November 27, 2006 6:10 PM PST
Adware sample targets Mac OS X
- Related Stories
-
Attack code targets zero-day Mac OS X flaw
November 21, 2006 -
Adware may be lurking in video on MySpace
November 7, 2006 -
Attack code out for new Apple Wi-Fi flaw
November 1, 2006 -
Is Mac OS as safe as ever?
February 27, 2006
The program, dubbed iAdware by the Finnish security company, is possibly the first example of adware for Macs. It is especially interesting since it doesn't require administrative privileges to nestle itself on the computers, according to F-Secure.
"We won't disclose the exact technique used here, it's a feature not a bug, but let's just say that installing a System Library shouldn't be allowed without prompting the user," according to the F-Secure blog on Thursday.
The program is a proof-of-concept sent to F-Secure and it is not out targeting users on the Internet.
"In theory, this program could be silently installed to your user account and hooked to each application you use," according to the F-Secure blog. "This particular sample successfully launched the Mac's Web browser when we used any of a number of applications."
Malicious software that targets Mac OS X systems is rare and has been limited largely to proof-of-concept code, instead of actual attacks. However, there are indications that hackers are increasingly targeting the Mac, which experts have said is not impervious to attacks.
For example, as part of a campaign called the Month of the Kernel Bugs, several new flaws have been disclosed in Apple Computer software, the latest on Monday in the AppleTalk protocol. Last week, exploit code was released for another yet-to-be-fixed flaw in Mac OS X related to disk image structures.
Apple could not immediately be reached for comment.
See more CNET content tagged:
F-Secure Corp., adware, Apple Mac OS X, Apple Mac OS, Apple Macintosh
128 comments
Join the conversation! Add your comment (Log in or register)
Linux has holes, Mac OS X has holes, we all have holes, the issue is
folks running around creating "proof of concept scenarios"
spending literal weeks to make sure that their idea works if you do
this and that in just this way at this time and bam, you can take
over a system. They and you, need to get a life.
haters is rather outdated. I've been a mac user all my life and
have never toted invincibility as a way that OS X is better than
windows. I think you'll find long time mac users like the OS
because of simple preference, because Apple is the underdog,
and because Microsoft seems to just miss on just about
everything it does. Recent switchers are looking for a breath of
fresh air. That ego is somehow a part seems to me to be more a
boogieman of the windows blogger.
And everyone is curious to see where the companies go in the
future, especially with the gradual retirement of the founding
fathers of personal computing. This article is a mixed blessing.
Weakness is never good, but maybe companies will wise up and
develop security software for the mac platform. All of you
Windows-Hater-Haters... These comments make me smile.
restarting his computer, and removing viruses.
Well listen here mate, I have a Mac, and I have no anti- virus/
software installed what so ever. Not because no one makes them
for mac, but because I don't NEED them. If you really think that
this silly bug is gonna make Mac users scurry around for Virus
protection, then think again.
PS There is anti virus software for mac, but whoever makes them
is probably not doing to good!!
I think you should research your comments a bit more. I'm not a
windows hater or a mac zealot, but you, sir, are wrong.
comes up with a virus for macs.
Scanning a Mac for Windows viruses is just a waste of time.
Windows, NIX, or OS X user. All this proves is something I have
always maintained, that there is no such thing as a completely
secure OS. And while I must admit I dislike Windows I do have it
installed on one of my systems here.
And if you are looking for zealots you have to look no further than
the closet windows forum. They are to be found in any OS.
until we have some. Back in the pre-osX days we had some worms
(9) but for every one there was an easy and free solution so even
then we didn't use Norton or others except when we wanted to
corrupt the system. :/
Or he doesn't know how to read well! This isn't even a threat, let
alone a problem.
The main reason this is the exception, not the norm, is the small market share of Apple computers. Why would an adware firm create a program that would only reach 2% of their target audience?
You can feel safe with your mac so long as too many people don't "make the switch".
I want to be able to download this threat so I can see for myself how dangerous it is. This--in the laboratory--stuff is way to meaningless.
,dave
Windows gets attacked everyday for 1 reason: it is stupid easy to do it.
Old macs had viruses and a smaller market share.
Apache has ~70% market share, yet is not close to having the most exploits.
Too bad your theory is based on computer illiteracy.
Go ahead, clutter your PC with AV and AS software and think that is a better solution.
MS thrives on morons like you.
wake me up when someone cames up with something that can thrive in the real world on OSX
the internet. End of story.
Good night.
so far! The new OS is coming soon... do you think that Mac will
permit such samples to live within the generationsof the OS?! I
don't think so...
Actually, if was in the wild, it would be a serious threat. The ability to silently install something onto your computer without administrator rights is no joking matter. What bothers me is that the method uses what is described as a "feature". Features are build that way intentionally and I hope they do not include it in any future releases... but being that it was described as a feature probably means apple intends to continue it as such (and not even fix it for the current version either).
Chock this up as a milestone of Apple getting successful. Now let's see how things go when and actual virus is released in the wild and compare the results with the current world champion; Windows.
If this continues, then the only thing left may be the pretty little GUI to stand out with.
up with viruses and spyware in the hopes of scaring users. This
'malware', like all the others previously announced, will not affect
any Mac users outside the small group 'testing' it for these
companies.
First, Independent assessments, demographic surveys etc. have
REPEATEDLY shown that in general mac users are better
educated and are in higher income brackets.
Second, you should probably point that finger a little closer to
home, seeing as you haven't even mastered subject verb
agreement in English, as in there "are" no mac infections, not
there "is."
Third, the reason that there are no mac virus infections is quite
simply because there are no OSX viruses.
As for sophistication, I'll pit my knowledge of Windows against
your knowledge of OSX any day. In fact, I'll pit my knowledge of
Windows against your knowledge of WINDOWS any day.
That's funny. Microsoft has used that same excuse concerning active x. What concerns me the most is that it can install silently and doesn't require administrative rights. From a security standpoint, that's just not acceptable, even if it was built that way intentionally.
That is what I take away from this article. If it accurate then someone at Apple has taken a "Microsoft" attitude about the relative importance of security versus convenience. Although Apple has had excellent results from their decisions about security, that does not mean they could not lose it by making poor decisions today and in the future. It is too early to panic but Apple needs to hear critical response if they do try to cut corners as the article implies.
Haaaaaa!
Haaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!! Haaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!!!
...
Mac users spend too much of their life savings on a Mac to have enough left over to buy anything else...
</sarcasm>
^_^
A challenge - run your PC for 1 day without virus checking, adware protection and a firewall as most Mac users do and see how pure it remains.
Just in response to the PC challenge thing, I have run my PC with high speed connection without firewall, virus scan, etc for the past 4 months straight (I got tired of mcafee's new system giving me pop-ups all the time). I ran a scan yesterday and i had 1 potentially unwanted program, a windows service update.
If anybody is that concerned about viruses, they should switch to Linux/unix because they have *free* firewalls, virus scanners, and other security features, plus they have fewer viruses than macs. Windows:mac as mac:Linux. Bugs are also fixed faster than with either microsoft or apple.
Not only do macs have viruses, but apple charges outrageous prices for almost identical hardware as pc's (just a chipset or two and the BIOS). With a PC, if you don't want to pay the "microsoft tax" then you don't have to. Most linux versions are free. (They do make linux for mac but try buying a new mac without an os and you will be dissapointed) Linux also has the ability to run windows based programs if you so want to, but there is a FOSS alternative to just about everything you could ever want.
If you are sold on linux, check these out for more info:
fedora.redhat.com (Fedora Core project, sponsored by Red Hat)
www.ubuntu.com (www.kubuntu.com is a slightly different version. Both are excellent)
www.opensuse.org (opensuse, novell's community based distibution)
www.freespire.org (Very windows-like)
www.gentoo.org (long-standing community distro)
There are many others but these have made efforts to be beginner-friendly.
We dont really need to be here 'keyboard yelling' at the tops of
our lungs about who has the better and more secure system. If I
wanted a windows PC, I would have gone out and bought one. If
someone else wanted a mac, they could have done the same
thing. You like what You like, I like what I like, so lets just blog
about the issues at hand.
any piece of software can (theoretically) be compromised. Be it
Windows or Apple. go out, get a good antivirus software and
check for updates regularly. Set your security systems on high
(or whatever) and back up regularly.
I use a mac. Im pretty secure in the system that I use, but Im
also pretty much on the look out for things that will compromise
my system.
So instead of trying to bash each other about who is running the
better machine (I will keep my opinion out of it), why not agree
that the hackers are the bogey men for all of us!
(yikes31 offers a fig leaf of peace to windows and mac users out
there, that they might put down their keyboards of war that they
are waging on each other!)
effort to force me to read more ads. I can't imaging why else.
However, I'm done. I find it painfully annonying to have to click
to another page to read the next comment.
I'm done. I'll get my user feedback elsewhere.
Anyone else feel this way. Post you comments here. Maybe,
doubtful, but maybe they'll listen.
just doesn't slip through no matter how much the Apple haters
want it to.
It's a simple little feature of OSX called "Folder Alerts". Anytime
a file is added to my "Library" folder, a pop-up window alerts
me. I can investigate anything that seems inappropriate.
So even if I have a syupid moment and fall for a "Social
Engineering" attack, OSX never lets me down.
I can tell OSX to alert me for many actions for any folder I
choose.
Thanks Apple. I love you guys!
Picture of "Folder Alerts": <a class="jive-link-external" href="http://img171.imageshack.us/" target="_newWindow">http://img171.imageshack.us/</a>
img171/5740/picture5io4.png
TO BE ONE TOO!
I made the switch to Mac last december with a bottom of the line
iBook. Thats all it took to know I would never go back to a PC.
Those who say OSX is flawed by design, and is no more secure
the Windows, are just silly. They clearly only know what they
read and have little or no hands on experience working with a
Mac, especially on the technical side.
Apple will have to deal with an increasing threat, who cares
about the numbers and percentages. As far as I'm concerned
everything is in the hands of God and statistics mean nothing
anyway. However, Apple has a much tighter operating system to
gaurd from malware and viruses! I have worked in development,
and have held the title of Director of Information Security at
large datacenters.
I know first hand that the reliability and security of OSX is
incredible, although as with all things it is subject to change. I
can only speak on what has been and what is, not what will be.
Mac & I will never spend another dime on Windows again! I haven't
had to scream and/or hit my iMac since I've had it. Show me a
Windows user who has done the same. I'm not trying to get the
whole world to switch because different people need different
things out of their OS....But DAMN do I love my Mac!!!!!!
I'm tired of the idiots constant saying this is better than that, my OS is better, this OS has more holes/exploits than this....it's childish.
We've grown away from the concept of the personal computer, it creates a platform for creation and communication. I don't care what OS you're running, I care about what you're doing with that OS. What content/application/database/automation/design/creative thing are you starting and completing? To hell with your security features and bells and whistles.
Until you do something with that machine you're simply being taken advantage of by clever marketing companies who've probably indicated what you needed your entire life (materialistic Americans at their finest).
If you're bashing one OS or another you better be a developer otherwise you're about as lame as a child rapist.
otherwise you're about as lame as a child rapist."
What kind of wacko makes a statement like this? Someone who is
exactly what they claim to despise. You are a true idiot.
People respond to BS posts to try to help rid the world of fear,
uncertainty, and doubt, and you, sir, have added nothing to the
discussion.
believes that WiFi is a term of Hawaiian origin and that the
technology was invented in Hawaii.
Clue: WiFi was not even invented in this country, continental or
otherwise.