Benjamin Daines was browsing the Web when he clicked on a series of links that promised pictures of an unreleased update to his computer’s operating system.
Instead, a window opened on the screen and strange commands ran as if the machine was under the control of someone — or something — else. Daines was the victim of a computer virus.
Such headaches are hardly unusual on PCs running Microsoft Corp.’s Windows operating system. Daines, however, was using a Mac — an Apple Computer Inc. machine often touted as being immune to such risks.
Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world’s largest software company was criticized for being slow to respond to weaknesses in its products.
it should go without saying. if you are dumb enough to click on links sent to you by e mail or on the net that you aren’t exactly sure what they are… you deserve the virus. plus, didn’t this virus get passed over ichat? and you have to physically open the file? one “virus outbreak” such as this hardly constitutes the comparison of them being as vulnerable as microsoft windows is to viruses.
Even Jobs never claimed immunity. In practice, his response has always been that everything can be hacked.
Regardless, there is no patch for stupidity.
From my understanding, a virus spreads through e-mail, or other non user initiated means.
This is not a virus, but rather a browser vulnerability. I think if the “Security Expert” wants to make a name for him self, he should make sure he uses the right definitions.
“From my understanding, a virus spreads through e-mail, or other non user initiated means.”
Nope, you’re thinking of a worm.
the Intel switch wont do much (if anything), at max, it will make it easier for people used to Intel assembler code to cross over, saying just because it’s using Intel, so it will be more susceptible to viruses, shows how stupid the “researcher” is.
#3
Given the total lack of tools (or even fundamental research) for detecting root kits on Mac, for all this guy knows, his computer is already a zombie spewing spam to thousands of people a day.
Nowadays the virus writers are extremely sophisticated, and the last thing they want to do is tell the user they have hijacked their computer.
Im gonna break out the popcorn, because it is apparent that a massive virus outbreak is about ready to happen on the Mac, and there is nary a firewall or virus scanner to stop it. Only the naievely arrogant belief of millions of Mac users that their computers are invulnerable to this type of attack.
According to the article a massive number of people (two) were infected.
Two people don’t seem like much of a virus outbreak.
Greg Albright says: Given the total lack of tools (or even fundamental research) for detecting root kits on Mac…
This might be true of Macs 5 years ago, before Mac OSX. OSX however, is based on a 30 year old UNIX operating system which has been extensively researched and for which there are likely more security tools than for Windows — all of which run fine under OSX. Take COPS, SATAN and Tripwire, for example.
There are also click-and-drool, user-friendly, mass-market commercial tools available for OSX, such as Sophos Anti-virus. Not many people actually use these tools however, because viruses/worms have yet to successfully propogate on the OSX platform, just as they haven’t yet successfully propogated under other UNIX platforms, which have been around for much longer than Microsoft’s swiss-cheese-security OSes have been.
The argument that there are no viruses for OSX yet because Apple doesn’t have enough marketshare is baloney. Most of the world’s webservers run on the Apache webserver, and we don’t see worms spreading through it, do we?
Why am I not surprised?
First of all, check who is posting that news.
Isn’t the Mac/Windows Intel machine safest when one uses the Mac OS programs for browsing and emailing? If so, wouldn’t it make sense to never use one of your Windows applications to connect to the web?
Brent,
The current best of breed rootkits soundly defeat every technical method you described. Rootkits are a real problem. (heck even the sony root kit initially defeated all of those, even on Mac although it didn’t exploit to install). And for the record, COPS is irrelevant as most open source software no longer allows blank passwords, SATAN has been replaced by nmap. Tripwire scans only work on changes that are not made by rootkits…
Virus scanners??? R U kidding??? By the time a virus scanner detects it now days, find your reinstall disk and start over. Make sure you scan your backups before you recover from there. The payload on a virus now days is to just install a rootkit.
However as in all computer security, the biggest exploit tends to be social engineering. Mac users are a disaster waiting to happen.
Nope, its coming, get ready.
While I don’t wish the propogation of viruses on Mac users, this will hopefully put an end to their long-standing boastings about how “Well, if you were using a MAC, you wouldn’t get viruses! (like on those inferior Windows boxes)”…
Any exploits that harm Macs or Linux boxes are good things and I cheer them. They are playing catch-up after all.
I detect a whole lotta of reverse schadenfreunde here my friends ….
Wasn’t this “news” about 1-2 months ago? CNN ran this story today also…
Neither article was very technical in nature, and neither included references to either SANS or other noted experts in the Mac security area.
To me, this sounds like more bad and ineffective reporting designed to inspire fear among the uninformed.
Also interesting that today was also the same day that Apple seemed to start running eMac advertisements during Letterman…
Herbie,
As the article DOES IN FACT reference SANS, I maintain that the crappy attitude of Mac user continues to be the problem.