OSNews

The problem is not that they are punished because the pirate software (most of them probably won't notice). The problem is that we that do not pirate are punished. A friend of mine says his mailserver receives 17 times more spam than "real mail". The botnets are to blame.

or open source ones and don't read the source code.

The part where the Debian maintainer accidentally introduces a vulnerability in security-critical network facing software.

Or where the fedora repositories get owned remotely. This stuff can happen to the repository system (not saying that someone can't attack Microsoft's software distribution systems... I'm sure people have tried).

The fact that the OpenSSL "fix" in Debian wasn't Malware would be irrelevant to anyone who's system had been compromised and had their identity and other crucial information stolen, wouldn't it?
The fortunate thing about the idiotic mistake by the Debian maintainer was that it was fixed very quickly, and that's the only fortunate thing about it. This was an example of someone who did not know how OpenSSL worked mucking about in the code in an effort to improve it, and releasing that patched package into the community without proper testing. This means, by the way, that repositories are only as fool-proof as those who run them and maintain them... and there's not one human being in the world today that hasn't made mistakes.
I'll certainly grant that repositories are, by design, a much more secure way of handling things than Windows or OS X have by default. But open your eyes, they aren't fool-proof and do not have a perfect record. You can bury your head in the sand all you want, the real world is still around you whether you choose to look it in the face or not.

There are no virus for it. Period.

I am aware of the difference between a virus and a trojan. Just now, every trojan infected Mac is a vector for a new virus.

better don't start because this is one useless argument: a month ago you would argue that there's no iBotnets either.

"Personally, there aren't many programs I don't get from the Ubuntu repositories"

This is one of the main things that can actually create a secure system. When users get their apps through their Linux distro's repository, they've been tested and users can feel safe about installing them. Getting them elsewhere is just like leaving the door wide open. There are trusted 3rd party repositories, but you know what I mean.

Antivirus isn't necessarily any good if you're inviting nasties into your system anyway. I can't count how many PCs with Norton I've come across that have been riddled with viruses, because either a) Norton is incompetent, or b) a virus disabled or broke Norton in the many ways that's easily possible.

Users running anti-virus on Macs would help, but only to a certain extent. There is no software to fix idiocy.

The solution to this, as I see it, is for Apple to push an update that removes it -- a lot like Microsoft's monthly malicious software removal tool.

Also, there's no software to save us from viruses that we don't know about. Security holes that haven't been disclosed to the public.

What about heuristic analysis?

How about not borking the system with useless computations? The system should be safe by design. If the user finally downloads illegal content which might have a trojan embedded, then it's the users fault. Other users shouldn't be punished because of them.

I don't buy it. There's no perfect solution for trojans. If the trojan is unknown there's a big chance it will get executed. Also no matter how many dialogs you get about something being dangerous, you'll push Ok button to get your software installed. Well, not you, but most other stupid users will.

Edit: on a side note, anyone remembers tbav for dos? Anyone remembers it's really good heuristic method? It involved actually tracing the program in debugger mode to find if it did something nasty.

Edited 2009-04-18 14:17 UTC

How about not downloading pirated applications? That would pretty much take the chances down to 0

Thom Holwerda wrote:
-"The funny bit is, though, that a trojan like this would NEVER get through Windows Vista/7. Malware protection is built-in now, so I'd get a nice little dialog on my Windows boxes telling me this file is dangerous, we've blocked it for you. You want us to delete it?"

I find this doubtful. Practically all Windows games and most applications requires administrator rights to install (mainly because of arcane copy protection mechanisms), how would the OS distinguish between DRM functionality included in a game (like protections which install services) and a trojan if baked into the installation procedure? These DRM schemes, just like trojans and rootkits vary greatly and are constantly changed so there is no way the OS can be updated to keep track and identify them, not even dedicated virus software can keep up.

Oh dear.

Just when I thought your comments couldn't get any worse, they do.

And it just shows your ignorance.
I'm not sure what else to say.

People automatically click yes to UAC, because it's the easiest way to get rid of it and open what they want to open.

That is if they haven't disabled it already.

Windows Defender I'm sure is fine (Although I've never had it work for me terribly well) for known threats, but if a new threat is on the block, I wouldn't imagine it to work very well, just like Antivirus Software.

Any stupid user is going to infect any system, even Vista and Windows 7.

I'm beginning to think you've had a knock in the head if you believe that Vista/7 would stop any stupid user from infecting a system regardless to whether it's patched.

He's talkin 'bout Defender; not UAC. Trojans are blacklisted onto Windows Defender updates. It also monitors a good deal of suspicious behaviour. Unless we're dealing with really advanced trojans; they'll likely be caught.

Heuristics in all the antivirus products on the market raise almost exclusive false positives... which is why i think they are there. Who would buy antivirus software if they aren't confronted with a "virus" from time to time.

well, that might change right now.

I've lost count to the number of computers running anti-virus software for this-or-that vendor that I had to "desinfect". I've also lost count to the number of "infected" computers I had to reinstall because the anti-virus software went completely beserk (from the countermeasures used by the viruses themselves).

Fortunately, this isn't my job anymore...

However, anti-virus software is still useful on Windows. But that's because of the massive number of available malware for this platform combined with the almost baffling ignorance of most users.

I've always ran anti-virus software on my Windows machines, but only once in 10 years did I get an infection (noticed almost immediately by a sudden burst of browser popups). And only maybe two or three times in that same amount of time did I get a warning from the anti-virus software about some blocked virus.

These Mac viruses are based on user ignorance alone, an AV software can do almost nothing to prevent this.

Avoiding crack/serial sites and pirated software is a good place to start to avoid getting pwned. And today there is hardly an excuse for pirating software, even in Windows-land. Most computers already come with a Windows license, and there are opensource options for most of the rest (the only "alternative" that most people would probably not want is the office suite, but MS Office is not as expensive as it used to be).

That's why I believe the idea that antivirus companies are behind the creation of these viruses.

In the same way that all locksmiths are behind burglaries?

Actually I a local locksmith was charge for break and enter three weeks ago, I went to school with him. I knew not to trust him!

Many years ago one of my police friends told me that many locksmiths are closely associated with burglars or are burglars themselves. He said houses are often burgled a few weeks after a visit by the locksmith. In particular expect your house to be burgled if you buy a safe from a locksmith.

There aren't. This malware is a Trojan, not a Virus. It does not replicate itself and it does not get onto a System without the help of its user.

Since Antivirus software can't really protect you from that kind of malware more than to give you a false feeling of security, i still regard antivirus software for OS X obsolete.

I wouldn't even think about buying antivirus software for Mac before we had something that comes over the network without my help, like Blaster or Conficker.

No offense, but what you said seems like a fanboy remark. If you look at the security model of Leopard vs Vista; Vista is a lot more secure in design. The reason mac didn't have till date is the same as before -- it wasn't a lucrative target for virus-makers till now. Not cuz "apple is ahead of the curve". If that were the case they could have done some justice by including atleast a simple paint-software (iPhoto is *NOT* what I want).
As for being "cheap", even World of Goo at $20 is pirated at 90% --- it's about getting things for free; and those two are *quite* different. IMHO.

However; I don't think antivirus softwares are as needed as customer awareness and education . There was this incident where my friend complained that his (pirated) copy of Symantec was outdated. When I gave him Avira; he COMPLAINED that it showed a lot of virus warnings; so removed it...

You are wrong. All major Windows virus and worms get in without the need for the user downloading and executing them.

This is just a case for user stupidity.

People like analogies, so here goes one:
A guy is worried about his house safety. So he buys the best door and a good security system. It works fine. Only he is able to get in and out. One day he meets another guy in a party, they talk and seem to become good friends. He invites his new friend home and lets him in. He got robbed.

Edit: after re reading that "vista is more secure in design", come on. What design?

Edited 2009-04-18 13:25 UTC

"There is a point where an individual has to start taking responsibility for the choices they make;..."

You just hit the nail on the head. Sadly in todays society, people are taught from a young age that everything is always someone else fault. That is why there are so many lawsuits and idiotic defenses these days. That carries over into computer usage and everything else people do. People don't have a clue what it means to be held accountable for actions these days, as if they do something wrong and don't die, they can always sue someone for their own stupidity.

Whoops, was away a bit too long.

@sbenitezb
Virii get in without users' need? Besides Conficker I can't recall a good case. XP's security sucks; no doubt. But I'm not referring to XP. Even in XP; avoiding IE + Autoplay was all it took for me to skip any virii ending up on my laptop for over 2 years.

Your analogy applies just as good for Vista. Nevertheless I don't like analogies to prove a point, they're generally good for teaching only.. IMO

As for the security; take a look at the Miller's interview. Whether you think he's a scumbag or not; the precautions he mentions taken by vista are much superior. There you have it, your "design". On the other hand; how is "leopard's design" any better?

@kaiwai: Seconded.

Edited 2009-04-18 14:28 UTC

Quit saying virii. The english plural is viruses. And the latin plural is not -ii.

Thing about that is... it would only work if the os in question uses a package manager. OS X doesn't, neither does Windows, and I'd hate to see what Apple might attempt to do if they built a central package manager into OS X. Mac App Store and jailbreaking, anyone?

@sbenitezb: about virus...es, it was something of a fetish
@Kroc: MD5!?! Why would a general user go through something as geeky as checking the MD5 hash?

@werpu: No -- an anti-malware is NOT an anti-virus. Also; wha!? Did you even use vista?!?

I second darknexus, all it takes is a serial-key..

this is from an interview with the guy who cracked safari in a matter of seconds in the last pwn2own

I honestly don't know/understand what makes an OS secure or not. All I know is that I know of no OS X/Linux users with a virus and with Windows.....

This article is not talking about a virus, it's talking about installing custom software that normal OS X users would be at risk of, and that can't even spread.

What we're talking about is users that intentionally download illegal software and ignorantly trusting the sources.

@lqsh: In majority of those "windows...." cases it's through cracked software; and not updating their OSes...

Edited 2009-04-18 14:28 UTC

so majority of windows' users are grandparents?
EDIT: and they're updating the OS too?

Edited 2009-04-18 14:53 UTC

He missed a grandparent-friendly case:

"Please click on this link to view an animated ecard program sent by your grandson!" *trojaned*

In contradiction to a previous poster's comment, more like 80-90% of Windows badware exploits no vulnerability in the OS. Most of the rest are developed after the patch was released via reverse-engineering.

Perfect example, and aside from pirated/illegal downloads, easily the most prevalent cause of infection. Specifically, I see a lot of these that have a payload of Vundo along with several others such as AV360 and SPW2009. The number of times I've had to clean those out...
This is why educating computer users would be more valuable than any Antivirus solution... a pity most don't seem to want to be educated. You have a tool (a computer in this case) you should be expected to know some things about maintaining it and safety (both yours and everyone else's).

Burrowing your head in the sand is an awesome defense strategy.

And *even* then, iWork has no anti-piracy measures in it, neither does it require a serial. Therefore, people are even more stupid for not checking MD5s and trusting any old download to be unmodified.

You're thinking of iLife, not iWork. iWork does require a serial number, however that is it. There's no activation or other anti-piracy measures in it, so what a smart person would have done would have been to download iWork directly from Apple and just get the serial from somewhere else if they were going to pirate it. Then again, typically those who pirate software lack in the intelligence department, or at least in common sense.
Still, software piracy (for lack of a better term) is wrong. If you don't want to pay for the cost of that proprietary software package, don't use it. Find one that costs less or is free, or go without.

Except you're wrong in that iWork '09 does NOT require a serial number like iWork '08 did.

The download version needs a serial no. The disk version doesn't.

I was reading on Wikipedia the features "missing" from the Mac version of MS Office, when compared to it's contemporary Windows counterpart. It seems to me that OpenOffice has better MS Office compatibility on OS X than MS Office.

Heuristics are fairly reliable. Maybe not Symantec's ... but still.

Symantec is looking to provide us with security so that we can roam about the big bad world of Internet safely, on second thought Symantec might be interested in extracting more money from us by scaring the $hit out of us.

Ah, but there COULD be. How hard would it be to set up a site with md5 sums of "healthy" programs, to compare to warez you download? Even if you don't trust the site, you'll know if there's a problem when the md5s don't match.

Moredhas wrote:
-"Ah, but there COULD be. How hard would it be to set up a site with md5 sums of "healthy" programs, to compare to warez you download? Even if you don't trust the site, you'll know if there's a problem when the md5s don't match."

Uh? These cracks would have to make changes to the programs code which would then result in a different md5 hash, no matter if they inserted a trojan or not.

Indeed and on that day, there will be some actual news to report.

You misunderstand what a virus is. A virus relies on a stupid user to propagate. It *is* different from trojans, but only in that it copies itself to other applications' code. When these other applications are then "shared" by stupid users with other stupid users the virus copies itself to other applications. Any OS that runs applications at all can have trojans, and almost any OS can have viruses. Nowadays few people actively share files, so viruses are more rare than in the MS-DOS days.

Anyways, user intervention *is* always needed. They might require a lot or a little bit, but it is always needed.

What you are thinking about are worms. Worms only require a remote vulnerability that allows code execution to spread. Mac OS X has been show to have unpatched remote vulnerabilities, so the only reason that there has been no news release on that is because nobody that knew about them has bothered to write one.

I'm not sure if your reply was to me or the parent of my reply but neither my post nor the parent used the words virus, trojan or any other technical description for what was going on here.

I think the parent referred to it as "shady" software, now I don't think that's a new category of malware he's referring to there, just an all encompassing one.

Practice what? Reading proprietary lines of code? It'd be easier to practice if it weren't so hilarious
EDIT:
As for the "impeccable record", my university has one too... If the repos are clean it's cuz the PROJECTS are open-source; not cuz of the repositories.

Edited 2009-04-20 12:19 UTC