Re: Mac viruses are easy to make...
- From: Michelle Ronn <micron@xxxxxxxxxxx>
- Date: Sun, 27 Aug 2006 08:56:36 -0700
On 2006-08-26 17:47:21 -0700, Derek Currie <derekcurrie@xxxxxxxxxxxxxxx> said:
In article <2006082518470275249-micron@invalidnet>,
Michelle Ronn <micron@xxxxxxxxxxx> wrote:
On 2006-08-25 09:23:00 -0700, Edwin <thorne25@xxxxxxxx> said:
... just write malicious workflows for Automator...
Yes, they are easy to make. The devil is in the distribution....
I'm not speaking to Edwin here, as he is too far gone to bother with. But for those interested:
I would be more interested if you 1) had a clue as to what you were talking about and 2) got your definitions correct....
By definition a 'VIRUS' must be able to:
1) Infect a computer all by itself
AND
2) Self-replicate
AND
3) Spread itself from one computer to another.
by definition, you have defined a WORM. A virus is code attached to an executable program. When that program is executed, an code path is taken that activated the virus such that it can infect another executable host. Your first term is ambiguous, your third term is incorrect.
You can't write a virus in automator. End of story.
Can you delete files or do other trivial file system tasks with the executing users priv's? If so, then you can create a malicous program with it.
There has NEVER been a virus for Mac OS X. The closest anyone has come has been the TROJAN HORSE called 'Oompa Loopa' or Leap-A which was unable to infect anything. But if a user were fooled into opening it then it would THEN infect their system, and self-replicate, and send itself over iChat to other computer's on the original computer's LAN (NOT the Internet) and try to fool someone there to also open it.
Malware has been written for OS X. It has been published. However, it has not been documented "in the wild"
Please read my post from two days ago called:
"Mac vs. Windows Security: Mac Benefits Explained"
This is one of a series of posts on the subject coming up.
Why do I write about Mac security? So people understand just how GOOD IT IS, and understand just how lame anti-Mac security FUD is. Hopefully everyone already knows that Windows security is an outrageously expensive catastrophe.
:-D
Go and learn about operating system architecture, and then go and learn a bit about security. There is nothing that makes OS X secure, other than a few common sense things that they do when the OS is installed. You still have the problem that a program can execute unchecked within the executors priv's. The only time it is checked is when these priv levels are attempting to execute at higher privs.
Read the following security bulletin from Apple that was published a few days ago (August 17):
http://docs.info.apple.com/article.html?artnum=304188
quote------------------------------------
CVE-ID: CVE-2006-3506
Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7
Impact: Malicious users may be able to cause systems using Xsan to crash or execute arbitrary code
Description: A buffer overflow may occur in the Xsan Filesystem driver when processing a path name. A malicious user with write access to an Xsan volume may be able to trigger the overflow on systems directly attached to Xsan. This could lead to a system crash or arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of path names. Credit to Andrew Wellington of the Australian National University for reporting this issue.
end quote ------------------------------
Another example, check the documentation for security patch 2006-004, which was released on August 1st:
http://docs.info.apple.com/article.html?artnum=304063
This outlines several BUFFER OVERFLOW scenarios that involved AFP, which means that the system was REMOTELY VULNERABLE. Given, AFP is not turned on by default when you unbox the system. However, if you are on a network of Macs, then this is most likely turned on.
Now, my commentary
1) In my first quote, this problem was not found by Apple. Apple cannot and will not find all vulnerabilities, and has to depend on the kindness of strangers to find them. Just like everybody else.
2) Buffer overflows are serious. For the folks that don't know what these are, it allows code to be inserted into some sort of buffer. This could be user input, it could be file input, etc. This code will then be executed at the security level of the program that has the overflow condition. In the case of my first exemple, this code would be executed at system level privs.
My earlier points that OS X does NOTHING to prevent this is the highlight of the problem.
These issues are patched. 6 months ago, folks were touting that OS X was completely secure. Well, 6 months ago these exploits were alive, and just got patched.
To imply that OSX is completely secure is to say that there will never be these sorts of patches in the future. I am not willing to take that bet.
I would like to see the brainless CSMA security guru's talk their way out of this one.. come on Oxford and Derek, let's see what you have now....
.
- Follow-Ups:
- Re: Mac viruses are easy to make...
- From: Josh McKee
- Re: Mac viruses are easy to make...
- References:
- Mac viruses are easy to make...
- From: Edwin
- Re: Mac viruses are easy to make...
- From: Michelle Ronn
- Re: Mac viruses are easy to make...
- From: Derek Currie
- Mac viruses are easy to make...
- Prev by Date: Re: OT serious question
- Next by Date: Re: Mac viruses are easy to make...
- Previous by thread: Re: Mac viruses are easy to make...
- Next by thread: Re: Mac viruses are easy to make...
- Index(es):
Relevant Pages
|
|
