Iwork '09 Trojan Horse Turning Macs Into Zombies?


Recommended Posts

I apologize for any confusion I may have caused, if you have a question you wish to ask me, about my previous posts, please do so and I will try to make my post(s) less confusing =3

No need to apologize, mewl. I think you and I got off to a bad start as I was a tad abrupt in our first encounter. My apologies. Enjoy our forums! I'm a long-time member here and our forums have a lot to offer.

Later. :)

hitest

Link to post
Share on other sites
A virus is without question something that requires a user to initiate, like most any other malicious intended programs.

We all know it has very little viruses, but this isn't due to good programming by Apple, this is due to it not being an appropriate target by hackers. Speaking from my personal views on apple, apple products are overpriced and suck...

This is what is ignorant

First the definition of virus is it take no user interaction.. Conficker spreads via Microsoft Windows Server Service RPC , no user interaction need, but boot the machine, have connected to a network

also since you state that you hate Mac, Then why post on the board unless you are trolling.

the second part is exactly what I was posting about, its being a not appropiate target to hackers is due to a security model

also lets look at the older Mac Os.. IT had viruses even though it had a much smaller user base than they do now.. simple logic.. user base has nothing to do with virus writing..

as a matter of fact there are Zero virus for Mac OS.. there are vulnerabilities but no viruses. if it takes root access its not a exploit.. The exploit is gaining root access.

in the end I am sorry if you were offended, but the comments are ignorant of what a virus is (it means you don't know what you are talking about on that subject) and the rest is still in debate and really can not be proved which is why its still debated.

and if you have a complaint against me, tell Jeff . He owns the board and will not punish anyone for making a complaint about us moderators, and I will gladly give up moderator if it makes you feel better, and Jeff fells I crossed the line. but please study on the subject you are talking about and don't troll.

Link to post
Share on other sites
and if you have a complaint against me, tell Jeff . He owns the board and will not punish anyone for making a complaint about us moderators, and I will gladly give up moderator if it makes you feel better, and Jeff fells I crossed the line. but please study on the subject you are talking about and don't troll.

Your posts have always been accurate and of high value to the members here at besttechie.net. We are lucky to have experts of your caliber here.

Link to post
Share on other sites
A virus is without question something that requires a user to initiate, like most any other malicious intended programs.

We all know it has very little viruses, but this isn't due to good programming by Apple, this is due to it not being an appropriate target by hackers. Speaking from my personal views on apple, apple products are overpriced and suck...

This is what is ignorant

First the definition of virus is it take no user interaction.. Conficker spreads via Microsoft Windows Server Service RPC , no user interaction need, but boot the machine, have connected to a network

also since you state that you hate Mac, Then why post on the board unless you are trolling.

the second part is exactly what I was posting about, its being a not appropiate target to hackers is due to a security model

also lets look at the older Mac Os.. IT had viruses even though it had a much smaller user base than they do now.. simple logic.. user base has nothing to do with virus writing..

as a matter of fact there are Zero virus for Mac OS.. there are vulnerabilities but no viruses. if it takes root access its not a exploit.. The exploit is gaining root access.

in the end I am sorry if you were offended, but the comments are ignorant of what a virus is (it means you don't know what you are talking about on that subject) and the rest is still in debate and really can not be proved which is why its still debated.

and if you have a complaint against me, tell Jeff . He owns the board and will not punish anyone for making a complaint about us moderators, and I will gladly give up moderator if it makes you feel better, and Jeff fells I crossed the line. but please study on the subject you are talking about and don't troll.

Back then Macintosh computers were somewhat common in schools due to forced contracts by the company. At least thats what I recalled reading a few years ago, I could be slightly inaccurate with that statement.

Nevertheless you make no valid argument in my opinion, seeing as how it is relevant to point out that Apple computers are hardly used in most parts of the world, correct me if I am wrong. If you do not think it is relevant that Apple computers make up a very small portion of the market, then I fear I should question your claimed knowledge over my own.

Nevertheless, I was not trolling, I studied the subject I am talking about. You just don't like my opinion, so you are trying to take vague sentences in my paragraphs in a futile attempt to make my knowledge less than your own. I do not know you, I do not know your knowledge base, but please PLEASE do not assume you know my own.

Thank you for your time~

Edit: As for quitting, I do not think that is necessary, you seem to be an intelligent and forgiving person and I would not like to see someone leaving their moderation position over this argument. So I am sorry if I have caused you any due stress, I am a very cold and upfront person. It's a personallity flaw lol.

Edited by mewi
Link to post
Share on other sites

hmm.. usage..

Usage is a joke of an argument IMO, because Mac OSX is based on BSD (next was based on BSD and became Darwin) BSD is UNIX, and as such keeps a lot of things the in common with other Unix systems. This means that a hack written for any Unix system that is not kernel dependent work well on many different flavors of Unix. Since more servers run UNIX than run windows.. Its not correct to say the system does not have a large attack vector. Linux systems fall in the same boat.

If that does not work then hows this..

there were a lot of viruses written for Mac OS 6,7,8 and 9. While you saw Macs in schools, you saw very few, I believe my high school of over 3,000 students had 4 Mac's but we had 100 PC's running Dos. The Mac's were for the graphic artist and CAD classes and the student shared. WordStar for Dos was used on the PC's. So Apple did not have a big market share and the systems were not connected to the Internet (what Internet? ). So it was even harder to spread a virus but they existed, and they did damage.

As I stated before, you can have all the security options in the world, and trust me XP and Vista has lot of them, but if the person using the system has admin privileges they make the entire system vulnerable (Vista fixed this, but contains a bug in the windows installer that allows non admin users to install harmful software). This is why windows systems are attacked more than others. When you hack a system you look for what you know about the system.. what is the same. So in a Unix system we know that Root is ID 0 (in SElinux and Trusted Solaris root is a role and not a id), so if we could connect with a account that can present its self as id 0, then you own it.. so in the 1980's Unix started to root squash. So all accounts that connect remotely even if its root, are now given a temporary id that is not 0. the exception to that was SSH but proper setting up of SSH fixes that issue. But we also know that most Unix systems are setup with the user not being root and having to use a Sudo to affect the OS.

What do we know about windows.. the first user of the system is the admin (or root user.. if you like). Since we know the first user is always root and observation tells us that most people do not add accounts to the system and when they do, they do not create limited users.. we now know that a simple install exploit will work with just an OK prompt, or worse we could send RPC commands and since the system is operating as root/admin user those commands are ran as admin.. so in this case no ok prompt the system quietly install the exploit with no user interaction. We also know from observation that most users click on ok prompts with out reading them. So an exploit that requires a OK prompt will still work on a majority of users.

As for me quiting.. I don't what you to feel you can't have a discussion with a moderator and disagree. You can and it is encouraged.

Also I don't know your knowledge and I expect everyone to challenge mine.. the whole point was you stated that viruses needed user intervention, and JCL and I (JCL who is a True expert in all he talks about) relayed that the definition of virus is that it needed no user intervention, that is what I meant by study the subject.

This is old but gives the point about market share http://www.theregister.co.uk/2003/10/06/li...indows_viruses/

good poll information

http://www.darkreading.com/security/perime...cleID=208804378

as for you opinion, we love your opinion, we just don't agree with it..

Plus I like to debate.. so I have some of the same flaws.. (you can not offend me.. is near imposable)

Link to post
Share on other sites

Okay, I'm kind of tired of arguing OSX as I am sure most of you are. But I think I have a valid argument when I say, just because it has unix, doesn't mean the people building off from it are not creating various exploits/security holes for their own OS. I mean I am not arguing Unix, I am arguing OSX, I think there is a difference.

Worms that travel VIA network don't require direct user interaction, but for me, user interaction is anything from logging onto a network. So we'll ignore "worms" for the time being, which is technically a subclass of a virus but I place worms in their own separate category.

A virus on the other hand, requires full user interaction in order to initiate itself on a system. I have never heard a virus that can just automatically startup without some form of user interaction. Name a virus that can do that and I will back down from my statement?

User Interaction example list:

Going to a website

Clicking on an Exe

Running a program

Generally things that involve clicking...

Link to post
Share on other sites
So we'll ignore "worms" for the time being, which is technically a subclass of a virus but I place worms in their own separate category.

Worms and viruses are separate categories. They have practically nothing in common.

A virus on the other hand, requires full user interaction in order to initiate itself on a system. I have never heard a virus that can just automatically startup without some form of user interaction. Name a virus that can do that and I will back down from my statement?

Boot sector viruses and AutoRun viruses.

Link to post
Share on other sites
Usage is a joke of an argument IMO, because Mac OSX is based on BSD (next was based on BSD and became Darwin) BSD is UNIX, and as such keeps a lot of things the in common with other Unix systems. This means that a hack written for any Unix system that is not kernel dependent work well on many different flavors of Unix.

I'm still not sure that cross-Unix viruses are especially practical. Native code viruses would likely have to deal with, e.g., the various object file formats used by Unices (ELF on Linux and the BSDs, Mach-O on OS X, COFF on AIX and Irix, etc) and non-native viruses would likely be portable to non-Unices.

Since we know the first user is always root and observation tells us that most people do not add accounts to the system and when they do, they do not create limited users.. we now know that a simple install exploit will work with just an OK prompt, or worse we could send RPC commands and since the system is operating as root/admin user those commands are ran as admin..

Please tell me you mean LPC. The 'remote' part of RPC means that you can't rely on client-side security at all. I realize that there's some kind of law that RPC has to be broken but that would be a bit much.

(JCL who is a True expert in all he talks about)

I make it all up as I go along.

Link to post
Share on other sites
So we'll ignore "worms" for the time being, which is technically a subclass of a virus but I place worms in their own separate category.

Worms and viruses are separate categories. They have practically nothing in common.

A virus on the other hand, requires full user interaction in order to initiate itself on a system. I have never heard a virus that can just automatically startup without some form of user interaction. Name a virus that can do that and I will back down from my statement?

Boot sector viruses and AutoRun viruses.

I fail to see how a Boot Sector Virus doesn't fall under user interaction. You throw in a disk = user interaction, that's just like downloading or clicking a file. This is all user interaction... Maybe our definitions of "user interaction" are different, which may cause the arguments here.

and autorun... again, where is the lack of user interaction here? How can you autorun something that wasn't there unless you downloaded/went to a website/dropped a disk in your tray?

As for worms, yes they are a subclass of a virus, they do many of the similar things viruses do. They replicate, they cause havoc lol.

Edited by mewi
Link to post
Share on other sites
I fail to see how a Boot Sector Virus doesn't fall under user interaction. You throw in a disk = user interaction, that's just like downloading or clicking a file. This is all user interaction... Maybe our definitions of "user interaction" are different, which may cause the arguments here.

Well, yes, because your definition is crazy. Everything requires some sort of user interaction. Your machine can't be infected unless you buy it, bring it home, set it up, turned it on, etc.

And then discover that there was a factory-installed boot sector virus on the HDD.

and autorun... again, where is the lack of user interaction here? How can you autorun something that wasn't there unless you downloaded/went to a website/dropped a disk in your tray?

You could have a mapped network drive that's infected after it's mapped.

As for worms, yes they are a subclass of a virus, they do many of the similar things viruses do.

People do many of the same things that birds do. People are not a subclass of birds.

Link to post
Share on other sites
Okay, I'm kind of tired of arguing OSX as I am sure most of you are. But I think I have a valid argument when I say, just because it has unix, doesn't mean the people building off from it are not creating various exploits/security holes for their own OS. I mean I am not arguing Unix, I am arguing OSX, I think there is a difference.

Worms that travel VIA network don't require direct user interaction, but for me, user interaction is anything from logging onto a network. So we'll ignore "worms" for the time being, which is technically a subclass of a virus but I place worms in their own separate category.

A virus on the other hand, requires full user interaction in order to initiate itself on a system. I have never heard a virus that can just automatically startup without some form of user interaction. Name a virus that can do that and I will back down from my statement?

User Interaction example list:

Going to a website

Clicking on an Exe

Running a program

Generally things that involve clicking...

This is getting fun..

First OSX Is certified UNIX.. http://www.apple.com/macosx/technology/unix.html (unix is a certification of compliance to a standard. Just Liek the Linux standards base.. )

also for viruses that take no user interaction

here is a one (listed on MS's site)

http://onecare.live.com/standard/en-us/vir...Win32/Small.BDC

TrojanDownloader:Win32/Small.BDC is a Trojan downloader that targets certain versions of Microsoft Windows. The Trojan is downloaded and executed by files infected by a variant of Virus:Win32/Small. TrojanDownloader:Win32/Small.BDC downloads and executes malicious software from a Web site without user interaction.

a simple DNS redirection and you typed www.google.com and you bounce to my page that hooks you up (not that I would do that )

This is not user interaction because it is normal use of the computer.. to say this is user interaction is like saying because you bought a car, got in it and someone crashed into you while you were starting the engine its partly your fault.

Link to post
Share on other sites

I'm still not sure that cross-Unix viruses are especially practical. Native code viruses would likely have to deal with, e.g., the various object file formats used by Unices (ELF on Linux and the BSDs, Mach-O on OS X, COFF on AIX and Irix, etc) and non-native viruses would likely be portable to non-Unices.

that is why I gave the second part.. while posix viruses have existed.. they would also work on most windows servers also..

Since we know the first user is always root and observation tells us that most people do not add accounts to the system and when they do, they do not create limited users.. we now know that a simple install exploit will work with just an OK prompt, or worse we could send RPC commands and since the system is operating as root/admin user those commands are ran as admin..

Please tell me you mean LPC. The 'remote' part of RPC means that you can't rely on client-side security at all. I realize that there's some kind of law that RPC has to be broken but that would be a bit much.

CVE-2008-4250: The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka Server Service Vulnerability.

it is running code in a buffer overflow which means it must be using logged in user permissions.. or is it system level and it matters not if the person is admin or not. (if so this is worse.. than I thought)

Link to post
Share on other sites
First OSX Is certified UNIX.. http://www.apple.com/macosx/technology/unix.html (unix is a certification of compliance to a standard. Just Liek the Linux standards base.. )

They have a point about OS X and Unix. UNIX® certification doesn't mean that OS X doesn't suck.

it is running code in a buffer overflow which means it must be using logged in user permissions.. or is it system level and it matters not if the person is admin or not. (if so this is worse.. than I thought)

It's a remote vulnerability. The advisories I looked at said it requires authentication on the target machine on NT 6 (but not NT 5) but didn't provide details.

Link to post
Share on other sites

good point.. they all suck in there own way..

solaris never seams to be 100%, there is always something they did not complete correctly.

Most Linux distributions try to cater to windows user.. if I wanted to use windows I would

Mac OS is great when you stay in the Apple world, but once out of it.. its can get harry

Windows.. well lets not feed troll. But I will says that living in the Redmond containment zone.. I know first hand the underhanded deeds done to keep it selling.

and bsd.. stable, works well and lets face it Theo de Raadt says what he means and pulls no punches.. but for some reason like Sun, OpenBSD always seams to miss the mark..

so what is the best OS.. its the one that does what you want and you are comfortable with .. all other just suck :)~

Link to post
Share on other sites
I fail to see how a Boot Sector Virus doesn't fall under user interaction. You throw in a disk = user interaction, that's just like downloading or clicking a file. This is all user interaction... Maybe our definitions of "user interaction" are different, which may cause the arguments here.

Well, yes, because your definition is crazy. Everything requires some sort of user interaction. Your machine can't be infected unless you buy it, bring it home, set it up, turned it on, etc.

And then discover that there was a factory-installed boot sector virus on the HDD.

and autorun... again, where is the lack of user interaction here? How can you autorun something that wasn't there unless you downloaded/went to a website/dropped a disk in your tray?

You could have a mapped network drive that's infected after it's mapped.

As for worms, yes they are a subclass of a virus, they do many of the similar things viruses do.

People do many of the same things that birds do. People are not a subclass of birds.

"factory installed boot sector" which means the person(s) using the system while it being produced are at fault, which is of course USER interaction. The virus would of never made it on a system in a facility without someone placing it there first.

NetWork Drive: And you could have your BIOS infected before you bought the motherboard from someone else, what is your point? Just because it switches owners means it didn't require user interaction to become infected? Thats a bit silly =3

That bird comparison was very much farfetched. :blink:

Edited by mewi
Link to post
Share on other sites
NetWork Drive: And you could have your BIOS infected before you bought the motherboard from someone else, what is your point? Just because it switches owners means it didn't require user interaction to become infected? Thats a bit silly =3

You missed the point on that one. The user-interaction occurs before the virus is present on the drive; the infection is a side-effect of automated processes (automatic network drive remounting, AutoRun, etc).

That bird comparison was very much farfetched. :blink:

You right: humans and birds have more in common than viruses and worms.

Link to post
Share on other sites
NetWork Drive: And you could have your BIOS infected before you bought the motherboard from someone else, what is your point? Just because it switches owners means it didn't require user interaction to become infected? Thats a bit silly =3

You missed the point on that one. The user-interaction occurs before the virus is present on the drive; the infection is a side-effect of automated processes (automatic network drive remounting, AutoRun, etc).

That bird comparison was very much farfetched. :blink:

You right: humans and birds have more in common than viruses and worms.

"Automated"? I can't see how you can get a virus without initiating it through some form of interaction. If you are still clinging to the manufacturer of the product that led to a virus, that is user interaction. Some scum working for the product embeded a virus in the product.

You have to do SOMETHING to get a virus, it is impossible to get a virus if it is standing there off and not plugged into the internet ,without any removable devices. Sure you can receive a machine with viruses, but they still got there somehow...

In my opinion you don't know what you are saying! with that last statement lol.

As for this whole debate, I think it's starting to become circular ;p I'll just say I believe what I believe, and you can believe what you believe.

Link to post
Share on other sites
NetWork Drive: And you could have your BIOS infected before you bought the motherboard from someone else, what is your point? Just because it switches owners means it didn't require user interaction to become infected? Thats a bit silly =3

You missed the point on that one. The user-interaction occurs before the virus is present on the drive; the infection is a side-effect of automated processes (automatic network drive remounting, AutoRun, etc).

That bird comparison was very much farfetched. :blink:

You right: humans and birds have more in common than viruses and worms.

"Automated"? I can't see how you can get a virus without initiating it through some form of interaction. If you are still clinging to the manufacturer of the product that led to a virus, that is user interaction. Some scum working for the product embeded a virus in the product.

You have to do SOMETHING to get a virus, it is impossible to get a virus if it is standing there off and not plugged into the internet ,without any removable devices. Sure you can receive a machine with viruses, but they still got there somehow...

In my opinion you don't know what you are saying! with that last statement lol.

As for this whole debate, I think it's starting to become circular ;p I'll just say I believe what I believe, and you can believe what you believe.

yes, then its completely useless to most users. so who cares..

yes you must turn on the computer.. and you must use it to get a virus.. some make it harder than others for viruses to propagate(you probably do not remember but the first two shipments of windows 95 floppy's had a boot virus on the install disk.. and at that time, the OS was not always pre-installed by the manufacture.. so yes the user had to install the OS to make the system useful, but they had no choice)

and what dose atheist have to do with freewill?? Atheist just means the absence of belief in the existence of deities, coming from the Greek ἄθεος and agnostic mean with out knowledge (in case you want to clarify) ..

Link to post
Share on other sites

Icc, he said "God Help us All", just a snide joke lol. No God would help Me :thumbsup:

Lets go back to Apples... who here is an apple fan, and find their ads filled with lies and misleading information? Who here is an apple fan that thinks the whole "Apple's are more secure than windows" is based off from no factual statistics? Doesn't the evidence support to knock out the lies by Apple? If not, why do you think the evidence and stream of articles do not support this Apple product security?

Also, what about the hardware, do you feel the hardware is actually superior to PC? Do you find the extreme costs, infexible design and monothemed product to be superior to the PC?

Link to post
Share on other sites

The latest security studies comparing Windows, Mac os and linux were funded by Microsoft. I'm not saying they're wrong.

But what I do know is that I do computer support for a school system we have many hundreds of computers in the system. I don't know exact numbers because we are a regional school I just do one town. Anyhow we have about 70% Macs and the rest Dells a few HPs. And we have never had a security breach reported on a Mac and we have no antivirus or spyware software running on them. We do however get viruses on the PC laptops that leave the building. We have symantec antivirus on them. It's not a big deal when we find a problem we just re-image them. I have also had a rash of teachers clicking on the antivirus 2009 Fraudware popups and downloading trojans. Microsoft's Malicious Software Removal Tool has seemed to remove it so far.

I also don't think anyone here has acted like a "Mac Fanboy" they use many OS's and have from experience come to conclusions. I'm happy you've had only good experiences with XP and so don't most people but this thread is becoming pointless. Maybe we should give it a rest.

Link to post
Share on other sites

I agree,, too long and too circular..

we can bring it up again when someone reports there Mac is infected with a nasty virus on the Malware Removal Page.. :)

Peace to all..

Link to post
Share on other sites
I also don't think anyone here has acted like a "Mac Fanboy" they use many OS's and have from experience come to conclusions. I'm happy you've had only good experiences with XP and so don't most people but this thread is becoming pointless. Maybe we should give it a rest.

I agree, isteve. No one here acted like a fan boy. Parts of this discussion were interesting indeed.

I think that this discussion is now pointless. I am closing this thread.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.