Apple tries to kill iWorm: Zombie botnet feasting on Mac brains Apple has updated its XProtect anti-malware system to squash several variants of the iWorm before the malware causes any further damage. The changes to the program XProtect.plist allows OSX to detect and block three species of iWorm, helpfully named OSX.iWorm.A, OSX.iWorm.B, and OSX.iWorm.C. XProtect is Apple's rudimentary …
Unless you're a fool who downloads pirated software and then types in the obligatory admin password to complete a malware install, you don't need to hope anything.
If you are the kind of fool who downloads pirated software and then types in the obligatory admin password to complete a malware install, Xprotect should kick you up the arse before you get a chance, for this particular nasty.
You're not a Mac user are you. Mac software is signed by Apple. You have to specifically turn off the feature to install unsigned software. If it is signed, you know the source of the software and can be sure.
And memory sticks. What are those? I seem to remember using things called memory sticks in my youth but it's so long ago I can hardly remember.
Neither Gatekeeper nor XProtect work for drive-by downloads via browser or plugin vulnerability, apps which download something but don't set the quarantine attribute on whatever it is they've downloaded, or stuff off DVDs or USB sticks. Both rely on a lot of things playing nicely which is not a given with malware.
Nope. The worst thing about this attack is that it doesn't need administrative intervention to install itself. The infection vector is a deliberate security hole introduced by Apple to facilitate their automatic security updates! A great example of shooting oneself in the foot.
The moral is (as we've said about MS since the 1980s) that "ease of use" shouldn't ever compromise security - MS made a whole series of stupid "ease of use" decisions which bite them to this day. Apple have now done the same and will suffer for it.
More specifically, the only instances we have seen thus far have been when lusers have taken to obtaining/installing pirated software obtained through warez sites.
Amusingly enough it needs the admin password and explicit permission to install.
File this one away under the category of "stop being an idiot"
Karl P
"Oh, wait a minute, someone I've never heard of has just sent me a link to a new porn site. Must be genuine!"
Various ladies from the Ukraine want to fall in love with me.
Apparently.
They claim they are good looking too.
What could possibly go wrong?
A beer because it's that time of day,
Well, for years the Apple users have been laughing at Windoze users because "Apple doesn't get viruses, etc.". That mentality is now biting them in the ass. They think they're safe and can open any file they want.
So to "stop being an idiot" will require a different mindset for them. Then again, there's millions of Windows users who are idiots in this way.
Well, for years the Apple users have been laughing at Windoze users because "Apple doesn't get viruses, etc.". That mentality is now biting them in the ass. They think they're safe and can open any file they want.
So to "stop being an idiot" will require a different mindset for them. Then again, there's millions of Windows users who are idiots in this way.
Thanks for tarring all people with the same brush. I have never claimed that - even more importantly, I have never even claimed that for Linux (and plenty do). The distro that got me started on Linux (Slackware, and it came on 14 floppies) and several versions after that was also as leaky as the Titanic, but with less singing as it sank.
There is no OS that has intrinsic protection against stupidity, and if you insist on visiting dangerous places on the Net without proper safeguards it will matter little if that is Windows, OSX, Android, iOS, Linux, *BSD or even QNX. Here is an acid test: if the Irish virus works on your system, switch it off and take up knitting.
Thank you, and good night.
Apple locks down shared directories so it's normal for software to need an admin password during installation. It in no way helps the user know whether the software is legit or a trojan horse backed up by some good social engineering. This is a case where finer grained permissions would be very helpful.
Apple's digital signatures are worthless except for validating the integrity of paid apps. Open source software binaries are rarely signed and not all forms of executables can be signed.
Apple's digital signatures are worthless except for validating the integrity of paid apps. Open source software binaries are rarely signed and not all forms of executables can be signed.
They work. If you want to use Open Source, it means you generally have some idea of what you're getting yourself into and the OSX security settings make it very clear that installing an App without even a dev signature is a bad idea. If you HAVE a dev signature, you can identify who wrote the code, which makes it a bit harder for criminals to avoid leaving a trace with dodgy code.
It's not perfect, no system is. But the OSX approach does create barriers to wanton installation of malware. If it could only bar the installation of any Brother printer software - I never, ever want that crud on my machine again. Ever.
@Mike Bell
Yup. I know. I was being flippant. I thought the clue might be that I was a) poking fun at the misleading headline and b) suggesting that The Register would tone down its language at the request of Apple. As any fule no, <flippancy> The Register only tones down the rhetoric for Microsoft </flippancy>
This post has been deleted by its author
Only a fool would claim that <insert name of machine here> can’t get viruses. But you do need to understand the difference between a virus, a worm and a trojan. A virus is something that you get from unprotected sex, a worm is something that a nerd* might try to have sex with (if ever lucky enough to snare a partner), and a trojan is something that our trans-atlantic chums like to put on their worms in order to protect themselves from a virus.
*geeks, of course, are always tremendously well endowed and never go into battle with anything less than a boa-constrictor.
**and yes, I do know what the difference is - but I suddenly caught a nasty malaise, and I realised that I can’t be bothered.
You thought Apple products never get viruses? You'd be right,
There are no Mac viruses. Period.
What there are, are trojans which can get installed by careless or reckless users. Just like you can install on virtually every OS. You can only help some users so much.
"You thought Apple products never get viruses? You'd be right,
There are no Mac viruses. Period."
Pre OSX Macs had there fair share of viruses, with SevenDust, MacMag and Elk Convert springing to mind. OSX has been virus free as far as I know but has had its sure share of worms and Trojans.
It's all becoming a blur now because of misuse of the terms and ever some malware doing more than one "style" of nasty business.
If my memory of my learning days is still OK, it goes something like this:
Trojan - idiot user installs, then it does it's stuff quietly while the user isn't looking (tends not to replicate itself).
Worm - exploits holes in security to "worm" it's way around networks (including the intertubes).
Virus - attaches to other executables and may move to other systems by finding "portable" executables (such as shared disks).
I'm sure I'm wrong in some way, but I spend all day having to dumb things down to "you had a virus" for customers.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
