Malware authors target Mac emerging markets

Malware on a Mac needs things that the OS doesn't supply

There are always ways for a thumb suckingly idiotic user to fsck things into the ground but s/he really got to work at it on a Mac.

Installing malware requires that the moron actually enters his password.

Even at that, it can affect his account while not necessarily screwing up the root account.

All in all, turning off the "automatically install" options and forcing the user to ask himself "Why the hell does this browser/web page want me to install something?" is usually enough to defeat viruses.

hmm.

So a company that sells Mac anti-virus software is making claims that Macs are now much more prone to viruses and people should therefore purchase more anti-virus software? Then claims that their dire warnings aren't an excuse to drum up sales?

Does anyone other than me take this kind of advice with more than a grain of salt?

OK, I'll buy the idea that social engineering attacks will affect any system. Hell, if you could do a social engineering attack on a Multics system you could probably breach the security on that too. Since computer users in general are pretty clueless, social engineering attacks will generally work unless it's possible to lock out the user from the admin side of the machine while still allowing the user to perform useful work. Which you can do with MacOSX/*BSD/Linux/UNIX[tm] (a.k.a. "unixen" just because) but you still can't do with Microsoft products.

However, I somehow doubt that unixen, even with their primitive core security, will ever be as easy to breach as MS Windows - a system that was built from the ground up without any security, then had ineffective security theatre bolted on at the last minute.

I'm also quite amused by the article claiming that "Word macros" are also a problem. Yes, that would be "Microsoft Word", correct? Maybe the real problem is Microsoft software after all?

Social engineering

Charles-A Rovira writes that you have to be a moron to install malware onto your Macintosh.

The financially-motivated malware that we have seen so far for the Macintosh typically disguises itself as a Codec to allow the Mac user to view a video. So the user *does* have a good reason to install the program that the website is telling him to download, and *does* have a good reason to tell his Mac that "Yes, carry on.. this is okay with me" if it brings up any security concerns about installing the code.

It's all about social engineering. It's the human element which is the big vulnerability - not which OS you're running. Mac users need to accept they are just as vulnerable to social engineering as their PC cousins if they're going to have a fighting chance at reducing the likelihood of attacks against Mac.

But there's an opportunity for Mac users right now to send a message to the bad guys that it's not worth looking for money on Apple computers. If enough people resist the social engineering, and don't fall for the tricks being pulled by the hackers to lure them into downloading Mac malware, then chances are that the cybergangs will return to their Windows roots and leave the Mac community alone.

It's like throwing chips at seagulls - if you keep giving them chips they'll come back for more. Don't get infected, don't be fooled into behaving unsafely, and you should be able to keep Macs as the much safer place that it currently is compared to Windows.

Graham Cluley, senior technology consultant, Sophos

@yeah, right.

> a system that was built from the ground up without any security,

> then had ineffective security theatre bolted on at the last minute

So the only version of Windows you have used/understand is the 95/98/ME?

You may argue about quality and technical merit of design, implementation and default settings - but the Windows NT versions (inc 2K/XP) were built with security in from day one! - Just everyone has tended to run as Administrator (seem to recall similar from some Linux distributions installers not too many years ago and something like that on Mac forums when the first OS X hit headlines a couple of years ago) and far too many apps are written without regard for security (so only run as admin) which no one will dump or clean up their act until things like XP SP2 started forcing them to

FFS

Here we go, I own (anything other than Windows) and it's perfect.

Just like the Titanic was unsinkable

just like Alcatraz was unscapable.

There will be attacks and exploits and while the smug bastards sit there going, Oh yeah ,we you need to be thick and run the software etc etc. Just remember how early MS expliots can to life. As software becomes more complex and easier to get to (DSL, bluetooth, WiFi), then there will be flaws, regardless of your systems.

So grow up and take note, it will happen, anyone who thinks otherwise is sadly mistaken

Squeaky clean, and smug with it

Bought my first Mac in 1991, been using them ever since.

Number of virus infections: er, none.

@ Anon "Q&A"

Spot on!

I was going to place similar comments, but you have beaten me to it.

Well done!

@yeah, right.

I have to say that I'm extremely satisfied with the security, stability, compatibility & performance of my Windows ME system & I advise all MacBook, MacBook Pro, MacBook Air, iMac, Mac Mini & MacPro owners to format their hard drives and install WinMe (for very cheap copies, goto e-bay).

I promise, you'll never regret it!

Industry that cried wolf

Once every while one of my Mac clients phones me worried they have a virus, in every case so far, further inspection reveals the software responsible for the system malfunction to be none other than the badly ported AV shiteware some well meaning but misguided soul infested their machine with.

The whole AV industry is as much a racket as the malware they ineffectively protect the low hanging windows users with, clued up users don't need AV and AV can't protect the clueless.

@ Andy Turner

Wow there what's a "buffer overrun"? I own a Mac - it just works!

A Mac user. (not)

@AC - Re: Squeaky clean, and smug with it

Bought my first Windows PC in 1993, been using them ever since.

Number of virus infections: er, none.

This Wouldn't Happen on Linux

It's true, I swear! Use Linux and you'll be immune from all forms of malware. And your breath will smell better, too.

(Grabs coat, ducks for cover and runs for door ....)

Squeaky clean, and smug with it

"Bought my first Mac in 1991, been using them ever since.

Number of virus infections: er, none."

Well I've been using PCs since 1987. Number of virus infections: er, none.

I wonder if Paris has got any viruses?

@ Squeaky clean, and smug with it

"Bought my first Mac in 1991, been using them ever since.

Number of virus infections: er, none."

Same here - except a Windows-based PC since 1996... I've never owned a Mac, nor do I intend to - they're not suitable for what I need. The vast majority of malware is avoided if you excercise some common sense and resist the BS, whether it's "double-click this .exe to see nude pics of Paris!!!!!" or "send me your bank details and I'll put £15,000,000,000,000" in your account!!!!".

It's the USER being targetted, not the OS in the case of these social engineering tricks. And many Mac users simply aren't as cautious as they might be, because they're used to not having to worry about such things, as they've not previously been targetted.

Right........

I don't claim Macs are perfect, but My Mac "recent switcher" does not get infected by web sites through the BROWSER!

The two worst ways to infect a PC are STILL IE and Outlook. Notice the worst threat to Mac security is Microsoft Office? See a pattern?

What you are saying is like saying, that if you are already a mechanic you can keep your car from breaking down. Thats fine for us, people who know how to maintain a computer. But at this point computers are ubiquitous to where they should not need hobbyist or above level skills just to be maintained.

I can leave an idiot alone with a broadband connected Mac for six months and come back and still find a clean running computer.

Anyone here who has left a clueless end user home with a PC knows what you will find when you get back. You are usually lucky if you can kill enough dubious running processes to even let you salvage data.

My Next Laptop will probably be Linux again. I like OS X, I really do. But I'm to old a geek to deal with Apple's patronization of its users and enforced 'hand holding" in its hardware support. But then again, we are not the end users.

For the home person to who the computer is like a TV not like a workbench, there is no question what they are safest with, and its not Windows.

do we even need anti-virus anymore

The anti-malware industry is worse than what they claim they will protect us from. Here is another example (following mcaffe and symantec) of a company who sees how bleak its future outlook is as people switch away from windows to mac and linux.

5 years without anti-virus and no infections, I guess that is because I run this vulnerable thing called Linux

I'd Gladly Suffer A Mac Virus

before I'd ever install bloody Virex again - Jesus what a hog that thing was.

@Bit Twister

I'm sorry. I'm so very sorry they didn't have schools where you grew up and that you didn't have the advantage of any education outside of the farm. At least that's the only alternative explanation I can come up with for that comment, which is devoid of all reason.

You boot the LiveCD immediately before commencing your banking session. You can't infect the computer if there's no traffic beforehand.

Do you get it now? Maybe you'd like me to explain how bus tickets work or how to use a telephone?

Well ...

I've been using both Mac and PC operating systems in all their guises since 1989 and I have ever only had one actual virus (as opposed to spyware) as such: and that came from an infected disk from someone else.

It had no real payload and was quickly removed after a call from the infection source, apologising profusely.

Rather than "shoot the terrorist and win a free Xbox!"...

...might a Mac-malware-infected banner read something more like "spray the bonsai and win an organic vegetable hamper!"?

Is that what the Sophos chap means by "social engineering lures"?

Seriously, Mac folk are bright enough to see through these kinds of wheezes.

Mmm...organic vegetables...

Wait a second...

I am a PC-user (I dont actually use "Macs"). But, there seems to be a rather clear difference between the relative "security" of "Macs" vs "Windows PCs".

Generally...

A "Windows PC" can be (and sometimes is) -infected- simply by its being on, and having an active Internet connection. Or, more commonly, a "Windows PC" can be compromised simply by using it normally (surfing the Web, checking e-mail, etc). Whereas, a "Mac" user seems to have to actually be tricked into loading, and allowing, any such "malware".

Thats a HUGE difference.

@Bit Twister - Take 2

So you're entire volume of evidence was based on the contents of one post? That's it? You penned a misleading reply based on nothing but what's posted above? No years of experience? No employment qualifications? No research? No degree in computer science?

'Bob' (not me, by the way), who wrote the first post, used a worst case scenario to exemplify how useful a LiveCD can be. Even if you use it for general browsing, and suffer a malware infection (which, incidentally, is no more likely than using a hard-disk installed OS in the traditional fashion), there is no difficulty in eradicating the malware completely, leaving no shadow of doubt that it is gone. This is achieved simply by re-booting the LiveCD - because the LiveCD boots from a read-only medium, that is, a medium that cannot be compromised.

Of course, as most people with an IQ over 80 would have realised by now, the principal use of the LiveCD in the context of secure internet usage (i.e. free from malware) is to boot and use only for critical functions such as banking. No one is suggesting (except maybe you) that a LiveCD would be used for general web browsing. Whilst there's no technical reason preventing general use, it would be somewhat inconvenient - hence Bob's assertion (and I quote):

"The only way to build a secure machine that's good for on-line banking, etc and is free from (technological) Trojans, keyloggers, etc. is to run an OS off a Live CD that you trust. Even if you get "infected", the infection is wiped out every time you reboot. Of course, this is a pain...".

Bob's reference to "a LiveCD that you trust" means to not just use any old thing you download from the internet. People with experience in this field know that building a trustworthy LiveCD is not challenging, not at all, but requires a modicum of prudence, as would downloading and installing any software. A while ago, in comments for another article on a similar subject, I suggested that a bank could provide a LiveCD itself, pre-configured for that bank. This would provide a good degree of trust for the average user - someone not predisposed to build their own LiveCD - but is certainly not the only way to achieve trust in a LiveCD. And the most important point here, is that any LiveCD from a reputable source that permits web access will be more secure (by several orders of magnitude) for critical functions (like banking).

Has this explanation helped? Do you now understand why, when you said, "Hmm - but it's not very useful if you get infected through the browser shortly before starting an on-line session with your bank, is it? I'll stick to using a grown-up OS, thanks.", that you completely misunderstood what Bob had said, had clearly not bothered to do any reading on the subject and made yourself look rather silly?

And no prizes for guessing what your idea of a "grown-up OS" is!

To save space, read these:

http://en.wikipedia.org/wiki/Telephone#Basic_principle

http://en.wikipedia.org/wiki/London_Buses#Fares

Mac folk

"Seriously, Mac folk are bright enough to see through these kinds of wheezes."

Excuse me? I seriously doubt this, i had a "friend" who was a windows xp user, and you just couldnt believe all the toolbars and user-approved stuff he had installed victim of social engineering. Then he moved to Macs, because he couldnt tell the difference between legitimate and malicious prompts while using his browser.

"might a Mac-malware-infected banner read something more like "spray the bonsai and win an organic vegetable hamper!"?"

This was shockingly amusing, that same "friend" of mine was a vegetarian, i reckon it could work with him. That particular patronization you made about Mac users, makes me wonder up to what degree that is really a myth.

The only thing i dont like much about Macs is the stinking smell of some of their users arrogancy and elitism.

--Linux user

right........

"Excuse me? I seriously doubt this, i had a "friend" who was a windows xp user, and you just couldnt believe all the toolbars and user-approved stuff he had installed"

You want individual names??? Anyone who has worked on an idiots PC knows all about it. I've seen IE with FIVE toolbars, and of course thats just whats visible. Several installed as a "service" by other apps.

You want apocryphal? The anon posters who go on about Linux and OS X boxes loaded with viruses and exploits. Now THATS something you can't expect us to seriously believe.

Try again. We aren't buying it.

re: re: Wait a Second

Actually... I was referring to inherent system-security (an underlying security-model, and implementation, that effectively decreases the dangers of any existing system-holes and security-flaws). In other words... a system, in which, without extensive user-interaction, such "malware" is effectively unable to cause damage, spread, or even, to function at all.

This type of "security" is something that "Windows-PCs" have been proven to lack.

And, by the way, many of those "social engineering" tactics (when applied to "Windows-PCs") often, actually, merely trick a PC-user into simply visiting a malicious-site... to allow the exploitation of existing, in-built, security-flaws (...holes, by the way, that have been repeatedly shown to be rife throughout the "Windows" environment).

In short, "Windows-PCs", simply by visiting a malignant Internet-site (or even, just by being allowed to be accessible via the Internet, at all) can be (and have been) fully-compromised... whereas, almost all of the "Mac" exploits that I have read about, require far more user interaction in order to defeat the inherent-security of the systems. And therefore, such attempts are not nearly as dangerous, or likely to succeed. Furthermore, lacking any un-assisted method of operation, this type of "Mac malware" cannot effectively propagate, "...in the wild" (...jumping, unassisted, from machine to machine) ...unlike many, actual, "Windows exploits".

Thats the -difference- I was pointing-out.