BBC NEWS | Technology | Malicious worm aims to bite Apple

BBC NEWS | Technology | Malicious worm aims to bite Apple

A Worm, or rather a Trojan, called Leap-A, has reared it’s ugly head on OS X.

Apple has labelled as malicious software rather than a worm or virus, and this is correct, since it doesn’t propagate by itself.

But…This was bound to happen. I too often hear Mac users talk about the immunity of the Apple platform, and I agree 100% with the comments made by BBC commentator Bill Thompson in January. Bill Thompson is a long-time Mac user, and he points out that Apple users have been ‘too smug’ over security .

I’ve repeatedly pointed in Internet forums, out that writing malicious software for Mac OS X, should be at least as easy as it is on Windows, due to the high level of ‘programmability’ that is possible with Mac OS X.

This should be a wake-up call, but I’ve noticed that the people that always argue that Mac OS X is invulnerable, are extremely quiet these days.

So do you need to install anti-virus software on Mac OS X? I’d strongly advise that you do that, a good reason is that it will stop you from unknowingly forward infected files, that are targeting Windows, to your friends.

So far I’ve had the ClamXav recommended. ClamXav is based on the Open Source anti-virus progam ClamAV.

7 Responses to “BBC NEWS | Technology | Malicious worm aims to bite Apple”

  1. Thomas Says:

    “I’ve noticed that the people that always argue that Mac OS X is invulnerable, are extremely quiet these days.”

    I’ve heard tales of these people. Only from people who go on to say that they aren’t saying anything, though. Maybe because they never said anything at all – simply because they don’t exist? One would have to be more than a little naïve to claim that an operating system is immune to viruses.

    And of course it’s possible to make a virus for *any* system. And system that can be programmed can be taken advantage of. The real issue is making it so difficult to infiltrate that it requires user interaction for activation – just like the current trojan.

    Having non-admin users is a good step to stopping the worst viruses – and this is often the biggest problem with Windows viruses – people tend to use the administrator account as their main account. Besides that there are lots of vulnerabilities, overflow errors and so on, which make it far more vulnerable than other operating systems.

  2. Kim Says:

    I totally agree, even though I was choking on these sentences:

    “I’ve heard tales of these people. Only from people who go on to say that they aren’t saying anything, though. Maybe because they never said anything at all – simply because they don’t exist? One would have to be more than a little naïve to claim that an operating system is immune to viruses.”

    I’m sure that you’ve encountered “these people” in Internet forums, so why do you say that “they don’t exist?” – or did it get “lost in translation”. Anyhow I certainly do agree that they’re “naive”.

    But I probably should have resisted the temptation of commenting on Leap-A, it’s way too hyped – I’m obviousily a media-ho 😉

  3. Thomas Says:

    I really haven’t heard anyone claim immunity ever. Honest. Then again it might be because I’m somewhat critical of the the forums I frequent. I’m sure there are nutters out there who will claim anything, but those aren’t included when we talk about what is claimed by camps. At least it’s hardly fair to do so.

    It would be like taking Rob Enderle or John C. Dvorak seriously – a crime against humanity 😉

  4. Kim Says:

    Agreed, my post was not too brilliant – I must have been thinking about the potential to draw traffic to my weblog ;-). Thanks for pointing that out.

    I could hunt for examples of the ignorants that claim “virtual immunity”, but I’d mostly come up with people, that I wouldn’t listen to anyway. I, for one – like you – know better: “No system is immune to attack”.

    An important safety measure is, as you pointed out, to have non-admin accounts.

  5. Bill Thompson Says:

    Kim – there’s nothing wrong with being a ‘media-ho’ – after I wrote my BBC piece on the Mac I got several hundred emails, mostly from smug Mac users telling me I was just an attention-seeking hack and that their Macs were safe and sound. I can live with it.

    I have a friend, who I will just call ‘A’, who has a Powerbook and a belief that he doesn’t need to do anything to secure it, ever. Of course, it ships in a reasonably secure mode, but I bet he uses an admin account for everything…

    And in response to Thomas, the problem isn’t the people who know what they are doing or who have a sensible attitude to security, it’s the general population who just want a machine that works and have been sold the ‘mac is secure’ snake oil. They create a population of machines that could be compromised and might, therefore, affect my enjoyment of the platform.

    Bill (trying not to be smug) T

  6. Kim Says:

    Bill, thank you for that comment and for telling me about the e-mails you got from smug Mac users. I suppose that they’re among the remarkably silent people these days. And you really hit the mark with the selling secure ‘snake oil’ analogy, I really hope that Leap-A is a wake-up call for the community. It’s also a really strong reminder that ordinary pcs (ie. ANY fat-client system like Windows, Mac OS or Linux), really are too difficult to keep secure for ordinary users, and at the same time keep them useful.

    It’s my hope that we soon can move the majority of our computing tasks to thin-client systems. Affordable technology already exists, for instance No Machine or the promissing Ndiyo! initiative, that you reported on in Go Digital on February 13th 2006.

    BTW when it comes to malware, I’ve only once (knock on wood) in my 22 years of working with pcs been hit. It was by the Form.A virus, and it only happened because my company’s security policies had been violated. If anyone remember, Form.A was rampant in the mid 90ies, and it spread through the boot sector of a floppy disk – just like Elk Cloner- meaning that your pc got infected, if you left an infected floppy disk in the drive at boot time.

    In those ‘pre-net’ days, my company recieved a lot of floppy disks from our customers, that we later ‘recycled’. The simplistic, but efficient, security policy was that ALL disks that we recieved were to be scanned, before they were recycled (guess you’d label that ‘perimeter control’ today ;-)). This procedure had been missed – human error- so when I rebooted and by accident had left the infected disk in the drive, my drive was infected too. I knew that that spelled troubled, so I promptly did a virus-scan, Form.A was detected and I could remove it.

    It only goes to show that ‘knowledgable’ uses, which group I have the audactiy to claim that I belong to, still are at risk, no mater how ‘safe computing’ they pratice.

  7. Kim Bach . Org » Blog Archive » Blogforum2: Tak for et vidunderligt Blogforum 2006 i København Says:

    […] (sry fra “0 til 100.000 læsere på 3 måneder“) hacks – oh well jeg er jo allerede medieluder, selv om mine Technorati ratings ikke er helt så imponerende, så er jeg rent faktisk […]

Leave a Reply