Thursday, February 16, 2006
Slashdot | First OS X Virus?
Read more at it.slashdot.org/article...
UPDATE: Here's a great rundown of what's going on thanks to Ambrosia
So, first of all, it's not a ' virus ', it's a trojan or a worm - so let's not everybody panic now. A person has to actually allow this thing to run - it can't do anything on its own - so it's really not as bad as a virus (which can basically do anything it wants whenever it wants to).
Second, I think everyone should be forewarned - THIS IS VERY SERIOUS. There is a malicious executable floating around, claiming to be something benign, disguising itself very well, and carry a nefarious payload. THIS IS VERY SERIOUS.
I want to use this opportunity to write a piece about personal machine administration that I've been meaning to do for some time now. That will come later.
For now though, I want to reassure the folks out there about what this really means.Some people have been using Mac OS X primarily because of it's 'security', by which people typically meant 'safety' because they didn't actually know anything about Mac OS X's 'security' per se, as there weren't really any known attacks to measure it with.
The 'safety' came from the separation from the Microsoft technologies that were typically used to transmit some malicious payload, or was the principle site of the exploit. This 'safety' reason was a good reason to use Mac OS X. IT STILL IS a good reason to use OS X.
However, no operating system (from Apple or anyone else) will ever be able to protect its users from themselves - not completely anyway. The threat of a trojan/worm will always exist on any and every operating system.
These things are executed by a user, somehow directing the machine directly - someone the machine MUST be able to trust in order to function. In the best case scenario the user will be warned before doing something the operating system thinks might not turn out the way they wanted, like when you visit a website with an unverifiable certificate, etc. Even in this instance though, the user (at some level of security, maybe some classification of restricted users can't do what they want, but the 'Administrator' of the machine at any rate) MUST be permitted to direct the machine, and not the other way around.
(Analogy: You car is headed for a giant tree at 200 Km/h and you turn the steering wheel to avoid it, with plenty of time to make the turn, and the car decides that because you're cell phone is ringing (or something similarly stupid) you don't know what you're doing and ignores the steering wheel... yikes! ) You wouldn't like it much if you were prompted with an "Are you sure?" dialog before the computer executed every single action, would you. ("Are you sure you want to open the document you just double clicked on?" "Are you sure you want to go to that webpage you just clicked on the bookmark for?" "Are you sure you want to pull down that menu you just clicked on?" "The computer detected that you have moved the mouse - Are you sure you want to move the screen pointer 3 pixels to the left and 2 pixels up?" - pretty annoying, eh?)
No operating system should be given the power to refuse an order from a user that should be trusted - but in the bluntest terms, NO users can be trusted. There will always be ways to entice people (even smart computer people) to open things they shouldn't, whether it be promising screenshots of the next OS release (as in this case), or spring-break-girls-naked videos, or drugs, or money, or whatever it is.... and people will run these things thinking they're one thing and realising later it's something else entirely, only too late. There's no second chances in this game.
There are things the OS can do to protect us (and it's doing many of them already), and there are things we can do for ourselves (I'll go over some in my article to come), but to sum all this up, every single user needs to take responsibility for their own cyber-space.
Don't open things you can't trust. Period.
After all, a computer is only as smart as the monkey in front of it.
UPDATE: Here's a great rundown of what's going on thanks to Ambrosia
So, first of all, it's not a ' virus ', it's a trojan or a worm - so let's not everybody panic now. A person has to actually allow this thing to run - it can't do anything on its own - so it's really not as bad as a virus (which can basically do anything it wants whenever it wants to).
Second, I think everyone should be forewarned - THIS IS VERY SERIOUS. There is a malicious executable floating around, claiming to be something benign, disguising itself very well, and carry a nefarious payload. THIS IS VERY SERIOUS.
I want to use this opportunity to write a piece about personal machine administration that I've been meaning to do for some time now. That will come later.
For now though, I want to reassure the folks out there about what this really means.Some people have been using Mac OS X primarily because of it's 'security', by which people typically meant 'safety' because they didn't actually know anything about Mac OS X's 'security' per se, as there weren't really any known attacks to measure it with.
The 'safety' came from the separation from the Microsoft technologies that were typically used to transmit some malicious payload, or was the principle site of the exploit. This 'safety' reason was a good reason to use Mac OS X. IT STILL IS a good reason to use OS X.
However, no operating system (from Apple or anyone else) will ever be able to protect its users from themselves - not completely anyway. The threat of a trojan/worm will always exist on any and every operating system.
These things are executed by a user, somehow directing the machine directly - someone the machine MUST be able to trust in order to function. In the best case scenario the user will be warned before doing something the operating system thinks might not turn out the way they wanted, like when you visit a website with an unverifiable certificate, etc. Even in this instance though, the user (at some level of security, maybe some classification of restricted users can't do what they want, but the 'Administrator' of the machine at any rate) MUST be permitted to direct the machine, and not the other way around.
(Analogy: You car is headed for a giant tree at 200 Km/h and you turn the steering wheel to avoid it, with plenty of time to make the turn, and the car decides that because you're cell phone is ringing (or something similarly stupid) you don't know what you're doing and ignores the steering wheel... yikes! ) You wouldn't like it much if you were prompted with an "Are you sure?" dialog before the computer executed every single action, would you. ("Are you sure you want to open the document you just double clicked on?" "Are you sure you want to go to that webpage you just clicked on the bookmark for?" "Are you sure you want to pull down that menu you just clicked on?" "The computer detected that you have moved the mouse - Are you sure you want to move the screen pointer 3 pixels to the left and 2 pixels up?" - pretty annoying, eh?)
No operating system should be given the power to refuse an order from a user that should be trusted - but in the bluntest terms, NO users can be trusted. There will always be ways to entice people (even smart computer people) to open things they shouldn't, whether it be promising screenshots of the next OS release (as in this case), or spring-break-girls-naked videos, or drugs, or money, or whatever it is.... and people will run these things thinking they're one thing and realising later it's something else entirely, only too late. There's no second chances in this game.
There are things the OS can do to protect us (and it's doing many of them already), and there are things we can do for ourselves (I'll go over some in my article to come), but to sum all this up, every single user needs to take responsibility for their own cyber-space.
Don't open things you can't trust. Period.
After all, a computer is only as smart as the monkey in front of it.
