MacDailyNews - Where Mac news comes first

Finally, some common sense... I also haven't changed any settings on my computers.

MW: sense... no really!

I love it when someone has the guts to tell like it is.

Another level headed response to the rash of chicken little articles that have flooded the internet about Mac OS X security.

Thanks Wired! I have another article to forward back to any PC weenie who tries to email me an "I told you so" link about the latest Mac OS X 'security threats'.

Well for the guys at MacWorld who had to break a sweat for about a day to get Leap-A to reek havoc on their test Macs, what is really the fuss if a user really has go out of his/her way to make it work?!

This is not to say that Mac OS X is somehow hacker proof, but at the end of the day we all know that Mac OS X is inherently more secure than Windows for various reasons (lacking things like ActiveX is an example).

All this stuff is giving me the shits!

I am not a techie just a devoted user and I am just so confused with all the stuff coming from the 'experts', which differs quite a bit from person to person.

Then there are all the users here at MDN. I and most of us, I guess, do not know the credentials of the people on this site and who to listen to and who not to!

A week ago we were all bulletproof and today we are full of worms!!!!

CONFUSED!

My favorite line:
". . . and these new security threats are no more threatening that a paraplegic kitten."

What a visual. Please open your hearts and give generously to the Paraplegic Kitten Foundation (PKF). Thank you.

Still be wary of files gleaned from social networks, bittorrent, etc... Hackers will be targetting Mac especially since the media is jumping all over every event new or old.

Affy, Mac OS X is very secure compared to Windows. It does have some holes, but they will likely be plugged before anything widespread occurs.

We will never have viruses the likes Windows sufferers XPerience.

Run under a non-admin user account.

Don't download files from dubious sources and you'll be fine. I run a virus scanner every few months because my Windows-suffering company mandates it.

Don't sweat it.

Now what we need is to get CNN Headline News to probe a little more deeply into this "Mac virus" thing like Wired and others have done. To listen to it last night you'd think this new "Mac virus" was running rampant throughout the net causing tons of grief.

I wish news organizations would start competing with each other more on terms of accuracy rather than who can drum up the most shock & awe.

Bill O'Reily are you listening? Go get em.

Affy:

I second that.

Written with real stones.

But Nameless Weasels, I thought Leander had (to use your moronic and misplaced phrase) "jumped the shark"?

Did he not "jump the shark" now?
Does it only work when it disagrees with your "take"?

What's up Weasels?

This guy is full of crap. Everyone knows that if you have a paraplegic kitten, you just shoot the darn thing in the head. Sheesh!

"Did he not "jump the shark" now?"

Actually, this time Leander strangled the octopus. Ink everywhere.

While Symantec trumpets these "proof-of-concept" exploits developped in their laboratories, they fail to mention that their Antiviruse would NOT have prevented these so-called viruse.

They also don't mention that one of the worst MacOSX vulnerabilities was in Symantec own antivirus software, a buffer overflow when decompressing zip files in search for nonexistent virus signature.

It has been Microsoft mantra, echoed by gullible journalists, that "All software is insecure", so people should buy Windows. They fail to mention that Microsoft OSES is demonstrably the most insecure of all, by a huge margin.

DrDude:
We know why God kills kittens. But what on earth do you have to do to yourself for God to paralyze them? Now THAT'S a "storm in a teacup."
(today is Quaint Expression Day for those of you just tuning in)

Doesn't hurt anything to move Terminal.app out of the Utilities folder until Apple fixes auto execute on shell scripts. While I don't suspect any type of attack...moving the app took a few seconds, moving it back when there's a fix will take another. Well worth the easy fix for a little peace of mind. I've rebuilt damaged or compromised computers (PCs for friends & family)...and I'd rather take a simple precaution then have to rebuild a Mac.

I'm really suprised to here this coming from Wired. They have been doing a bit too much Mac bashing as of recently, and they seem to be wanting to try to get some of the advertising dollars back from Apple. Just a thought, since Apple advertising was mysteriously missing from the last couple of Wired magazines.

Is that an English or Metric crapload?

Affy:
Remember Chicken Little? Well, he was wrong. End of story, at least until the next breathless, most likely clueless news report ( or a Sputnik post).

Affy,

I can understand why you feel confused, but the simple point is that all these scare stories originate from companies who sell anti-virus software. It's very much in their interests that you are made to feel confused and vulnerable so that you go out and buy their software.

Those companies reckon that they can get rich by thinking that you're stupid enough to be scared by their trumped up nonsense.

I don't know how many people visit this board. Let's assume it's just a few thousand. These are the people who use their Macs the most. Not one person on any forum that I've visited has made any sensible claim that they have actually had to ever fight off one of these worms, or even that they know anybody who has. Now ask just ten of your PC-owning friends if they have ever had a virus on their PC.

But don't forget that these stories are not about viruses, they are about obscure and theoretical exploits where the user actually has to virtually invite the malware in. It was so funny to read the report of the people who tried to investigate one worm and who spent ages trying to make it infect their Mac.

If the most frightening worm that we have to deal with needed two experts to spend hours deliberately making the conditions suitable for infection, then I don't think we have anything to worry about.

Don't be a lemming and buy unnecessary Anti-Virus software just so the Symantecs and Integos of the world can make a buck off of this pathetic scare tactic. Just remain calm and have a little common computing sense. That's the only real protection you need.

The double standards, ignorance and complacency of these forums never fail to amaze me. MacOS has a serious vulnerability whereby a file that appears to be a jpeg, MP3, gif or any other kind of media file can run a malicious script, without you having any knowledge of this, and you're all dismissing it like it's part of routine computing. It's not! If this was a Windows vulnerability you'd be all over it like a ton of bricks. All disabling the Safari option does is prevent this running automatically - the system is still vulnerable to dodgy files. Now, the fact that there are work arounds, and savvy users can avoid the issue, is great - but it doesn't negate the fact that this is a serious vulnerability. Is renaming system applications so that they won't run really a sensible option for a modern, secure OS? I don't think so. For what it's worth, all Windows vulnerabilities I know of can also be avoided by savvy users and/or work arounds. Does this mean that Windows is now a secure platform? Get real guys.

Totally agree with this guy. The latest script hole is kinda of a joke too. There are still many obsticles to be overcome before anyone could actually take over an OSX machine. Finding what your I.P. address is of your machine would be the first. Getting through your router would be the second and getting through OSX's firewall would be the third. Then they would need the admin password of the machine and user login to get in. The chances of all of these things being compromised are such a long shot. And all of these stories have been about concepts and theories and not real machines compromised so I stil don't see the big deal behind it. Apple knows it isn't perfect but compared to Windows is sure looks perfect and so all of these writers really try and make a big deal out of nothing and then the antivirus companies can't wait to jump in and make a panic over it to so they can make people jump and go out and buy there products.

Waiting for the day someone writes a complex virus that when you double click on it launches something that resembles a word processing program which causes strange things to happen to your computer...

oh wait, its called Word....never mind

I suspect that the rise in Mac market share is frightening the AV software companies. Their profits from Mac versions has probably plummeted in the last couple of years (zero?). If Mac continues to be virus-free and more and more Macs come into use, that means fewer windows sales. Oooo, scary.

The BBC calls these "serious security bugs" and labels them as "viruses"


Still, I don't see the day when my Macs will have hundreds of viruses and spyware programs like my friends' Windows PC's and laptops have.

I work in a hospital in Philadelphia (I'm a doctor) and our whole hospital's computer network has been down for 2 days now due to a Windoze virus. It has been complete chaos here! I'm the only one who finds it mildly amusing and ironic because I told the guy who is in charge of IT 5 years ago that they should switch to a Unix-based alternative - the Macintosh platform or some Linux distro. He laughed at me and told me that both Linux and the Mac platform would be history in 5-10 years. Egg on his face, fool!!!

Have fun cleaning up over 6000 PeeCees!

Dear All,

Thanks for all the positive feedback.

I wonder if I download the file and transfer it to my OS9 computer and try to open it, would it infect it too? If it were a true JPEG, it would open with no problems. If it were a malicious script, then would it be rendered harmless because OS9 won't recognize it?

Yep, loada crap. I agree.

Qman -

sometimes the BBC lets proper journalists write stories, sometimes they let some idiot do a cut and paste job with press releases from companies with a financial interest in the story.

Sadly this story is poorly researched. But right at the end, long after the lurid headlines, it doe say "The risk to users from the virus is almost non-existent because the variants are only proof-of-concept bugs and none have been released to the wild. "

So even the BBC has to admit that it's a non-story after all.

Hold on a minute! Is this guy saying a paraplegic kitten is not a hazard?
Let's get clear on this.
You could trip over it.
You could step on it and kill it but slip on it's remains.
You could roll over on it in bed and smother (but it could BITE!)
You could get a furball...

Let's not underestimate the threat here from kittens..
That's all I'm saying

pr: Even worse, you could be stalked by overzealous celebrities fighting for the rights of paraplegic kittens everywhere. Paralyzed fur is murder! Or something . . .

Reality Check...

This is the same thing that's "discovered" about every six months since there was a Mac OS.

This is the Mac equivalent of naming a file hotnekkidbritney.jpg.exe on a Windows machine.

90% of Windows users out there will think it's a jpeg because, by default Windows hides the extensions.

This is the IDENTICAL mechanism used by the MP3Concept "virus"of late 2004, which makes it a joke, because Secunia lists THAT one as "Very Low Risk".

Moreover, this issue of forging file metatdata to hide an executable has existed on the Mac since 1894.

The advice to turn off "Safe" file handlig in Safari is VERY GOOD ADVICE.

I just sent $20 to the PKF. They'll be so cute in their kittle wheelchairs, but mice will be running wild.

". . . but mice will be running wild."

Yes, but there are three blind ones who keep getting their white canes stuck in the spokes. It's all just so sad.

Thanks for giving, neomonkey. Part of the funds are going to research for new protective airbags for all four paws. The research videos are reminiscent of the latest Mars landers bouncing to the surface. Vertigo, low ceilings and nausea are still HUGE problems.

Reality Check, you need a serious Reality Check. Get back to us when you've got something real instead of alarmist propaganda.

{Heavy sigh of relief}

O.K. Return to Defcon One!

Never, NEVER understimate the killing potential of a paraplegic kitten.

Reality Check is the resident troll at The Mac observer in case anyone didn't know. Don't feed him. Starving troll eventually dry up and blow away like dogshit in August.

Reality Check is the resident troll at The Mac Observer in case anyone didn't know. Don't feed him. Starving trolls eventually dry up and blow away like dogshit in August.

Since Apple is getting huge in popularity, Mac tojans and virus reports are just a way to sell anti-virus programs to the mac user

Real IT guy: "This is the Mac equivalent of naming a file hotnekkidbritney.jpg.exe on a Windows machine.

90% of Windows users out there will think it's a jpeg because, by default Windows hides the extensions.

100% true, but, to be fair - in a Windows environment the icon changes to the default icon for an .exe file (regardless of weather the extension is hidden or not). Still, a user can double click it if he/she wants to.

On the Mac, from reading the reports of this "vulnerability", the icon itself still LOOKS to be a jpg file, correct? Seriously, this is not a taunt/flame. I just want to know how to protect myself or what to look for on my Mac.

But if you feel you need to feed a troll, it's diet consists primarily of raw crow. Mmmmm, that's tasty crow.