Sorry to be late to this thread, but after reading the linked articles
and seeing your "what should our message to Mac users be...?" I want to
offer some observations:

1) Malware is not exclusively targeted to Windows OS PCs

2) Antivirus protection is a countermeasure, not a defense.

3) Always treat any prompt for Administrator password with suspicion.

4) If you provide desktop administration for a Mac-based office or
organization, always create user accounts and only disclose the
Administrator password under duress.

On a meta-level - and consistent with Todd Woodward's comments about
MacOS and Security - the security community should encourage Apple (and
others) to provide more information in a security warning/popup.

Windows users have been lulled into mindless "OK" responses. Browsers
have obfuscated certificate handling so badly that warnings are
pointless. Part of the reason why "OK" is such a mechanical response
today is that the messages are either too complicated or too simple.

We need more warning messages of the kind

"Do you really want to do this? All the data on the disk will be lost!"

"The software you are about to install was downloaded from <site> - do
you trust this site as a safe source for software?"

"The change you are about to make to your firewall settings will allow
ANY user to connect to your computer, do you really want to do this?"

"Personal File Sharing allows user of other computers to access the
following Public folders on this computer - do you really want to allow
this?"

Kevin Long wrote:
>>> But has anyone detected any Macs that are infected with the trojan?
>
>> One public reference may be found here:
>>
>> http://discussions.apple.com/thread.jspa?messageID=5709418
>
> Thank you for passing this on, Philippe.
>
> It's important to note that the infected user, dave123901, made his post on
> October 29. Intego discovered RSPlug on October 30 according to
> http://www.intego.com/news/ism0705.asp. AV would not have helped dave123901,
> even if his virus defs were updated hourly. Being more discriminating when
> deciding what to install on his system would have been more effective, but
> I'm not sure if a user education program would work to deter a college
> student in his pursuit of pornography.
>
> As security professionals, what should our message to Mac users be at this
> point? The "install AV" message (note the absence of any additional
> recommendation) is no longer appropriate for Windows users as it led to a
> complacency that allowed other forms of malicious activity to flourish.
> Should we make the same mistake with Mac users now that criminal
> organizations (and not just security researchers) have taken an active
> interest in attacking OS X boxes?
>
> Non-helpful suggestions:
> Macs are not vulnerable to attack, and therefore users need not worry
> Mac users are more complacent than Windows users with AV
>
>
>
> ++++++++++++++++++++++++++++++++++++++++
> Kevin Long
> Risk Intelligence
> Verizon Business Security Solutions
> ++++++++++++++++++++++++++++++++++++++++
>
>
>
begin:vcard
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave (at) corecom (dot) com [email concealed]
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard

[ reply ]