Linked by Thom Holwerda on Tue 1st Mar 2011 00:28 UTC
Mac OS X It's sad to see that even after all these years, we still have to write articles like this one. It's all over the web right now: a new backdoor Mac OS X trojan discovered! Code execution! Indicative of rise in Mac malware! Until, of course, you actually take a look at what's going on, and see that not only is it not in the wild, it can't really do anything because it's a beta.
Thread beginning with comment 464359
To read all comments associated with this story, please click here.
Maybe I'm crazy...
by darknexus on Tue 1st Mar 2011 01:12 UTC
darknexus
Member since:
2008-07-15

But I don't give a damn if a piece of malware can gain root privileges on my desktop when measured against the greater harm that results from it getting and sending my personal information. This old mentality of "oh, well, it can't gain root so it's no big deal" needs to stop dead. Which is worse, my system being brought down or otherwise affected... or my personal data being snagged? This isn't a trick question, especially in today's environment. I'd argue that gaining user's data is worse than gaining root privileges when you're referring to desktop machines. On servers, of course, the situation is completely different and root access is much worse than a single user being compromised. We're not talking about servers this time around, however.

Reply Score: 11

RE: Maybe I'm crazy...
by WorknMan on Tue 1st Mar 2011 03:43 in reply to "Maybe I'm crazy..."
WorknMan Member since:
2005-11-13

But I don't give a damn if a piece of malware can gain root privileges on my desktop when measured against the greater harm that results from it getting and sending my personal information.


Yeah, or using my box as a spambot or to set up a P2P hot spot for warez and/or child porn, neither of which require root access, AFAIK. Honestly, I'd rather them just gain root access and wreck my machine, as opposed to doing something that might lead to being sued by the entertainment industry and/or having cops knocking at my front door, wanting to ask me a few questions.

Edited 2011-03-01 03:46 UTC

Reply Parent Score: 2

RE: Maybe I'm crazy...
by WereCatf on Tue 1st Mar 2011 05:26 in reply to "Maybe I'm crazy..."
WereCatf Member since:
2006-02-15

This old mentality of "oh, well, it can't gain root so it's no big deal" needs to stop dead.

But I don't give a damn if a piece of malware can gain root privileges on my desktop

While I agree with the first quote, I disagree with the second: if malware gains root privileges then that malware does indeed have access to all of your personal information AND it has much better chances of being able to hide its existence from you and your antivirus applications.

Malware with root access == malware with access to absolutely anything you do on your machine, including anything personal.

Basically I'm saying malware is bad, with OR without root access.

Reply Parent Score: 4

RE[2]: Maybe I'm crazy...
by Alfman on Tue 1st Mar 2011 15:30 in reply to "RE: Maybe I'm crazy..."
Alfman Member since:
2011-01-28

"Malware with root access == malware with access to absolutely anything you do on your machine, including anything personal. "

I am not sure why this is even debated.
Root access is a superset of user level access.
User level access is sufficient to steal user files and to turn a machine into a zombie.

Reply Parent Score: 1

RE: Maybe I'm crazy...
by moondevil on Tue 1st Mar 2011 07:15 in reply to "Maybe I'm crazy..."
moondevil Member since:
2005-07-08

Couldn't agree more. And this is something that many Linux/Mac die-hard fans fail to see.

Unless you use a specific guest account for Internet access, how inconvenient it might be, there is always the possibility to own an application and via it access your data.

All under a normal user account.

Reply Parent Score: 2

RE: Maybe I'm crazy...
by UltraZelda64 on Tue 1st Mar 2011 10:20 in reply to "Maybe I'm crazy..."
UltraZelda64 Member since:
2006-12-05

But I don't give a damn if a piece of malware can gain root privileges on my desktop when measured against the greater harm that results from it getting and sending my personal information. This old mentality of "oh, well, it can't gain root so it's no big deal" needs to stop dead. Which is worse, my system being brought down or otherwise affected... or my personal data being snagged?

Depends on the use of that desktop, really.

If it's a personal computer with only one user set up and one person ever using it, then sure, there's not much of a difference with root access or not. Whatever infects it has access to everything on that user account. Similarly, multiple people using one account can be just as bad--if not worse, because one person could get the infection and everyone suffers, and it only takes one person to start it all. And there's far more people who have no clue what they're doing than there are people who know computer security basics.

If it's a family computer with multiple user accounts set up and decent security, if one user's account gets infected all of the other users are generally safe, at least from the effects of a spreading infection. Depending on how groups are set up, reading other users' data can be possible, but Debian for example sets up each user with their own group to prevent this kind of thing. If it gains root though, not only is that a sure-fire way for it to be able to spread and infect other users' accounts, it has no restrictions on file access whatsoever.

So root access, IMO, *can* be much worse. It just depends on the situation and how the machine is set up.

Reply Parent Score: 2

RE: Maybe I'm crazy...
by wannabe geek on Tue 1st Mar 2011 12:44 in reply to "Maybe I'm crazy..."
wannabe geek Member since:
2006-09-27

Well. it can make a real difference if you are taking advantage of the Unix security model. For instance, if you create a different user to own your backups, then a user-level malware can't nuke them. If you run a rootkit detector on boot, if you have a low privilege user for dangerous activities, and so on, same thing. One caveat, though, the X server has a lousy security, so I would recommend to run diffent users in different virtual consoles. I used to run two X sessions at once, one for graphical admin tools like Synaptic and one for user stuff. You can also do without graphical admin tools and use command-line ones. Now I got tired of it and I just stick to frequent updates, NoScript and common sense, waiting for an object-capability OS.

Reply Parent Score: 2

RE[2]: Maybe I'm crazy...
by WereCatf on Tue 1st Mar 2011 14:03 in reply to "RE: Maybe I'm crazy..."
WereCatf Member since:
2006-02-15

For instance, if you create a different user to own your backups, then a user-level malware can't nuke them.

The problem isn't so much the malware that just deletes files, the problem is the malware that reads them! It's quite common for people to keep important job-related files on their computers, or they write down their passwords in some text file and so on, and as such those personal files are very lucrative for malware writers to read over.

It's only script-kiddies who want to destroy files, the real threat are those people who write malware that hides itself from the user and doesn't do anything that would attract attention.

Reply Parent Score: 2

RE: Maybe I'm crazy...
by mrstep on Tue 1st Mar 2011 20:22 in reply to "Maybe I'm crazy..."
mrstep Member since:
2009-07-18

root gives you EVERY users data. If you (as in this case) install a Trojan, there's nothing that will protect you. though you still have to give it root access yourself.

It's like the one that was bundled in a pirated version of iWork - if you decide to trust stuff that may have been modified and run it, it has access to your files. Worry more if it has root access though, since that's the point where you've really lost control of the machine.

Reply Parent Score: 1

RE: Maybe I'm crazy...
by kaiwai on Wed 2nd Mar 2011 01:29 in reply to "Maybe I'm crazy..."
kaiwai Member since:
2005-07-06

If you think the linkbait is bad, then check out this:

http://img600.imageshack.us/i/screenshot20110302at125.png/

That is an advertisement by Google (on Macrumors) linking to two known scam websites, bidfun and bidhere, both of which are owned by the same company and both are known to be fraudsters and yet we have Google quite happy to take money from con-artists. At least in the case of linkbait all you need to be is a little savvy about the internet but if something is being advertised on a platform run by Google wouldn't it be correct that Google wouldn't allow con-artists and fraudsters to use their services to commit criminal acts? I mean, if I was an average end user I'd assume that Google checked out the company before allowing them to advertise with Google.

But I don't give a damn if a piece of malware can gain root privileges on my desktop when measured against the greater harm that results from it getting and sending my personal information. This old mentality of "oh, well, it can't gain root so it's no big deal" needs to stop dead. Which is worse, my system being brought down or otherwise affected... or my personal data being snagged? This isn't a trick question, especially in today's environment. I'd argue that gaining user's data is worse than gaining root privileges when you're referring to desktop machines. On servers, of course, the situation is completely different and root access is much worse than a single user being compromised. We're not talking about servers this time around, however.


Agreed; with so much personal data on ones computer either explicitly in files or saved in cache or even virtual memory that hasn't been flushed yet (Mac OS X has 'secure' virtual memory) will cause more damage than some mischievously socially engineered application.

I personally think the whole thing is way over blown because at the end of the day there is nothing you can do as so far as 'security' and 'linkbait' unless one were to go to the logical extreme and lock down the whole system with the only avenue of purchase being through some sort of 'AppStore'. I would sooner give up some security if it means I have more liberty in the process - freedom is never neat and tidy, and quite frankly I don't think the hysterics of halfwitts getting hacked because of their own stupidity is really helping the situation either.

Reply Parent Score: 2

RE[2]: Maybe I'm crazy...
by Alfman on Wed 2nd Mar 2011 02:58 in reply to "RE: Maybe I'm crazy..."
Alfman Member since:
2011-01-28

"there is nothing you can do as so far as 'security' and 'linkbait' unless one were to go to the logical extreme and lock down the whole system with the only avenue of purchase being through some sort of 'AppStore'."


I hope I am misunderstanding you, because the app stores of the "walled garden" variety are not about security so much as they are about control.

Even devices in walled gardens can have vulnerabilities exploitable through the app store or directly. The iphone rootkit (which is generally used intentionally by end users to break apple's chain of control) is technically proof of a vulnerability in the device.

While it represents a win for end users due to the freedom it gives them, it represents a failure by apple to protect it's platform. It's just so contorted that we live in a world where we have to break into our own devices.



"I would sooner give up some security if it means I have more liberty in the process - freedom is never neat and tidy..."

Thankfully we agree, but I don't think security implies lack of freedom in the first place. However, security just happens to be an excellent excuse for vendors to take freedoms away from the ignorant, and by extension (through market pressure) the rest of us too.

Reply Parent Score: 1

RE[2]: Maybe I'm crazy...
by Neolander on Wed 2nd Mar 2011 05:50 in reply to "RE: Maybe I'm crazy..."
Neolander Member since:
2010-03-08

How about not giving average applications access to so much user data (which they really don't need) as a default setting, but giving the user the option to choose to do so for software which requires it, with an UAC/gksudo-like window ?

Reply Parent Score: 1