffeeShark · #12 (**permalink**) 06-25-2008, 10:38 AM

Quote:

Originally Posted by Dopefish

I'd hardly call that a "trojan." It doesn't even fit the virus part. This is nothing more than a shell script. If you were to call this a trojan, then Linux and BSD have been having these since before Windows was around.

Hell, even the article above calls the second one nothing more than a shell script.

You just have to love these misleading articles that are really only out there to purposely make Mac OS X look bad.

Just like any UNIX, OS X can never have a true virus because of the format executables are in. As for shell scripts, every OS in the world is susceptible to these.

the majority of viruses are user-enabled, whether scripts or not. Most take the stupidity of the user to install them. With a safe browser setup and a penchant for NOT opening email attachments from alleged friends, you can go a long, long time without ever encountering a virus on any OS.

//and stay off the crackz and porn sites

VincentVega · #13 (**permalink**) 06-25-2008, 10:40 AM

ya that's what it comes down to for sure. There's a direct correlation between choice of O/S and average computer savvy. You don't see every [hot] housewife in america with Ubuntu, but you see her with Windows ME that hasn't been updated in 7 years. She opens up a Paypal phish email, types in her account, gets her identity stolen and shit installed on her PC at the same time. Sad, but true.

You take the same housewife, put her on Ubuntu, and that wouldn't happen. And that's just because she couldn't figure out how the hell to use it

but if she DID, at least the spyware wouldn't get installed. Apples / Oranges.

YankeeDeuce · #14 (**permalink**) 06-25-2008, 11:19 AM

ha

Quote:

Originally Posted by CoffeeShark

//and stay off the ~~crackz and~~ porn sites

NEVAR!!!

DigitalDD · #15 (**permalink**) 06-25-2008, 11:22 AM

dunno a privilege elevation that lets executed code run as the root user since the Apple Remote Desktop Agent runs as root so via the setuid bit anything that gets run would be executed as root no? and since it would be executed as root it would not prompt the user. sounds like the first of many exploits

Dopefish · #16 (**permalink**) 06-25-2008, 01:58 PM

No. OS X will prompt you no matter what.

Anything you download from the internet will get a quarantine flag set.

Code:

[dopefish@the-armada:~/Downloads]> ll -@ Firefox\ 3.0.dmg
-rw-r--r--@ 1 dopefish  staff  18005616 Jun 10 15:08 Firefox 3.0.dmg
        com.apple.metadata:kMDItemWhereFroms         237
        com.apple.quarantine          74

Before it will even execute the application, it will ask your permission (example):

This is just for an application I installed locally. If it came from the internet, it will also tell you the date you downloaded it and the website URL that it came from.

Also, unlike Vista and UAC, OS X will only ask you once, and then it removes the quarantine flag. This is a much better, and less annoying, way of making people double check what they're running.

Tulkas · #17 (**permalink**) 06-25-2008, 02:37 PM

So how do you know what you are downloading is safe or not?

VincentVega · #18 (**permalink**) 06-25-2008, 03:19 PM

You don't. You have to consider the source. Generally speaking, NEVER click an email link or download any attachment. ESPECIALLY ESPECIALLY ESPECIALLY if it looks to be from paypal, ebay, your bank, etc. Always open up a browser and type the regular URL in to login, that way you're not risking going through a fake link

Dopefish · #19 (**permalink**) 06-25-2008, 04:27 PM

I always use the status bar when clicking links, too, to verify the URL that it wants to send me to.

Whenever I go to my banks site, I either use my bookmark I have made or I type in the URL myself.

The thing in Mac OS X is real nice because when you run it initially, it tells you the exact URL that it came from. A person with common sense would be able to look at that URL and figure out whether it came from the site you were on or not.

SonicSpeed · #20 (**permalink**) 06-25-2008, 05:04 PM

Quote:

Originally Posted by Dopefish

I always use the status bar when clicking links, too, to verify the URL that it wants to send me to.

Whenever I go to my banks site, I either use my bookmark I have made or I type in the URL myself.

The thing in Mac OS X is real nice because when you run it initially, it tells you the exact URL that it came from. A person with common sense would be able to look at that URL and figure out whether it came from the site you were on or not.

Yeah but how many people get their account info taken because of phishing sites though? A computer is only as safe as the user thats using it. I could be running an unpatched version of XP RTM and be fine, while some user could be using OS X 10.5 with all the patches and still get it hacked.

Don't get me wrong, I really like some of the features that OSX has, its just that the reality of computing is the user makes the decisions.