>>> "Thor (Hammer of God)" <thor (at) hammerofgod (dot) com [email concealed]> 2007-11-01 17:33 >>>
>> How many Mac users have been faced with a seemingly-random request to
>> grant a non-obvious background app/utility Keychain access, not to
>> mention commonly-used apps asking for it without an easily-discerned
>> reason? And in such situation, what do they typically tend to do
>> (I've my own opinion about this, but clue welcomed).
>
>I've never been presented with anything like that on the Mac. Regarding
>this whole "MAC Trojan" thing, I have to say-- if anyone on the MSFT
>side of things came out and tried to claim "Windows Trojan" on something
>the user had to manually (and purposefully) download, manually execute,
>and then explicitly grant administrative rights to, they'd get
>firehosed.

Um, beg to differ. Much of the Windows malware currently floating around is classed as a Trojan, even though they get referred to as "Worms."

And for those who are poo-pooing a piece of malware that requires user-interaction as part of the setup, I must ask - where do you think bots in those botnets we read about in the press come from?

OSX/RSPlug only varies in the payload from a bot-recruiting trojan. If someone felt it was worth their time, and they had a good "hook" to get conversion (pr0n video codecs are well known to be effective in the Windows space), we could be adding Macs to the worldwise botnets at anytime. And given the amount of "OS-X is secure, and there isn't any malware that affects it" that gets spread around, the average Mac user is simply unprepared to consider "Is it safe to click on this link... download this package... give my administrator password...?"

This is probably as good a time as any to remind people of Dave Goldsmith's Matasano Chargen post "Safety Vs. Security" from last winter:

http://www.matasano.com/log/644/safety-vs-security-2/

I think it's still one of the more thoughtful summaries of the state of OS-X security and the malware ecosystem around OS-X.

-jml

[ reply ]