• Explore the magic and the mystery!
  • The Tech Night Owl's Home Page



  • Discover the power of GraphicConverter 9



  • The Mac OS X Virus Report: Why the Disconnect?

    March 22nd, 2007

    For months, you've been hearing the same old story. As Mac OS X becomes more and more popular, and Windows users continue to switch to Apple's platform, the rise of malware is inevitable. Before you know it, Mac OS X will be subject to some of the same irritants that are inflicted on the Windows platform.

    Now it's quite true that, whenever a new Apple Security Update appears, you hear those claims all over again. The Internet criminals are just aching to be among the first to overwhelm Mac OS X with their spyware, viruses, Trojan Horses, and all the rest of that malicious garbage. Soon they'll be turning Macs into spam-bots, so you better get ready to share the same level of misery experienced by your friends and neighbors on the Windows platform.

    It's enough to full you with feelings of togetherness for your fellow PC users, since you'll soon be in the same boat.

    Except that it never seems to happen. Sure, there are lots and lots of potential security leaks, most of which are quickly repaired by Apple. The recent 10.4.9 update, for example, patched a bunch of them. Indeed, there are likely plenty of additional tiny pathways that could be exploited, thus creating the appropriate climate for malware. Or at least that's the theory, although the risks don't appear to be all that great. But some of the fear-merchants won't tell you that, because it doesn't drive traffic to their sites and their articles.

    Then there are those "proof-of-concept" viruses, which do harm in the laboratory but haven't spread into the wild. No, I would not suggest for a moment that the makers of security software have manufactured these viruses to sell more product when there is apparently no reason to do it otherwise.

    So you have to wonder: Isn't there a huge incentive for the creators of malware to create the first real Mac OS X virus? Shouldn't they be lining up to spread their nasty wares into the Mac universe?

    Is there something about the Mac OS X platform that discourages the scourge of the Internet? Could it be that virus authors actually like Macs, so they don't want to cause us any harm?

    This is not something that I would take too seriously, of course. After all, the biggest motive today for malware is simple greed. An infected PC can be taken over and used to spread spam to your mailboxes and mine and all the other computer users on the planet. Spammers do it for ill-gotten gains, and for that there are no platform distinctions.

    Now some might argue that Mac OS X is safe because of obscurity, but how is an operating system with some 22 million users obscure?

    Maybe it's just harder for those exploits to overwhelm a Mac, because you have to give a password for most new software installations, whereas you don't under Windows Vista, even with its allegedly enhanced security model.

    Maybe we're just lucky.

    Or perhaps they are just waiting in the wings, ready to inundate the Mac platform with malware when we least expect it. But I'm not a fear monger, so I wouldn't presume to suggest any such thing.

    My opinion, such as it is, might be considered a little less logical. We're just lucky, that's all. As the Mac platform continues to gain traction, the virus infections will appear, perhaps when we least expect it.

    Meantime, I am of mixed opinions about whether you should install virus protection software, or even a full-fledged Internet security suite. To be sure, it probably won't do any harm. Although virus protection applications have, from time to time, been notorious for causing slowdowns and conflicts of their own, this doesn't happen much anymore.

    Moreover, once malware erupts, you may not have sufficient time to rush out and buy a copy or download the software to stop the infection in its tracks.

    You see, it's not a matter of if, but of when.



    Share
    | Print This Article Print This Article

    37 Responses to “The Mac OS X Virus Report: Why the Disconnect?”

    1. Gregg Butterfield says:

      Recently I have received many no page found messages when clicking in Mac Surfer to get to a Mac Night Owl article. This time I noticed that the URL included a space ..."why-th%20e-disconnect". When I deleted the %20 from the URL I got to this page.

    2. Recently I have received many no page found messages when clicking in Mac Surfer to get to a Mac Night Owl article. This time I noticed that the URL included a space …”why-th e-disconnect”. When I deleted the from the URL I got to this page.

      This is an occasional bug in Microsoft Entourage, which we use to send links out to our friends and fellow tech sites.

      So they need to fix that, but sometimes they forget.

      Peace,
      Gene

    3. Spencerian says:

      I've been using Macs since 1987, and professionally supporting them for half as long. The AutoStart worm in 1999 was the worse I've seen, but it propagated due to the infamous QuickTime "auto-run" feature. Nowandays, such features and a lot of social engineering are the very few ways that the very few naughty bits made for OS X have tried to infect.

      Mac OS X should be as vulnerable to the handful of Unix/Linux exploits or malware, but so far, nothing's come of it. Not to give anyone any ideas, but perhaps there's still something special to the combination of the various components that formed OS X that gives a twist on the usual ways to access and operate. For the life of me, however, I can't think of them. Hopefully, neither will the guys who want to get bragging rights in making the first widespread OS X infection.

    4. jbelkin says:

      Think of it this way - a mac is a 23-year old Marine while the PC is a 55-year old sleepy tourist with his bag at his feet. You could try to rob the marine but you might get your **s kicked so why waste all that effort when the PC guy is half asleep - way easier with a much better return on your money. Look at the malware thing - how easy is it for any random guy to design a popup that looks like a windows warning - as Pc users are used to those every few minutes as their OS grinds to a halt - when we get those gray & blue scheme "warnings" that we need to click on it to clean our system, it's laughable amateur and clearly not part of the mac OS ... so they would have to design it in the metallic look with three buttons and the right mac font ... to make it authentic, they would have to get an icon in the dock to bounce to signal us ... AND THAT'S JUST TO GET US TO NOTICE IT. Now clicking on it - the Mac will not anyone install anything or write to a "DLL" file (as there is none without many more layers of protection ... again, not 100% impenetrable but why bother - especially since virtually all the major viruses guys are in Eastern Euro or Russia, who has access to a Mac that isn't working on something more interesting to waste time on trying to create a fake dialog box and figure ot how to write code to convince an icon to bounce and then the hard part, how to insert a working code?

      As for buying protection apps, what good would they do beforehand - all "definitions" are updated after the infections have begun and the billions of copies of Norton, McAfee, etc sold have not prevent the BILLIONS of PC infections - they do prevent FUTURE infections in theory so rest easy - until that time comes to buy a bottle of Mac NyQuil - don't buy it now when it'll lose its effectiveness by the time you need it.

    5. dave says:

      I found an article yesterday asking why nobody has even written malware for MacOSX funny. It was like the writer was begging someone to write a virus or malware, just so he could write a 'told you so' article.

    6. I found an article yesterday asking why nobody has even written malware for MacOSX funny. It was like the writer was begging someone to write a virus or malware, just so he could write a ‘told you so’ article.

      I am concerned, though, with the cliche "be careful what you wish for" in cases like that.

      Peace,
      Gene

    7. Michael says:

      "The Internet criminals are just aching to be among the first to overwhelm Mac OS X with their spyware, viruses, Trojan Horses, and all the rest of that malicious garbage."

      Viruses I suspect will not be a great problem; Trojan Horse programs may be. But only time will tell.

      As I understand it viruses used to run amuck on the Windows platform, because a Windows machine was, essentially, a standalone device that never should have been connected to the internet. If you sat down at a Windows 98 machine and turned it on you could go anywhere and write to any directory--and so could anyone who compromised you while you were sitting at it. Bill Joy of Sun famously said of Microsoft:

      "They took standalone systems and put them on the Internet without a thought about evil-doers."

      Unix, by contrast, was a *multi*-user system from the outset, and users did not run with root privileges, because each user only had the privileges he needed for what he was doing.

      Windows NT and its successors are multi-user--sort of, although some, including, the Nightowl's friend Daniel Eran might dispute just how far that's true:

      http://www.roughlydrafted.com/Oct05.5Flaws.html

      And Eric Raymond famously said that "NT's internal boundaries are extremely porous".

      http://www.faqs.org/docs/artu/ch03s02.html#nt_contrast

      It's difficult to know how things will pan out for the future. It's either been possible to secure Windows even though the starting point has been somewhat less than promising or it hasn't; and, again, only time will tell. I'm sure turning on the firewall by default, pushing out OS updates automatically, instituting UAC, and bringing in DEP and ASLR will help. David Maynor has been saying that he believes that Windows Vista is more secure than Mac OS X. But whether he really believes that or whether this is sour grapes over what Apple, or someone at Apple, did--or didn't--say or do to him last year is another question.

      But to return to what I said at the beginning, I could conceive of Trojan Horses being a problem on any platform. If a computer can run code at all, then it can run something that does something unpleasant. If you have a malicious bent and can persuade someone to download your program and run it, and specially if you can get him to give your program an admin password, then all bets are off. Isn't this essentially what Amit Singh is saying here?

      http://www.osxbook.com/blog/2006/11/05/on-mac-os-x-viruses/

      That being so, then low market share is a protection for Mac users. Why write something nasty for the Mac when there are more targets, and hence richer pickings, elsewhere?

      I think Mac sites interested in educating users should take the time now and then to point out that it's unwise to download and run random software from the internet. People should take the time to research third-party software, only use what has a good reputation, and only download from trusted sources. Most OS X software will install by drag-and-drop, and users should be wary of anything that uses an installer--and of installers that ask for adminstrative passwords. This is a real problem for Windows Vista users who *have* to grant each and every installer admin privileges. Joanna Rutkoswka, one of the world's leading *independent* Windows experts has pointed out that out:

      "One thing that I found particularly annoying though, is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges. So, when you try to run such a program, you get a UAC prompt and you have only two choices: either to agree to run this application as administrator or to disallow running it at all. That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing e.g. to load kernel drivers! Why Tetris installer should be allowed to load kernel drivers?"

      http://theinvisiblethings.blogspot.com/2007/02/running-vista-every-day.html

      This simply shouldn't be necessary on OS X, so if an application uses an installer and if the installer asks for a password ask yourself: Why does it need the password? It can only be because it is going into system areas, and is that a good thing?

      It would be nice if more software distributers provided an MD5 hash, too. Mozilla does; few others do:

      http://releases.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.3/MD5SUMS

    8. Dana Sutton says:

      There are all sorts of reasons why the Mac is pretty free of these problems, and Gene has mentioned most of them. But here's one more: in the minds of a lot of people Microsoft is one of the most unpopular corporations in the world, and it's not too hard to imagine that plenty of malware authors take a special delight in doing damage to Windows. Probably in their dim little minds there's a kind of "Robin Hood" dimension to what they are doing. (This same observation applies to the plentiful distribution of bootleg MS software on Gnutella). On the other hand, as corporations go, Apple gives lots of people the warm fuzzies. Who'd want to hurt good old Apple?

    9. There are all sorts of reasons why the Mac is pretty free of these problems, and Gene has mentioned most of them. But here’s one more: in the minds of a lot of people Microsoft is one of the most unpopular corporations in the world, and it’s not too hard to imagine that plenty of malware authors take a special delight in doing damage to Windows. Probably in their dim little minds there’s a kind of “Robin Hood” dimension to what they are doing. (This same observation applies to the plentiful distribution of bootleg MS software on Gnutella). On the other hand, as corporations go, Apple gives lots of people the warm fuzzies. Who’d want to hurt good old Apple?

      Yes, I kind of took that as self-evident :)

      Peace,
      Gene

    10. David says:

      Personally I think running anti-virus software for the Mac is a waste of resources until the day when actual threats appear in the wild.

      What people seem to forget about massive market share disparities (a la Windows/Mac) is that not only is the bigger platform a better target, it's also a much bigger breeding ground for malware. In the countries where a lot of malware comes from there may only be one Mac for every 200 PCs so the likelihood is extremely low that a person with the skills and desire to create malware even knows what a Mac is. If that person does happen to have access to a Mac and wants to be the first great Mac virus/trojan writer, there is still that harsh economic reality to face: writing a successful Mac trojan horse will likely get the writer only glory and you can't eat that.

    11. Michael says:

      Since we're on OS X security: I'm glad that 10.4.9 and SecUpd2007-003 are out. But ever since I have been "enjoying"--if that's the right word--slower running, more frequent beachballs, and occasional failure of dmgs to mount. Worse, I've even had a kernel panic when trying to mount an external hard-drive, and, most recently, another when inserting a USB bluetooth dongle. And, no, I didn't do anything while updating. As it happens, I reinstalled *from scratch* off the original media, applied the updates only after booting into safe mode, and didn't touch the machine till the optimization had finished. I strongly suspect those updates are bad--at least with some machines. I hope it's fixed; in the meantime, using my Mac is less of a pleasure than it used to be.

    12. Since we’re on OS X security: I’m glad that 10.4.9 and SecUpd2007-003 are out. But ever since I have been “enjoying”–if that’s the right word–slower running, more frequent beachballs, and occasional failure of dmgs to mount. Worse, I’ve even had a kernel panic when trying to mount an external hard-drive, and, most recently, another when inserting a USB bluetooth dongle. And, no, I didn’t do anything while updating. As it happens, I reinstalled *from scratch* off the original media, applied the updates only after booting into safe mode, and didn’t touch the machine till the optimization had finished. I strongly suspect those updates are bad–at least with some machines. I hope it’s fixed; in the meantime, using my Mac is less of a pleasure than it used to be.

      None of those problems are normal, nor do they match my particular experience, which has been essentially flawless, as it's been for most people I know.

      I realize that some folks are reporting problems with 10.4.9 in certain situations, and all I can say is that you should see if there's any consistent reason as to why some are affected and most aren't.

      Peace,
      Gene

    13. People aren't attacking OS X in the way Windows is attacked because they hate Windows. "Windows is evil!" is the mindset.

      OR

      Windows allows for the most "collateral damage" for the effort put in. Once Macintosh market share exceeds 30%, then the effort to write a virus or malware for OS X will "pay off" in high numbers of captured credit card numbers.

    14. Michael says:

      Thanks, Gene. I'll have a look around and see if I can see that and watch and see how things go in the future. I don't think anyone I know has had any problems either.

      I've just had a look, and found this thread, and there's a few nasty surprises reported in it, but there's nothing resembling what I've got:

      http://forums.macnn.com/90/mac-os-x/330151/10-4-9-is-out-experiences/2/

      Maybe it's a combination of some pre-existing borderline fault with some item of my hardware together with the update.

    15. Scott says:

      Lets Face the issue of why we have Antivirus software on our macs in the office. We use it to clean windows machines.

      Yes Our techs for a fee will take all your windows files store them on another drive scan and clean them for viruses.
      wipe your windows system and reload it.

      This is the most profitable part of the IT Business for us. Just takes time.

      We by the way use ClamAV its free and does the job

    16. Andrew says:

      Autostart was VERY bad. I remember it well, lost most of my schoolwork of the previous three years. It was so bad that I'm leery of desktop print spoolers to this day.

    17. Autostart was VERY bad. I remember it well, lost most of my schoolwork of the previous three years. It was so bad that I’m leery of desktop print spoolers to this day.

      For those of you who came to the Mac in the Mac OS X era, this was a Classic Mac virus. We did indeed have a few in those days.

      Peace,
      Gene

    18. Andrew says:

      And this particular one was disguised as a part of the Mac OS itself, the Desktop Print Spooler.

    19. And this particular one was disguised as a part of the Mac OS itself, the Desktop Print Spooler.

      I never felt good about print spoolers over the years, and not because of that virus. They were just messy and buggy, although the Mac OS variant was decent enough. I remember a few from the early days.

      Peace,
      Gene

    20. Andrew says:

      All of the AV utilities failed to remove Autostart, and then I read somewhere about a second print spooler with a slightly odd spelling. Once I removed that from my extensions folder, Autostart was gone.

      I also had a number of Word macro viruses (virii) and one other worm that randomly corrupted files on classic Mac OS. OS X has been perfectly clean, and I've been lucky with Windows and my defensive software and lack of freeware have kept me virus free on that platform.

    21. MichaelT says:

      Yes, I kind of took that as self-evident

      Peace,
      Gene

      But then a lot of people think Apple is a smug, smarmy company with blindy following loyalists. Those people would LOVE to wipe the smirk off Mac users' faces.

    22. But then a lot of people think Apple is a smug, smarmy company with blindy following loyalists. Those people would LOVE to wipe the smirk off Mac users’ faces.

      You'd think so, but it hasn't happened. Maybe less people hate Apple than Microsoft. It's more fashionable for the latter.

      Peace,
      Gene

    23. All of the AV utilities failed to remove Autostart, and then I read somewhere about a second print spooler with a slightly odd spelling. Once I removed that from my extensions folder, Autostart was gone.

      I also had a number of Word macro viruses (virii) and one other worm that randomly corrupted files on classic Mac OS. OS X has been perfectly clean, and I’ve been lucky with Windows and my defensive software and lack of freeware have kept me virus free on that platform.

      The most common Word macro viruses in those days would convert all of your documents to templates, making them difficult to save. I recall running into a few of them from editors in those days. They felt a little embarrassed over spreading this stuff to their authors.

      Peace,
      Gene

    24. Andrew says:

      The one I remember most would insert the word "Wazoo" at random places in any document you opened.

    25. The one I remember most would insert the word “Wazoo” at random places in any document you opened.

      That, my friend, may sometimes be a good thing ;)

      Peace,
      Gene

    26. Ivo Wiesner says:

      Slightly off-topic, but I remember reading that the multitude of security holes in Windows might not be entirely coincidental, or due to poor programming. It has been alleged that some are, in fact, NSA keys, or deliberately created backdoors for spying on MS customers. I wonder if OS X could also contain such a key..?

      http://www.heise.de/tp/r4/artikel/5/5263/1.html

      http://en.wikipedia.org/wiki/NSAKEY

    27. Nick Ettema says:

      I firmly believe that the weakest point of the Mac OS as it stands right now, and the one that will eventually cause virus, or more probably worm, infections, is the excessive security itself.
      The earlier post with the 'tetris' example is a very good case in point..not only are way too many mac installers requiring admin passwords for global installs of apps which have absolutely no excuse for not installing locally, but more and more apps are wired to call up passwords simply due to perhaps a single prefs file, etc.
      The more used any user gets, to having to constantly do this, the easier it is for some app to slip past the 'watchful eye', so to speak..
      Although in my case it has been because i've had to switch between two accounts , one admin, one normal user,, for certain settings I need, in one of them, in the last day, i have been overwhelmed by over 30 different requests for adsmin passwords, for everything from deleting files to installing or moving files ad infinitum...
      I can certainly imagine how some malware could take advantage of a lapse of attention from overexposure to authentication requests..
      It would then have access to the whole system (although not root, thankfully)
      Still...too much of a good thing....
      Doc

    28. I firmly believe that the weakest point of the Mac OS as it stands right now, and the one that will eventually cause virus, or more probably worm, infections, is the excessive security itself.
      The earlier post with the ‘tetris’ example is a very good case in point..not only are way too many mac installers requiring admin passwords for global installs of apps which have absolutely no excuse for not installing locally, but more and more apps are wired to call up passwords simply due to perhaps a single prefs file, etc.
      The more used any user gets, to having to constantly do this, the easier it is for some app to slip past the ‘watchful eye’, so to speak..
      Although in my case it has been because i’ve had to switch between two accounts , one admin, one normal user,, for certain settings I need, in one of them, in the last day, i have been overwhelmed by over 30 different requests for adsmin passwords, for everything from deleting files to installing or moving files ad infinitum…
      I can certainly imagine how some malware could take advantage of a lapse of attention from overexposure to authentication requests..
      It would then have access to the whole system (although not root, thankfully)
      Still…too much of a good thing….
      Doc

      I think that's always a possibility, but Mac OS X has more control over this process than Windows Vista, where prompts are far more prevalent. Worse, they don't require a user password, so if you absent-mindedly click "Allow" on the wrong thing, you're asking for trouble. At least with a password, you can stop and think a second before acting.

      I hope.

      Peace,
      Gene

    29. Slightly off-topic, but I remember reading that the multitude of security holes in Windows might not be entirely coincidental, or due to poor programming. It has been alleged that some are, in fact, NSA keys, or deliberately created backdoors for spying on MS customers. I wonder if OS X could also contain such a key..?

      http://www.heise.de/tp/r4/artikel/5/5263/1.html

      http://en.wikipedia.org/wiki/NSAKEY

      Aha, a conspiracy theory arises :)

      There's a lot of open source-based code in Mac OS X, so I'd think someone might have located it by now. Maybe...

      Peace,
      Gene

    30. Michael says:

      "... way too many mac installers requiring admin passwords for global installs of apps which have absolutely no excuse for not installing locally ..."

      I haven't come across many myself, and don't use any that do. I understand from a podcast by the guys at MacGeekery that Palm Desktop is a particular bugbear. Not only does it require to be installed, run, and updated by an admin user, but that user must also be the 501 (first) user. No other user on the system can use it; and if the 501 user downgrades his account for security reasons, he can no longer.

      ___
      digression

      You know, really, Palm have just been darn lazy for years and years and years. When Ballmer was shooting his mouth of about how "expensive" the iPhone will be--he forgot to mention two things:

      1. There's real innovation in interface and usability there; and
      2. You'd have to buy around $500 worth of software to get anything even approaching what the iPhone does on your crappy Win CE device.

      And I think point (1) is not limited to the device itself. Synching has been and still is a major headache with most handheld devices. The odds are the iPhone will simply synch pretty painlessly and seamlessly with iTunes just like an iPod does now. Even the stupid Zune won't synch with Media Player. For equivalent functionality to an iphone you'll need a Win CE phone and a Zune _and_ Windows Media Player _and_ the special Zune software _and_ synching software from your phone vendor. And none of the software will work more than adequately.

      end digression
      ___

      All third-party software I use installs by drag-and-drop, and I have it in ~/Applications not /Applications.

      But there will be changes to the way applications are delivered under Leopard. See the top item here:

      http://developer.apple.com/wwdc/tracks/devtools.html

      BTW, request for Gene: could you ask those MacGeekery guys onto the radio show some time? They have some interesting things to say and are quite funny, too.

    31. “… way too many mac installers requiring admin passwords for global installs of apps which have absolutely no excuse for not installing locally …”

      I haven’t come across many myself, and don’t use any that do. I understand from a podcast by the guys at MacGeekery that Palm Desktop is a particular bugbear. Not only does it require to be installed, run, and updated by an admin user, but that user must also be the 501 (first) user. No other user on the system can use it; and if the 501 user downgrades his account for security reasons, he can no longer.

      ___
      digression

      You know, really, Palm have just been darn lazy for years and years and years. When Ballmer was shooting his mouth of about how “expensive” the iPhone will be–he forgot to mention two things:

      1. There’s real innovation in interface and usability there; and
      2. You’d have to buy around $500 worth of software to get anything even approaching what the iPhone does on your crappy Win CE device.

      And I think point (1) is not limited to the device itself. Synching has been and still is a major headache with most handheld devices. The odds are the iPhone will simply synch pretty painlessly and seamlessly with iTunes just like an iPod does now. Even the stupid Zune won’t synch with Media Player. For equivalent functionality to an iphone you’ll need a Win CE phone and a Zune _and_ Windows Media Player _and_ the special Zune software _and_ synching software from your phone vendor. And none of the software will work more than adequately.

      end digression
      ___

      All third-party software I use installs by drag-and-drop, and I have it in ~/Applications not /Applications.

      But there will be changes to the way applications are delivered under Leopard. See the top item here:

      http://developer.apple.com/wwdc/tracks/devtools.html

      BTW, request for Gene: could you ask those MacGeekery guys onto the radio show some time? They have some interesting things to say and are quite funny, too.

      MacGeekery? We'll look into it Michael. Thanks for the suggestion.

      Peace,
      Gene

    32. Nick Ettema says:

      "...All third-party software I use installs by drag-and-drop, and I have it in ~/Applications not /Applications."

      I think that's one reason why i was so peeved earlier :)
      I was doing a first run of some new app in my (alternate user) home applications folder, and it *still* asked me for an admin id..i checked afterwards and all the prefs are in ~/Library, so I don't get it...
      ahh well..

    33. Ivo Wiesner says:

      I am not sure I understand some of the complaints. What's wrong with being asked for a password before installing new software, or even before using an app for the first time? That hardly takes up much time. Think about the amount of time you would loose in the case of some malware ending up on your system.

      We can't have it both ways. We can't applaud Apple for coming up with the most secure OS, yet, at the same time, expect it to never warn us of potential dangers.

    34. Michael says:

      "I am not sure I understand some of the complaints. What’s wrong with being asked for a password before installing new software ..."

      ... being asked for a password *by what*?

      The potential problem is with an *installer's* asking for an administrative password. Why would it need it, and what is it going to do with it? With an adminstrative password, the program can go where it likes, including into system areas; with an adminstrative password it can run as root. There's, effectively, no limit to what it can do.

      Make a plaintext file and try to drag it into, say:

      /System/Library.

      You'll find you can't--at least not without authenticating. You are locked out of these areas for a reason. And you really, really don't want anybody else putting anything into them. It might be necessary in a few cases, but you'd want to be doubly sure that it was and doubly sure of the software company providing the software, too.

      One has to be careful where one downloads software from, but that's not the end of the matter. There doesn't even need to be malice involved. Incompetence will do just fine.

    35. Nick Ettema says:

      My point was that this is precisely how malware can open a back door...if passwords requests keep popping up, even for access to what would appear fully owned folders (a password to install into my home folder? cmon!)..then the situastion arises that these securities often get bypassed entirely, either out of frustration , or neccessity..certainly it's common to just log in a root to bypass, if in a hurry, or have a lot of cross partition arranging or fil transfering to do, etc.
      The only diff is that in win systems, in the past, it's been the default, cancelling out any protection that it might have otherwise offered

    36. Michael says:

      " ... this is precisely how malware can open a back door ..."

      I'd be interested to ask Mac users the following question: "If you met a Mac developer at a party and he asked for your administrative password, would you give it to him?"

      If any would hesitate even for a second, then they'd have to remember not to treat the same request from his software any differently.

      I might ask someone into my house, but I wouldn't necessarily hand him a skeleton key that opened every door, every cupboard, every drawer, a safe if I had one, and anything else, and let him go where he wished and do as he pleased. And, again, he doesn't need to be malicious, just less competent than he should be for what it might occur to him to do.

      He might, for example, be so insouciant as to leave "a binary executed with root privileges at an user-writable path":

      http://projects.info-pull.com/moab/MOAB-08-01-2007.html

      IOW, to return to the metaphor of the house he might intend no harm, but he might leave the door open so that someone else who does can walk through it.

      Here's the University of Utah on the subject:

      http://www.macos.utah.edu/documentation/administration/poorly-made_apps.html

    37. ” … this is precisely how malware can open a back door …”

      I’d be interested to ask Mac users the following question: “If you met a Mac developer at a party and he asked for your administrative password, would you give it to him?”

      If any would hesitate even for a second, then they’d have to remember not to treat the same request from his software any differently.

      I might ask someone into my house, but I wouldn’t necessarily hand him a skeleton key that opened every door, every cupboard, every drawer, a safe if I had one, and anything else, and let him go where he wished and do as he pleased. And, again, he doesn’t need to be malicious, just less competent than he should be for what it might occur to him to do.

      He might, for example, be so insouciant as to leave “a binary executed with root privileges at an user-writable path”:

      http://projects.info-pull.com/moab/MOAB-08-01-2007.html

      IOW, to return to the metaphor of the house he might intend no harm, but he might leave the door open so that someone else who does can walk through it.

      Here’s the University of Utah on the subject:

      http://www.macos.utah.edu/documentation/administration/poorly-made_apps.html

      If someone had the temerity to ask me a question of that nature, I'd tell him or her where to go and how to get there :)

      Peace,
      Gene

    Leave Your Comment