Source code for a Mac virus has gone public, a security company warned Friday, and although the original doesn't carry a malicious payload, more dangerous variants can be expected. The virus, dubbed 'OSX.Macarena' by Symantec, targets some, but not all, Mac OS X Mach-O executables. "Although methods of infecting Mach-O binaries have been publicly available for some time, this marks the first known fully functional Mach-O file infecter virus," Symantec noted in an alert to customers of its DeepSight threat network on Friday. "The source code for this virus is publicly available and as such it is possible that variants may be trivially developed to extend the virus's functionality."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-11-10
This is wrong. An Administrator account in Mac OS is still under root. Try going to your hard disk, select Applications or System and press Cmd+Backspace. Instead of all your applications going into the bin, it prompts for your password. An administrator password can substitue for root actions, but you are always prompted.
This is not the same as Windows where you can delete as you please, only stopped by anything already in use.
Member since:2005-07-06
Try going to your hard disk, select Applications or System and press Cmd+Backspace. Instead of all your applications going into the bin, it prompts for your password.
That's only due to UNIX permissions on the folder. Try selecting the applications within the Applications folder and pressing Cmd+Backspace.
That's not what I was talking about, however.
An administrator password can substitue for root actions, but you are always prompted.
This is absolutely and utterly false. See Apple's own documentation on the issue: http://developer.apple.com/documentation/DeveloperTools/Conceptual/...
The authentication services API allows administrators to use elevated privileges without prompting for a password. Note that such popular software as Parallels actually uses this procedure to install kernel extensions without prompting for a password.
For a layman's explanation, see http://www.macgeekery.com/tips/security/how_a_malformed_installer_p... .
This is not the same as Windows where you can delete as you please, only stopped by anything already in use.
Again, the same as with OS X. Except Vista actually fixes this.
Look, I use a MacBook with OS X myself; I'm not trying to make OS X look bad. But let's not lie about the way security works.
EDIT: Follow-up at http://www.codepoetry.net/2006/09/20/thwap_thwap_is_this_thing_on .
Edited 2006-11-05 00:56
Member since:2006-07-04
You might not be able to delete the Applications Folder without being prompted, but you can certainly muck with the contents of the folder without being prompted. In fact, that's how much Mac software is installed - drag app to the Applications folder. If you're running as admin, which nearly all Mac users do, you get no password prompt for such an operation. Nor do you get a prompted for deleting, renaming, or altering the contents of files in the Applications folder.
Edit: I wrote the above before I read eMagius's more technical version of what I wrote. Refer to his post for technical details. ;-)
Edited 2006-11-05 03:05
Member since:2006-01-12
Member since:
2005-07-06
It would be trivial to modify this to get past your home folder given that the vast majority of OS X users log in with administrative accounts. Note that the password dialog that pops up for elevated privileges (under an administrator account) is a mere courtesy from application writers, not something that is required by the OS.