Last month an eMail distributed proof of concept (aka nonfunctional) malware program was discovered for Mac OS X. A couple different companies claim they 'discovered' it. It is being labeled as a 'worm' because it is able to replicate itself after infection. It does not qualify as a virus because it does not damage the host computer. However, it is actually a Trojan horse because it requires user error in order to be installed. Its worm behavior is therefore secondary and cannot be used in its name. Sorry. (;_;)
Rant: I'm a biologist who became addicted to Mac technology and works as a professional Mac technologist. So how come I, without a computer science degree, am able to distinguish a Trojan horse from a worm while professional computer security companies can't? I am thoroughly baffled. Was there perhaps one person who made the initial error and everyone followed along like good little sheep? Likely. It became evident eight years ago in the USA that sheep are the 'in' thing to be. Shameful. End of rant.
The best reports I found on Tored.A are over at Intego, F-Secure and CA. The lamest report is at Sophos, not worth linking.
An interesting short article about Tored.A was posted over at the HowStuffWorks blog. I wrote a reply to the article and tossed in some of my usual educational chatter. Here is a repost for your pleasure:
Here are some useful facts:--
1) Symantec started the Anti-Mac security FUD campaign back in August 2005. In the intervening three and a half years Mac OS X has failed to be deluged in malware. There was no doom and gloom. The sky did not fall. Symantec continues to make the single worst anti-malware app for Mac. Figures.
2) There is a standard naming system for malware. This is how it works: First comes the type of malware. Tored-A is a Trojan horse. It is NOT a 'worm' until AFTER it has been installed by a computer user, which is of secondary importance. Therefore, the first part of its standard name is 'Trojan'. Second comes the name of the operating system on which it runs. In this case it is 'OSX'. Third comes that identifying 'name' of the malware. The discoverer in this case chose 'Tored'. Why is up to them. Last comes the 'strain' or version of the malware. The first discovered version is called A. Next is B, etc. Take note that despite this long published standard, anti-malware companies usually don't care. That's why there are often many names for exactly the same malware, resulting in needless chaos and confusion.
3) There never was any such thing as 'security by obscurity' for Mac OS X. The fact is that Mac OS X is incredibly harder to hack than Windows. That is why there are only Trojan Horses for Mac OS X. They require user error in order to break into a Mac. There are no viruses, worms or illegal spyware/adware for Mac OS X for that reason.
Responding to the article:
"Many accounts say that the MacOS is naturally more secure than Windows."
Accounts have nothing to do with it. Mac OS X = UNIX = consistently proven to be the safest operating system commercially available. Its rivals are the Open Source operating systems FreeBSD and OpenBSD, both of which are integrated into Apple's CLI version of UNIX called 'Darwin OS', the basis of Mac OS X. That being said, UNIX / Mac OS X is NOT perfect. Security flaws are frequently being patched. Never at any time was there any myth that Mac OS X was not 'mortal'. If you want hacker heroes, applaud Dr. Charlie Miller and Dino Dai Zovi, the most revered of those who have proven how to break into a Mac (with user error required). They wrote a book about it called "The Mac Hacker's Handbook" published March 2009.
The least secure Apple software is NOT Mac OS X. It is in fact QuickTime, which Apple write and provide for both Windows and Mac OS X.
Windows was never designed to be secure until Vista. And even then Microsoft significantly failed. Theoretically Windows 7, which is mainly a paid service pack for Vista, may repair this problem, but it has not been proven at this time.
The future: Watch for the Mac malware coming out of Red China. Few people know that China formally declared a "Technology War" against the USA several years ago. China has been successfully cracking into US federal computers since 1998 when they formed The Red Hacker Alliance. Note that this was the year China was provided "Most Favored Nation Status" by the US government. Despite being caught red-handed cracking government computers all over the planet, the USA still maintains this favored status. Conclusion: We are out of our minds. Enjoy the results.
No comments:
Post a Comment