“Apple has responded to reports that a Trojan Horse has been found in a bogus Microsoft Word 2004 demo. The company issued a statement, suggesting that the Trojan is not a significant threat as it does not propagate itself,” Karen Haslam reports for Macworld UK. “Apple said: ‘This is not a virus, does not propagate itself and has only been found on a peer to peer network. This is an example of the perils of seeking illegal software.'”
Full article here.
Related MacDailyNews articles:
Intego says Mac OS X Trojan AppleScript applet in the wild – May 12, 2004
Mac OS X so-called Trojan horse ‘exaggerated FUD to sell security software, a non-issue’ – April 10, 2004
I tend to agree with them, but this STILL needs to be addressed. I won’t shed a bunch of tears over anyone who tries to get software for free who loses data in the process, but since it could be speard via email or other more benign methods, Apple should make it harder to run ANY AppleScript that erases your data without asking your permission (and allowing “power users” to disable the warnings).
I have to disagree there. An Applescript only executes commands that the user himself/herself is privileged to do. Many people like me need this functionality.
I say caveat user.
“However, while this Trojan Horse is unable to propagate itself, it is the first example Mac-specific malicious software to emerge following the Concept Trojan Horse identified by Intego last month.”
They write this stuff as if it’s never been done before. Even in the old OS 9 days there were AppleScript trojan horses on the Hotline boards. No one ever made a stink about those.
It’s just another publicity stunt by Intego. Nobody should fall for it or buy the crap software they’re peddling.
The media seems desperate to find a weakness in MacOS X. A conspiracy theorist might wonder if they are being “encouraged” by M$.
I would like to see an Apple ad campaign, “M$ Windows is beating MacOS X 70,000 to 1…in viruses, worms and trojans. Which operating system would you prefer?” I can see the beginning of the commercial with a big, white “M$ Windows Wins” and “70,000 to 1” floating larger on a black background. Then the words “viruses” and “worms” appear with specific names like blaster, etc. Maybe that’s too geekish to be effective, though.
” Apple should make it harder to run ANY AppleScript that erases your data without asking your permission”
Now thats a liberal statement. Waaaa fix it so I cant break it, take care of me for free. Time for people to be responsible for their own actions, it deletes your home folder, not the system folders. Take inititive, and if you get a file from someone you don’t know, or about something you didn’t ask for, or the email isn’t signed. The don’t run it DUH. This is basic Email 101.
Needs to be addressed? If that’s the case, then let’s disallow users from being able to delete or modify anything at all without the express permission of a qualified Apple technician – in every instance.
Let’s be real. If someone is stupid enough to run this AND stupid enough to not regularly back-up their hard drive, then they’re doubly doomed. Darwin applies. Delete away.
Too Geekish to be effective? That’s a Brilliant idea! I’d love to see someone work up a concept video for it, just for kicks.
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
This is no different than downloading any other program and installing it. Even Photoshop and Office make changes to the directories.
Anyone that thinks they are installing a legitimate software package is subject to malicious programs. Programs read, write, move, delete, and open things on the hard drive. You cannot stop this without preventing that and making the computer useless.
The lesson here is, don’t install software you get from a legitimate source. Macupdate.com and other sites like it are great places to get software becuase everything is screened. Download something from an e-mail, peer-to-peer network or Joe Blow’s Software Waraz Site and you better beware.
That should have been…
“Don’t install software you DON’T get from…”
“Stealing Is Bad Karma”- Steve Jobs
Download Illegal Software at your own risk.
Way to go, Apple! Turn Intego’s marketing ploy into a marketing ploy for iTMS !!!! It’s PR judo.
I hope more of these trojans show up on the P2Ps. One that would delete all of a user’s MP3s while leaving the MP4s intact would be just the ticket. Call it “iTMS paladin”.
I agree with twilightmoon on this. What I’m saying is that Apple should make it harder for *anything* to mass delete data. Deleting a few files from directories is no big deal, but “rm -rf ~” is a big deal! No normal user would ever run that on the shell intentionally. Power users…..maybe. Most likely it would be used in a lab environment by an admin in some kind of script though. The point being, Apple should throw in extra safeties to keep this kind of thing from being possible for normal users. All that would be necessary is a “safety” of sorts. You can disable it manually if you like, but it’s on by default so normal users don’t ever have their home folder deleted for them by a script. Most people are smart enough to know not to drop their home folder in the trash, but most people don’t even know the terminal exists and certainly don’t know they could delete their entire home directory by running a single command without authentication.
-Joel
Would removing the “empty trash” command from AppleScript be that disruptive?
I’m not a scripter, it’s just an honest question.
I have no sympathy for someone who screws up their computer trying to install illegal software and/or stupid enough to think that Microsoft has the ability to make an installer as slim as 108KB.
Let me ask the Unix and/or AppleScript experts out there a question. Is it possible to come up with a script that would automatically bring up a warning if files from a certain area (like Home folder) or maybe over a certain number of files are about to be deleted?
About the only way to do that would be to replace the “rm” command with the functionality you want, and let the user approve or disapprove the action.
The major problem with this is that there are lots of legitimate scripts that need this kind of functionality – like the periodic maintenance scripts – and can’t have user interaction.
To those who say “let the downloader beware” I would respond that one of the great selling points about the Mac is that it is safer for NON-experts–that’s why I bought one for my retired parents’ as their first computer. A simple warning for the unusual case that you are about to delete ALL your files/data and asking you to confirm, seems pretty reasonable to me and very much in the Mac tradition. The impact on Power users, who should be able to disable it, should be minimal.
***** P2P NETWORKS ARE NOT ILLEGAL*****
Apple said: “This is not a virus, does not propagate itself and has only been found on a peer to peer network. This is an example of the perils of seeking illegal software.”
The person who found this was NOT LOOKING FOR ILLEGAL SOFTWARE!!!!! He was looking for the DEMO! Demo means FREE.
He was stupid not to look at the file size that he was DLing.
The reason most people use P2P networks is because the connections are better and a much wider range of items can be found at one place. Now I’m not saying that people aren’t using P2P to find illegal software, but damn don’t say that’s what you get for using a P2P network.
Why looking for a DEMO of M$ sw on Limeware and not on their site?
Can you look for a DEMO of Keynote too on P2P?
I found a trojan on my Mac – HELP! What happens is this, when I sellect a directory and then press the DELETE key, the directory is DELETED! Help, Macs are unsafe – will my insurance cover this?
Boycott Intego
i can’t completely agree to apple. as already said it shouldn’t be allowed to apple script to execute code that the user is not allowed to.
in mac os x 10.2 i needed a root password to modify the system folder but now in 10.3 i only need an administrator password. i think this new 10.3 behaviour is very dangerous and this might be the cause that applescript can delete the whole system. so apple please change the permissions back to root for the system folder.
negrito:??
What are you talking about? What new behavior? The Applescript cannot delete the whole system, only your $HOME. This is what happened with
‘rm -rf ~’
Who the hell told you that? You are lost, dude.
PLEASE. Make sure you know what you are talking about before you spout off about “solutions” to this issue. The command-line program ‘rm’ is NOT the only way to delete many files. This can be done in ANY programming language for any OS.
Read this:
http://www.danshockley.com/weblog.php