5

11/2/2007 10:34:11 AM

^^That just goes to show that the Apple user base is expanding fast. Of course it sucks that these lifeless douche bags are creating trojans for Mac's now...but that just means Mac is slowly starting to take the spotlight.

11/2/2007 10:53:52 AM

Yeah but one of the top advertising schemes they use to sell thier computers is "they don't get viruses." They'll just have to rethink that a little.

11/2/2007 10:56:30 AM

yeah like that "Hi I'm a Mac, and I'm a PC" ad that came out not too long ago lol

One of the many things I loved about Mac is not having to run any anti-virus/anti-spam software...not that I will start now because I'm not a internet n00b that clicks on everything that says "click here!"

11/2/2007 10:58:10 AM

Yeah, i guess everytime i go into an apple store i always hear the apple guys telling new computer users about macs lack of viruses. It seems to be thier biggest sales pitch. But yeah hopefully this won't be a big deal.

11/2/2007 11:02:25 AM

Quote :

"Yeah but one of the top advertising schemes they use to sell thier computers is "they don't get viruses." They'll just have to rethink that a little."

read-up on how this trojan works. You have to download a file, then when you execute it, it asks you to authenticate with your OS X username & password. It doesn't exploit a particular flaw in the computer because it requires you to authenticate the installation. Once you authenticate the installation, it can do whatever it wants, just like any program that you authenticate.

see how it's installed:
http://www.intego.com/news/ism0705.asp

Quote :

"A malicious Trojan Horse has been found on several pornography web sites, claiming to install a video codec necessary to view free pornographic videos on Macs. A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites. When the users arrive on one of the web sites, they see still photos from reputed porn videos, and if they click on the stills, thinking they can view the videos, they arrive on a web page that says the following: Quicktime Player is unable to play movie file. Please click here to download new version of codec. After the page loads, a disk image (.dmg) file automatically downloads to the user’s Mac. If the user has checked Open “Safe” Files After Downloading in Safari’s General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg. If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator’s password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the web site, they will simply come to the same page and receive a new download. "

that's quite a process, just to get the Trojan installed and loaded.

11/2/2007 11:19:18 AM

^yeah one of my co-workers was telling me that. Sounds like User Stupidity to me. Its no different than clicking on "You've won a prize! click here to claim it" banner ads

11/2/2007 12:54:40 PM

^ yeah, but in addition to clicking a "you've won whatever" banner, in windows you would still have click "open" or "save" to something it asked you to download, then click "run", then supply your administrator password when it tried to install.

NEWSFLASH - it is possible to write programs on Mac that can damage or change the computer. In fact, computers wouldn't be much good if it was not possible to do this, because developers couldn't write any useful programs for the any OS.

The only difference here is that unscrupulous websites are hiding these programs under the pretenses of being video codecs. This, again, is something any website can do, and any OS and user is vulnerable to if they 1) choose to download the program, 2) choose to open/execute the program, then finally 3) choose to give the program administrative rights to their computer.


This would be a legitimate security threat if a user simply visited a website, and without initiating or authorizing any action, a program was downloaded and installed in the background without the user ever knowing. Problems like this have been found on Mac/Safari in the past, and of course on Windows in both IE and Firefox.

This is a non-issue.

11/2/2007 1:20:58 PM

Quote :

"One of the many things I loved about Mac is not having to run any anti-virus/anti-spam software...not that I will start now because I'm not a internet n00b that clicks on everything that says "click here!""

newflash: the same applies to savvy PC users.

11/2/2007 1:25:00 PM

^the same what? you saying savvy computer users get hit with this shit? Because I certainly don't. I've never had a virus infect my home PC's in my life. And I don't use any virus protection until recently with one care.

11/2/2007 1:26:32 PM

Quote :

"One of the many things I loved about Mac is not having to run any anti-virus/anti-spam software."

11/2/2007 1:29:25 PM

^the point I was making was even a moron doesn't have to run anti-virus protection.

Like I said, I didn't have a need to run any of that shit on PC's either but that doesn't mean PC's weren't very vulnerable in the hands of the average user. aka girlfriends.

11/2/2007 1:31:15 PM

"no viruses" is the sales pitch to the new and to the non-nerd customer. macs have been and still are more secure, and i really don't think 1 trojan has a lot of effect on that. more viruses and malware are coming, it was just a matter of time.

i don't need porn anyways, so as far as i can see i still don't have much to worry about lol

11/2/2007 2:00:54 PM

http://dailyapps.net/2007/10/hack-attack-install-leopard-on-your-pc-in-3-easy-steps/

http://www.tomsguide.com/us/2007/11/02/mac_osx/

Quote :

"If you're wondering why Mac OSX won't just work on a typical PC, like Windows and DOS and Linux and Unix and OS/2 and ... well you get the idea... all other Intel-based operating systems, the answer may surprise you. It's not an incompatibility issue; it's intentional interference from Apple. Apple has placed specific code in the Mac operating system that looks for a special chip found only in Apple-built computers. When the Mac OS fails to find this chip in a PC, the Mac OS refuses to install. This gives rise to the question: "Once I buy the right to use an OS, shouldn't I be allowed to install it wherever I want to?""

Anyone tried it yet? I heard it's very easy. Gonna give it a try tomorrow.

[Edited on November 3, 2007 at 9:26 PM. Reason : .]

11/3/2007 9:24:30 PM

^welcome to two years ago. google osx86 and join the rest of the nerd world.

11/4/2007 12:53:27 AM

^^ What chip are they talking about? The TPM? That's available on lots of mobos now.

If they're talking about EFI, that's a standard that other manufacturers have chosen not to embrace yet.

And there are still nonexistent drivers for tons of motherboards because no one would think to make Mac OS drivers for them.

11/4/2007 1:01:51 AM

^^Oh i knew about osx86, i just wanted to know if anyones tried to install leopard yet.

^As far as the chip goes, they're not talking about EFI. Although we need to get rid of bios and switch it EFI.

11/4/2007 10:33:47 AM