Mac Trojans Exploit User Vulnerabilities, Not Security Holes

From Low End Mac:

http://www.lowendmac.com/ed/fox/09ff/mac-trojan.html

Cuss and discuss, Wintrolls.

Mac Trojans Exploit User Vulnerabilities, Not Security Holes
Frank Fox 2009.02.03

With the news that Trojans have been found in pirated software, is it
time to start worrying that Macs are not secure?


Something has changed, right?

Well, the news is important, but don't sell your Mac just yet. There is
a big difference between a Trojan and a virus.

Both a virus and a Trojan can do the same things to your computer, but
how they get installed is very different. A virus uses a weakness in the
operating system to sneak in, while a Trojan uses deception to fool the
user into installing it. These differences are important and worth
looking at in more detail.

We all need applications to be installed on our computers to get
anything done. Most applications run in their own little environment,
and if anything goes wrong, the app crashes but the rest of the computer
continues to run fine. This wasn't always true, but modern operating
systems, like Windows XP and Mac OS X, do a better job of keeping each
piece of software running safe away from others.

Some applications, like drivers, can't work alone. They need to work
with many other applications. A printer driver has deeper access to your
computer than other software. These applications/drivers can be written
to avoid the protection of the operating system, because in order to
function they has to do more than normally allowed.

Where do these applications get the permission to operate with so much
access? From you, the user. That's why you get those alerts when you
install or run a new program. The operating system is checking with the
user before allowing anything new to run.

Once you run something for the first time, any malicious software code
has a chance to run and take over your computer and mess things up. This
is okay in the security sense, because you, the user, allowed it to
happen. This is why you need to know what you are doing before
installing software. (This is why I don't like it when my kids install
software from the Internet.)

Trojans

Here is where Trojans come in. They are bad code hidden with good code.
This is why the two Trojans were found with pirated software, the
legitimate version of this software wouldn't have the Trojans attached.

The user who downloads the pirated software unknowingly accepts the bad
code when they installed the pirated software. Sure, a "virus checking"
program can test for this situation once they learn about the problem,
but it may be too late for you if you are one of the first who were
downloading the pirated software.

The worst kind of Trojan is a rootkit exploit. This kind of malware is
designed to hide itself in the operating system so that even the
operating system doesn't know that it is there. This is the hardest to
remove. Sony was accused of doing this with the copy protection software
on its music CDs. This is not a good practice for legitimate program
developers, and Sony had to settle the lawsuit against it.

We know that a Trojan is software you installed yourself, you personally
gave permission for it to be on your computer. You were tricked into
accepting it, but the computer did nothing wrong in following your
request.

An application may be free of Trojans, but there will still be errors in
the code (bugs) that usually don't hurt anything. Sure, errors may make
the application crash, but the operating system should keep it isolated.
The good news is that everyone is constantly trying to find and fix
these errors to improve performance and keep things running smoothly.


Viruses
Among the people looking for these bugs are security experts and virus
writers. If the security experts find it first, they are supposed to
notify the programmers to fix their code. Once the bug is known to virus
writers, they start figuring out a way to use the bug to insert bad code
(a virus) into a document, picture, webpage, etc. This will trick the
application into running the bad code (virus) and allow it to mess with
your computer.

The virus writers wait until the day that a patch is announced to write
a virus to exploit the flaw. This works, because not every computer is
patched that same day, or even that month. They have time to circulate
their virus to the unpatched computers and wreak their havoc. The sooner
they release their virus, the more time it will have before systems are
patched.

The shortest time is the zero day exploit, meaning a virus is written
the same day the patch is released. Obviously these flaws are similar to
older ones, for a virus to be written so quickly. This shows that the
same sorts of mistakes are being made again and again. Constant work is
going on to continually exploit computers. This, in turn, means that
there is probably a big financial incentive to find and exploit these
flaws.

Worms

A special type of virus is called a worm. This type has a way to
replicate itself and move onto other computers, often through email or
other network connection. The problem with worms is that they spread
themselves and can quickly infect millions of computers, as the
Conficker worm has been doing for months on Windows PCs.

A virus is worse than a Trojan because it works through applications
that you installed in good faith. You have to trust something, and
applications from good vendors should be safe. Virus writer are
exploiting the flaws for their gain, but some of the problem does fall
on the shoulders of the original software vendor for letting easy
mistakes through.

Why the Mac has been better at security is whole other story. Finding
two Trojans on pirated software doesn't change things much.

Remember that a Trojan is installed by a person who has been tricked,
while a virus fools an application to allow it to run. To be safe don't
run any software you are not sure of, especially pirated software. Also
watch out for strange attachments in emails that come from people you
don't know or who aren't in a habit of sending attachments.

--
God made me a furry, who am I to question His authority?
.

Relevant Pages

  • FW: Trojans Outpace Viruses As Threats - free article peer review.
    ... "According to leaders in the Anti-Virus industry, viruses are becoming ... less of a threat if you compare the numbers of virus infections to the ... thew number of Trojans being produced makes them a greater threat than ... the 1% fall in new virus code. ...
    (Security-Basics)
  • Re: MICROSOFT XP OS UNBREAKABLE WITH...
    ... > feel about viruses and trojans. ... > away with a having a virus. ... You stay with no virus and file protection and jump ...
    (microsoft.public.windowsxp.hardware)
  • Re: Klone Virus
    ... Malware is the super level term that decribes bad software of the malicious kind. ... The MAIN difference is the fact that viruses replicate, Trojans do not self-replicate. ... Getting back to the use of "anti virus" software for Trojans. ...
    (microsoft.public.security)
  • Re: Thursday Trump
    ... (virus, trojans and worms) ... And to penetrate a Mac OS X does not necessarily require ...
    (comp.sys.mac.misc)
  • Re: Startup hangs before video kicks in - help!
    ... through triple-redundant checks for spyware, virii, trojans, and junk seems ... the 'black hang of death' is punctuated by the Windows startup ... >> I'm guessing that some sort of conflict developed after installing ...
    (microsoft.public.windowsxp.perform_maintain)
Loading