Apple has been accused of secretly adding a security update to its operating system without telling users, or anyone else. The update released last week included protection against a Trojan that could allow a hacker to take control of your machine. The HellRTS Trojan has been added to the Mac's list of signatures used to detect …
"You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons"
Would this surprise anyone if it were found to be true?
It'll be interesting to see what spin the fanbois find to put on this one.
"It'll be interesting to see what spin the fanbois find to put on this one."
How about "bloke with massive vested interest criticises firm that won't dance to his vested tune?"
Think about it...
This is a Trojan right? So it doesn't exploit any flaw in the OS, it just misrepresents itself. What are Apple supposed to be confessing to? That a program might run exactly as intended by its developers (who happen to be liars)? What exactly is the beef here?
This isn't even a flaw in Mac OS X (Apple admit these when they issue fixes - yes Mac OS X has flaws and fixes, get over it).
What is it you think Apple is hiding?
PR verus full disclosure
"This is a Trojan right? So it doesn't exploit any flaw in the OS, it just misrepresents itself. What are Apple supposed to be confessing to?"
"What is it you think Apple is hiding?"
If they have trojan/virus detection software and update the signature, the update list should mention the signature is updated. Which it apparently doesn't.
"What exactly is the beef here?"
A list of updates should, you know, list the updates. Not leave out ones that are inconvenient to mention for PR purposes. I do think this was blown out of proportion a little, but some Apple fanbois are conversely far too easy on forgiving Apple's mistakes, usually with the excuse that "Well Microsoft does it even worse" -- they do, and they are held accountable for it too.
So to sum up, you want fanbois to panic and being used to paying through the nose for software, start buying your Anti-Malware kit?
Fair enough I quite agree, as Mac users we need to really shape up our attitude to the nasties, but stop banging on about stealth this and hidden that, when you have a hidden agenda, eh?!
He is officially employed in an anti-virus/security company and he is talking about securing against threats.
He posted an official release concerning things in his professional domain, and his statements have not been denied by the concerned party (Apple).
There is no hidden agenda on his part, his actions are quite clear.
Yours, on the other hand, and a bit murky. What's your hidden agenda ?
Mr Cluley, employee of a vendor of clueless software, more specifically virus scanners, peddling their crap.
MacOS X certainly contains explotable bugs, but at least they install a root and a normal user when the user first logs in. Windoze could but does not. Instead they suggest using one of those virus scanners.
Pretty much like a bank not using their locks and hiring a security team instead. The security team are equipped with a huge list of faces of the bad guys. The Microsoft bank finds it "inconvenient" to simply lock the doors, while the Apple and the Unix bank simply do that and save the money for the security team.
And the punchline is...
"...he  still thinks people should buy anti-virus software"
They've been banging that drum for the last decade. Glad I didn't listen, frankly. I've saved myself of decade of additional cost and hassle. Yes, someday there will be a genuine virus targeting the Mac. It's inevitable, and I'm surprised it hasn't happened long ago. But for the time being, the anti-virus software is a waste of time.
But Trojans are a different class of malware. They require the full cooperation of the user, and hence must rely on deception to work. It isn't really an OS problem. If Apple can clearly identify certain items as malware and prevent them from running, then fine. But the scope for confidence trickery is so broad, I don't believe they can do more to block them. Nor can the anti-malware business as a whole, and in fact I think they give their customers a false sense of security. You should always be on your guard against basic confidence tricks, no matter what is installed on your computer.
If Apple said, "we protect you from trojans", it would be deceptive. No software can protect you from that - viruses, maybe; confidence tricks, no way.
re: And the punchline is...
"...Yes, someday there will be a genuine virus targeting the Mac. It's inevitable, and I'm surprised it hasn't happened long ago. But for the time being, the anti-virus software is a waste of time."
Stop me if I'm wrong, but wasn't one of the first viruses -- or, at least the first to get media attention -- a MacOS virus, around 1988-89ish? I only bring it up as I've been using MacOS -- the only computers I've ever owned -- since early '85, and the '88 virus was a pretty big deal at the time.
The last Mac anti-viral package I used was something called Virex, around '89 or '90, and then switched to Norton for a bit, before I decided anti-viral software was a bigger headache than it was worth. I've had no problems in the intervening twenty years simply by not being one of those dumbasses who clicks on every goddamn' link they get in an email from a stranger, or clicks OK on every freakin' dialog on the Web that pops up from out of nowhere.
LittleSnitch also helps loads. It was one of the first utilities I bought after moving up to OSX, and it's saved my ass from ad/spy/crapware on several occasions.
re: And the punchline is...
@Mike Flugennock: "wasn't one of the first viruses  a MacOS virus?"
No, the first virus was much earlier than that. But yes, there were viruses on the Mac OS up to OS 9. There may have been more than 20 during that era.
Mac OS X saw the complete abandonment of OS 9, so none of the earlier viruses were able to run. And remarkably none have been written ever since (nearly a decade now), so running AV software over that period of time would have been a waste (other than warning colleagues with Windows if they were issuing infected files).
I've only been aware of a handful or half-hearted attempts to write a Trojan for Mac OS X, meaning that it has been quite safe to use a Mac without additional security for a long time, i.e. there's nothing out there to 'save your ass' from. Sadly, I'm sure that will change someday. The first (genuine) OS X virus will be big news, so it will be easy to take whatever steps are required when it happens.
"Malware purveyors do not target Macs as much as PCs, which are more tempting because there are more of them."
.. nothing to do with Windows being pi*s easy to break of course.
I think you mean:
@AC 12:16 GMT
If we were all using macs then all Malware would target macs.
Yes, would be interesting to see you break into Windows 7 64.
Apple kit always goes the quickest - just no fucker worth hacking uses it.
a big "amen" on that
".. nothing to do with Windows being pi*s easy to break of course."
Seriously. I won't pretend that MacOS has flaws that need patching -- every OS does -- but at least no version of MacOS I've ever used going back to '85 has come "out of the box" with its security set to "root me, trojan me, crack me, pwn me".
"would be interesting to see you break into Windows 7 64"
Frankly I don't think that is much of a challenge.
More just a question of time.
If I had one bullet and a choice of Cluely or Jobs, I have to say that Cluely would be the lucky recipient.
God, he's a git.
Having been playign with Mac OSX for a few weeks now I can see some flaws in the secure Admin issue. I have tried a lot of software and LOTS requires me to logon as Admin to install it (LOTS), including such trivial things as moving the Apple installed Apps from one folder to another.
This means that users soon trpe the Admin password whenerver asked wihtout thinking, so ends up being self defeating due to bad programmin/install practice. Maybe I am missing something as iv only had the mac a month or so, but so far I see opportunites for error.
Also anyone without a virus scanner on their Mac is a plonker in my Mind, if nothg else it lets me keep an eye on email trojans etc that could come in and get recirculated around the Win users I deal with.
re: Admin Fatigue
"Having been playign with Mac OSX for a few weeks now I can see some flaws in the secure Admin issue. I have tried a lot of software and LOTS requires me to logon as Admin to install it (LOTS), including such trivial things as moving the Apple installed Apps from one folder to another..."
The moving-apps issue I've been able to deal with by tweaking my permissions a bit. Things like "strangers" popping up and asking me to logon as Admin in order to install something from out of nowhere are easily dealt with by clicking "Cancel"... and by clicking "Deny Forever" in the LittleSnitch dialog that pops up beforehand, informing me that some unknown domain or numeric IP is trying to sneak a connection to my Mac.
Admin Fatigue = lazyiness
"Having been playign with Mac OSX for a few weeks now I can see some flaws in the secure Admin issue. I have tried a lot of software and LOTS requires me to logon as Admin to install it (LOTS), including such trivial things as moving the Apple installed Apps from one folder to another."
You do understand the difference between 'installing' and 'running' don't you?
One of the reasons Mac OS has remained untroubled by malware of any kind is that you can run 99.999999999% of Apps quite happily as a Standard User, and that the Admin User password and username is required to install software. Most intelligent people would regard this as a good security feature.
Here's a tip, if you try and install software when logged on as an Admin User, it still asks you for your password and still reminds you the first time you try to run it that you've downloaded the app from the internet and that it may be suspect. Again, I think most people would view this as reasonably sensible and not intrusive security.
Obviously, if you are an ex-Windows user and are used to having to work in Standard User mode for security reasons and/or have to switch to Admin User mode to make quite a lot of Windows software run properly, then could we put that down to one of the reasons you switched?
If you are the only person with access to this machine, and are getting tired of having to remember your Admin User name and password, run in Admin all the time and you'll cut out 50% of that arduous task. Unlike Windows, having different types of accounts is purely for the Admin User to control what the Standard Users can do, and that includes controlling the movement of Apps out of the Apps folder where the system installed them and will expect to put any upgrade in the future. As the Admin User you can, of course, move the folder, but you should realize there is usually a reason for the OS to ask you to confirm that decision.
fanbois to the rescue
Beaker - you were right - it didn't take long for the fanbois to rush to Apples rescue. Saying "I don't want/need to run anti-malware software" is sticking their heads in the sand as deep as China. OSX is not inherently safer than Win Vista or Win 7. As a matter of fact at the last 2 hackers conventions the OSX computers were hacked faster than the Windows machines.
But don't let facts get in the way of an Apple supporter - otherwise they'd never buy Apple again. And then they'd lose out on the joy of having Steve Jobs tell them what they can and can't do with the hardware they bought and own.
Apple removes user choice = myth
...where the hell did this story come from - that Apple tells their users what they can and can't do with their hardware? And why do you blindly perpetuate it?
Flash is the only thing Apple have consciously locked out on behalf of it's users (whether they wanted it or not), and that's only on the iphone/pad/touch. Even that's just a jailbreak away. Normal OS X runs flash just as badly as the PC's do.
And it's not just Apple...HTC won't let you upgrade to the latest android on some phones (even though it can technically run it), some of the PC box shifters not try void your warranty if you choose to install an OS not supplied in the box (even though they can't), didn't Sony try and lock it's users in just about every hardware format it's ever produced? And lastly...didn't Microsoft want you to have your hardware drivers verified by them these days - isn't that a form of lock-down?
My point? Locked up hardware - it's hardly an Apple exclusive...and it's hardly locked up...it's as "open" as it's nearest commercial rival in the consumer space - Windows.
It's complete nonsense. Stop it. Please revert back to the skeletor, newton or kool aid jokes - they were far wittier, and far more amusing.
As a matter of fact at the last 2 hackers conventions the OSX computers were hacked faster than the Windows machines.
If you actually bothered reading up on the hacks you would learn why - and it is nothing to do with the inherent security of any platform.
So let me get this straight:
Mac OS X has some built-in trojan detection. The signatures were updated. This is a problem?
Do we gripe every time MS updates the Malicious Software Removal Tool, or the signatures for Security Essentials update?
You know why Windows Defender isn't realtime protection, and Security Essential is a free but separate install? Because McAfee and Symantec would file antitrust lawsuits if MS dared to roll any kind of antivirus into Windows. It would kill the market for (overpriced, overrated) third-party protection.
Ironically, the reason OS X can get away with built-in protection against malware and Windows can't is the very same reason there is so much more malware for Windows: A bigger market share. Slipping under the radar is a good thing...
let me see...
- Sophos market share reducing (I could generous as say it's because their competitors are getting better, instead of their products getting generally more and more useless). Though they're all hardly beacons of efficiency.
- Sophos therefore looks for new markets & product niches.
- Sophos identifies 3-11% (depending on your source) of IT market without AV cover. Preferably gullable ones, and Apple users generally show previous form here.
- Sophos targets this market
..and by amazing co-incidence, dangerous malware is discovered, so they should all purchase Sophos immediately so they can be protected from themselves. Or not, as it's more likely to be.
Don't get me wrong - I geniunely protect my mac's, but everytime I hear one of these, I immediately read the source. If it's a commercial AV house = yawn....independent agency with no commercial agenda = sit up and pay attention, and make sure I'm covered.
At least Sophos maintains a fraction of credibility this time by *not* claiming they were the only vendor to address this malware (which I've seen done in the past).
If I ruled the world, commercial AV's shouldn't be allowed to issue scare stories like this - only a truly independent, non-commercial agency would gain that right. I can dream I suppose...
Anti-virus/malware on Mac OS
As an Apple Reseller since the early days. I've always made it my business to make sure I kept ahead of the crowd as far as new software trends and security matters affected the Macs of my customers.
Pre OS X (OSes 6, 7, 8 and 9), there were some Mac-only viruses, about forty IIRC. Only once did we get a virus that could claim to do damage in the way that many, many Windows viruses have done, and it was a relatively straight-forward matter to issue clients with free anti-virus software and keep them up-to-date.
Move forward to Mac OS X (pronounced TEN not EX for those who don't understand Roman) and we've had getting on for a decade of the highly inaccurate and misleading statements from Windows apologists and/or Apple haters like "Malware purveyors do not target Macs as much as PCs, which are more tempting because there are more of them".
Okay, viruses are different from malware, so shall we say that after ten years anybody who could write a virus for Mac OS X would probably have done it by now? I'm not complacent, it could still happen.
Which leaves malware. How many successful attacks have there been on Mac OS X over the last decade? After all, "do not target Macs as much as Windows PCs (there, fixed it for you), which are more tempting because there are more of them" implies that there are, or have been, a number of attacks that would be a recognizable proportion of the many, many thousands that Windows users have to guard against on a daily basis.
So, how many attacks would constitute a recognizable proportion?
And how many computers would they have to compromise outside of Anti-Virus and Anti-Malware software marketing departments AKA 'labs' to be labeled 'successful'?
See what I'm getting at John? It hasn't really happened yet, has it?
And if you do load some of the speed-sucking, in-yer-face, badly designed Mac 'Security' software from some of the same people who've grown very,very fat on Microsoft's decades-long and criminal abdication of responsibility, you find that the effects completely outweigh any advantage.
Don't get me wrong, it will happen, and lots and lots of people like John will be able to dampen their gussets properly and yell "See, we told you Macs are as insecure as 'other' computers, ha-ha Steve has duped you all these years" etc. I think low personal esteem explains it.
Haven't you heard? Windows doesn't let stuff just run 'as root' anymore. As far as trojans go, I can fake a 'sudo' dialog on OS X more convincingly than I can fake the UAC prompt on Windows Vista/7 ... UAC elevate dims and locks the screen in such a way other apps can't interact with it. OS X's prompt is a normal dialog box. And if they fall for it, I have the user's password for future use...
According to the Windows 7 user admin applet, the first user is of type "Administrator", as it was in Windows XP and VISTA.
I know that there exists this hairball called "UAC", but I cannot fathom what it really does. It seems to protect *some* files from being overwritten. But does it also protect them from being read ??
Also, it is a Royal Pain In the Backside to deal with it if you have to change File Permissions, in addition to the Permission GUI of Windows being broken since XP (or earlier).
The concept of Unix is easy and transparent: There is root and the other users. Only root can change system files and only root can read certain sensitive files. The permission system is so simple everybody can understand it (user, group, other permissions). I have a CS degree, but I always have some doubts when I use the Windows File Permission GUI. It seems you need the command line tools to properly operate this hairball. After you have turned off UAC, of course.
The latter point defeats the purpose of UAC - it cripples the Administrative user so much that he/she must turn it off to perform serious tasks.
UAC is Horse Excrement that only the twisted minds of Redmond can conceive. A terrible mix of legacy (oh, we can't educate users to have more than one account!!!) and stupid technology.
Unix Root vs UAC
I forgot to point out that a Unix (Linux, BSD, MacOS X, HPUX, AIX, Solaris etc) root can do whatever she pleases. She does *not* have to switch to a different user just to delete/view/edit a file of that user. With UAC exactly this is required. If you do not turn it off, certainly.
What good would buying his software do even if some Mac virus suddenly appeared? His software would only fix this after the fact, so the current version is just a useless way of using up CPU cycles!
The sick sad truth
Everything has vulnerabilities. Whether it be the oft attacked Windows, the hardly-ever (for now) attacked Mac OS, a PVR, a printer, a router... The chance of an attack correlates, roughtly, to the usefulness of such attack. There's little commercial value to be gained from breaking into a video recorder. There's a lot to be gained from capturing keystrokes on a Windows box, especially if the sniffable history shows up a lot of connections to Amazon, Easyjet, eBay, etc. When enough people use Mac gadgets to make the pickings worthwhile, Macs will fall. Don't bother to reply telling me the same tired story about Mac OS being impenetrable, a glance up this thread, plus some research - http://arstechnica.com/apple/news/2010/04/apple-patches-pwn2own-exploit-in-mac-os-x.ars
This isn't to say you should rush out and buy anti-whatever software, however realising that the system HAS vulnerabilities is a start.
Show me the money
It is all about the money, the OS companies want it, the Anti Virus vendors want it, the Virus vendors want it........
Next story please.
Sophos Marketing Campaign...
Microsoft Fanboys vs. Apple Fanboys all over again.
I think you'll find this is a commericially motivated article, I would take it with a pinch of salt. All operating systems have vunerabilities, it's human written code and logic, there will ALWAYS be a flaw somewhere!
As someone has previously commented, as Apple continue to pioneer the home electronics market, malware writers will start to focus on OSX aswell.
With regards to bashing Windows for it's previous security history, true, very true, Windows XP pre-service pack 1 days was in a nutshell dreadful, but generally things have been tightened up since.
STEP TEH PRESSAS
So, Mac users might have software running that takes control of their machines and does whatever the hell it like with them?
How would they tell the difference?
"Apple has been accused of secretly adding a security update to its operating system without telling users, or anyone else."
Apple find a problem and fix it - then get blasted for not telling everyone about it?
Except they *did* tell everyone about it:
It lists everything that's in the patch (and it's one click away from the link in the article)
The problem with hidden security updates.
The problem is that if people don't know its a security update they might decide to delay installing it. I do that all the time.
If an update is for security rather than just new features it needs to be clearly labeled as such.
Ability to count!
As Mac OS x has no known viruses outside of what we are told are lurking in AV firms marketing departments, how can Ubuntu be 'more' virus free?
And yes, you are right. We don't need anti-virus software to protect us from Trojans. Perhaps you could ask someone else (preferably with a higher I.Q.) to tell you the difference.
I dunno folks, this sounds like sound and furry, signifying nothing.
So what if Apple added one signature.
I couldn't give a rip!
Lets report about something significant!
"..this sounds like sound and furry.."
Like a 2 Gryphon rant?
For those who don't know: You don't want to know.
Badgers, because they're furry too.
Problem in chair
OS X is not yet vulnerable at start without user interaction, but Mac's users are still too confident and for this reason they are more exposed to malware and social trickeries. Let's see.
Us vs Them, again
Usual comments for and against Apple (yawn). PLEASE, before any pro-apple bod (I won't use the f***** word) comments just imagine that the all instances of APPLE and MAC in the article are replaced with MS and XP/Win7 and consider your comment then. You'd be amazed how stupid and blinkered you sound sometimes.
If MS issued a security patch without telling anybody you would be commenting how MS are trying to hide their weaknesses - but this is Apple right. You sound more and more like a religious cult everyday (fingers in ears, not listening to anything that doesn't support your 'apple is infallable' view of the world). Sad really.
Lighten up, and accept that apple does actually make mistakes.