Linked by Kroc Camen on Thu 22nd Jan 2009 17:52 UTC
Privacy, Security, Encryption "Intego has discovered a new Trojan horse, OSX.Trojan.iServices.A, which is currently circulating in copies of Apple's iWork 09 found on BitTorrent trackers and other sites containing links to pirated software. The version of iWork 09, Apple's productivity suite, are complete and functional, but the installer contains an additional package called iWorkServices.pkg." Update: A new variant has been discovered in a pirated version of Adobe Photoshop CS4, also information about one target of a DDOS attack coming from the trojan.
Permalink for comment 345092
To read all comments associated with this story, please click here.
RE: I blame Apple
by pcunite on Thu 22nd Jan 2009 23:10 UTC in reply to "I blame Apple"
Member since:

Unfortunately, when I update my Ubuntu box, it seems to always want root, and I grudgingly give it. But, as a rule, it's simply a bad habit, and should be discouraged. It would be interesting to know if Apple could have worked around the need for iWork to have root access during install through some other mechanism.

You thinking is close but needs just a little bit of clarification. The reason installs require root is because AFTER the install is complete it is the only way to harden a system. Most people don't run hardened systems but for those of us who do consider:

1. An executable can write to a directory. That same directory can not be executed from.

2. A directory that can be written to must not ever allow executions from.

To achieve those two points the software must be run under a limited account. The exe can run from C:\Progs but only write to C:\user\desktop. C:\Progs can never be written to by the user. The user can write a file to their desktop using notepad.exe. An exploit to the web browser would not allow a virus to live on the system.

Thus an installer must be ran as root because not only must it execute, it must write to a directory that will later be executed from.

I did not explain this the best way but hopefully you got it!

Reply Parent Score: 3