“OS.X Macarena poses no viable threat as currently conceived. Although we don’t have our hands on the virus source code, according to Symantec (who initially publicized the virus last week) OSX.Macarena can infect neither PowerPC-exclusive binaries, nor Universal binaries. It can only affect binaries that are Intel-specific. That would include various system files, but since OSX.Macarena can only infect files in its own directory and has no means of gaining the privileges necessary to escalate into directories where most system files are stored, the the threat level is mitigated,” MacFixIt reports.
MacFixIt reports, “Further, it can be reasonably said that this ‘virus’ is no more than a basic exploitation of the way in which UNIX permissions are designed to operate. By default, applications have permission to modify files that reside in their same directory. It’s somewhat akin to writing a shell script that deletes one or more (or all) files in the home user directory then distributing that script as a download: Running the script has a malicious outcome, but there would be no way to prevent its operation without changing the granularity of permissions in Mac OS X (assigning some applications tigher restrictions than the default user-level permissions allow) — something Apple may or may not enact in Mac OS X 10.5 (Leopard).”
MacFixIt reports, “Symantec admitted to MacFixIt: ‘I think the phrase ‘proof of concept’ which is used in the writeup may have caused some confusion. This is not a threat which is exploiting some bug, rather the concept that is being proven is that Mach-O files can be infected, and that Mac OSX file infecting viruses are therefore possible.'”
“Also, as has been the case with virtually all purported Mac OS X viruses documented by anti-virus firms thus far, there is no reliable vector for the spread of OSX.Macarena, meaning that a user would have to locate the source file, download it, compile the source and run the virus in order for any effect to occur,” MacFixIt reports. “As a result of these considerations, the OSX.Macarena has served less as a ‘warning shot’ across the bow of Mac OS X than as a re-iteration of just how difficult it is to write an effective virus for the operating system.”
Full article here.
Related MacDailyNews articles:
‘Macarena’ code shows author’s frustration at trying to make effective Mac OS X virus – November 06, 2006
Ars Technica: ‘New Mac ‘virus’ is proof of concept that hysteria sells anti-virus software’ – November 05, 2006
Symantec details ‘Macarena’ Mac OS X ‘proof-of-concept virus’ – November 03, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
McAfee: Microsoft ‘taking security risks’ with long-delayed, oft-pared-down Windows Vista – October 02, 2006
Why is Apple’s Mac OS X so much more secure than Microsoft’s Windows? – October 01, 2006
Apple Macs are far more secure than Windows PCs – September 26, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
“there is no reliable vector for the spread of OSX.Macarena, meaning that a user would have to locate the source file, download it, compile the source and run the virus in order for any effect to occur”
Gee, I’m REALLY scared now.
I’m feeling more “smugly” secure than ever before. Apparently, this is the best that these super-hackers can do against Mac OS X.
As obviously false as the “security through obscurity” myth is, we need to start spreading the new “myth”… Mac OS X is secure because Windows is such an infinitely easier to exploit target.
I don’t think it matters that macarena is a useless bit of code that is no danger to any Mac out there. I just know cNET is going to jump all over this and hail it as the dawn of the Mac OS Virus Onslaught.
Hey Sputnik,
By real IT world, you must mean the Window$ IT world. At least you gave everyone a good laugh. It just goes to show the mentality of your ilk, who are fearing for their livelihoods in the near future.
CEOs are bound to notice that Apple products run Window$, and wonder why IT keeps buying DuLLs that need motherboard and power supply replacements every two years (I know, I’ve had to deal with three of these DuLLs in the past 1 1/2 weeks alone).
We all know that Window$, Ballmer and Mi¢ro$oft cannot win this game against OS X, Steve Jobs and Apple. And they keep proving it time and again. Mi¢ro$oft will release Vi$ta (to try to compete with Tiger) with all of its bugs and security flaws, someone will hack and destroy it within 48 hours, and Apple will release Leopard to much fanfare, and kick MS’s butt again. M$ will wimper with their tails between their legs (while they try to fix the mess called Vi$ta), Ballmer will throw chairs and M$ will release their Leopard killer in…err, 2012… and no one will care.
That is the cycle of M$ innovation: steal it from Apple, or fake it to look like Apple, and just when you thought the fake was good enough, it’s not.
The Latin plural of virus is still viri. Even though I doubt we’ll see just one virus for macs soon anyway.
Sputnik!! You’re back! So many of us missed you. Now we all have your totally unbiased view of Doze, particularly Vista. I’ve learned soo much from you. You’re my hero.
All I know about Macarena is
That song needs more cowbell….
YHBT, HAND!
“Even though I doubt we’ll see just one virus for macs soon anyway.”
You’re right. We won’t see any.
— Smug, Arrogant and a Better Person Than a PC User
Yawn…….
Boy, that’s why I like my PowerPC G4 that much! What a great architecture to run your computing experience.
My next machine will be a G5 -:)
By the logic of this so-called “proof of concept” virus, would we label an Applescript routine that deletes files upon execution a virus?
Macarena reminds me of a joke.
QUESTION: What is a one-word oxymoron?
ANSWER: Algorithm.
Al Gore rhythm is 3 words.
Oh, I get it.
Good one.
Al should be careful next time he comes to Texas
We have the Kilgore Rangerettes.
And they’ve got killer legs.
ya know, i wonder why people say i’m a smug and arrogant Mac user simply because i state some things that are totally true…
“Macs cannot get Windows viruses ’cause Windows viruses are written specifically for Windows” and…
“There have been no outbreaks of Macintosh viruses since Mac OS X was released over 5 years ago”.
doesnt matter if you can back up your statements with documents and facts. seems to me that it’s not Mac users that are arrogant but its Windows users that are insecure.
pun intended.
People, people, people.
Sputnik signs this deeply sarcastic pieces with a © symbol.
There are only 43 Windows users on the planet that know how to make the © symbol on a Windows PC. Chances of Sputnik being one of them are very slim.
Of course he is a Mac user being extremely sarcastic.
widows=swiss cheese
I dunno, Big Al. This page identifies itself as <meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ >
So, for any browser that supports Unicode and any font that supports Unicode, all it might take is “unicode copyright symbol” and Google’s “I’m Feeling Lucky” button. Let’s see if this forum supports them:
©
©
Yep. Both the ASCII numeric (&169;) and the hex value (&xA9) codes work.
MDN from my last post? I thought they would….
[stupid smilies…..]
‘virus’ still has no Latin plural, as it cannot be plural in Latin.
Viruses?
http://en.wikipedia.org/wiki/Plural_of_virus
I can’t believe that you guys deviate from the point so much.
And Sputnik – welcome back. I missed the intangible threats from the real IT world. Somehow I felt lost without them.
void(0);
MW “filled” And now my life has finally been filled with the return of the Sputnik
OK, lets review and see if I read this thing and understood correctly…..
To get the Macarena “virus” I need to search the internet, find it, download the source code, compile it, then execute it with admin access…..
Stupid Mac OS…. With windows I never need to search for the virus, it comes and finds me…..
I thought the MAC was supposed to be so far advanced and superior to windows…
</straightface> </sarcasm>
Bwah ha ha ha ha I can’t believe the windows IT whiners think this is a real threat, or the start of some major virus plauge for OS X In fact the only concept that it proves in Mac OS X 0 viruses for 6 years and counting
New twist, to infect OS X it appears that macarena must be run from windows on an intel mac, either parallels or boot camp. Guess thats another reason to stay away from windows.
Link
http://www.macnightowl.com/2006/11/07/welcome-to-the-world-of-fake-mac-viruses/
I only use Symentec on my Windoze running laptop.
On my Mac I use nothing…going on 4.5 years now. The machine has been continuously connected to my DSL line for 4.5 year minus hurricane down time. The machine works great. No viruses. No problems.
If I could drop Symantec on my PC I would. But unfortunately Microsoft makes such a crappy product that I cannot.
Just my $0.02
“Yep, just as i’ve been saying for years now, MacOS X suffers from a lack of any good malware.”
It’s a shame really. I wish Mac users had a larger selection of malware to choose from. If you really need it, you can always run boot camp.