iTWire - Mac malware bends browsers to suspect sites

David Cake dave at difference.com.au
Thu Nov 1 23:44:29 PDT 2007 

At 5:34 PM -0700 1/11/07, Hex Star wrote:
>On 11/1/07, Kevin Callahan <kcall at mac.com> wrote:
>>
>>
>>  http://www.itwire.com/content/view/15133/53/
>>
>>
>  > http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php
>
>If a user is dumb enough to download random software off the internet,
>extract it, run it and then enter their administrative credentials
>then IMO they deserve to have their system owned. Everyone else is
>safe :)

	Sure, but reporting an active attempt to exploit this variety 
stupid is useful and valid, and attempting to find ways to close the 
effectiveness of the exploit is valid too. I don't think we should be 
too dismissive of 'oh, this only affects stupid people, therefore it 
doesn't matter'.
	In this case, while you might be foolish to download 
something that purports codec from a random porn site, plenty of us 
would download codecs from sites that we have nothing but (probably 
fakable to some degree) social evidence for the validity of - eg, I 
downloaded and installed Perian just because a few sites I read and 
trust to be fairly clueful (Daring Fireball possible?) recommended it 
was a good idea.
	Its worth considering how Apple could use, say, the file 
system events watching capabilitiies (FSEvents) used by Time Machine 
to pick up odd and important changes to the file system and inform 
users of that  - changes to the root cron tab, and changes to DNS 
setttings, are both things that I wouldn't mind being informed about 
when they happen, even if it means I get a few alerts when its 
intended behaviour every now and then. Apple already has mechanisms 
to authenticate its own apps, etc. Anyone know if any apps along 
these lines exist?
	Its possibly an example of how Apples approach to system 
level authentication is less secure than Microsofts in Vista - its my 
vague understanding, given that I don't use Vista much, that its 
harder to make one single password authentication validate a variety 
of  unannounced system changes like this? Which isn't to say that the 
user experience gains from Apples approach might not make it a 
reasonable choice - when Apple and Microsoft make different 
tradeoffs, it doesn't mean one is clearly correct.
	Cheers
		David

More information about the MacOSX-talk mailing list