Craig Mattson (Personal Website)
Home - Blog, News, About MePrograms - C#.Net, Java, VB6MusicWebsites

My Blog

Zombie Macs Sighted!!! (21/04/2009 09:07:23 PM)

With the recent Macintosh trojan making headlines on Tech websites, there's definitely plenty of people arguing if Macintosh is really secure, is it as bad as Windows, could Linux get this type of trojan and whether pirated software is good / bad. At the core of the issue though is the Trojan itself. It's nothing overly complex, or technically penetrating any flaws in the Operating System itself. It is simply relying on permissions granted to the Trojan as part of an install process.

This is pretty common in the Windows world - and most of this stems from our good old underground software groups. You see, if you install an application and give it root access, then you're bound to have trouble. If I was hypothetically going to create a crack for an application and embed code to open a CD tray every 5 minutes, all I need is access to root to install a service.

Under Windows, this is automatically granted in Windows XP if you are the system administrator - not so in Vista if you have UAC enabled (you know, the annoying messages everyone turns off!). Under Mac, you log in as a root user to do so (or at least, grant the software administration rights as part of starting the installation). Is this a flaw? For the Apple Macintosh and the Setup Packaging suite, it very well could be - but no more than Windows and cabinet installs - where if you launch it, the operating system assumes on your approval that the software is fine.

MSN viruses seem like they target the operating system. Granted the Jpeg buffer overflow trick workedin older versions of Windows XP, but newer versions are all about exploiting software to trick the user into installing applications and granting permission through Social Engineering. What is stopping iChat receiving a trojan (if not already happening) that tricks the user into installing random "cool" updates.

With advertisements such as the Viruses campaign Apple released upon the rebranding of Apple Macintosh, it is no wonderthe botnet was successful. This is something Apple may need to address in the future is that while the core is secure, the core does not stop applications playing up - and with comments like "I can download anything I want without getting viruses" being fairly prevailent amongst "John Citizen's", this type of thing will continue happening on mass scale.

We'll see if the media picks up on the Macintosh trojan and milk it for what it's worth.

[2 Comment(s)]

[Print View]