Linked by Hadrien Grasland on Sat 25th Jun 2011 08:55 UTC, submitted by John
Mac OS X "Using a Mac may certainly be a safer choice for a lot of people as despite being vulnerable they are not targeted. However this is not the same as Macs being secure, something Eric Schmidt erroneously advised recently. I may be able to browse impervious to malware on a Mac at the moment, however I personally would not be comfortable using a platform so easily compromised if someone had the motivation to do so. In this article I address just why OS X is so insecure including the technical shortcomings of OS X as well as Apples policies as a company that contribute to the situation."
Thread beginning with comment 478629
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Just another article
by Alfman on Sun 26th Jun 2011 04:58 UTC in reply to "RE[4]: Just another article"
Alfman
Member since:
2011-01-28

Neolander,
"By only letting applications access their own folder and files explicitly pointed out by the user."

jack_perry,
"I don't see how this is a solution. A trojan that can convince a user to install it, can also convince a user to grant it access to all files in a Documents directory. Never mind the hassle to the user who's trying to run serious programs."

Imagine a new OS which doesn't have to inherit legacy software. A user can download, install, and run any application in a sandbox by default. The sandbox could access files opened explicitly through drag and drop or an open dialog box, as well as files created itself.

By far an large, legitimate applications (games/editors) will be able to run in the sandbox without any privilege escalation.

If an app turns out to be malicious, it's damage would be very limited in scope because of the sandbox.

If a game is downloaded from P2P network and requests higher privileges (let's say to access email), one could be fairly confident that it is malware.

Reply Parent Score: 3

RE[6]: Just another article
by jack_perry on Sun 26th Jun 2011 20:43 in reply to "RE[5]: Just another article"
jack_perry Member since:
2005-07-06

Okay, it might not be that much of a hassle (though I'm not convinced). None of this addresses the main point of my argument.

We're talking about trojans, right? somehow a user is convinced to install a trojan, perhaps because (s)he's visiting the seedier side of the web. (Torrents, of course. What'd you think I meant?)

Now, the trojan is called "MacDefender" and promises to defend you against viruses both old and yet unwritten (through new, amazing technology developed by researchers so recently that the mainstream OS makers haven't yet implemented it). But, to do that, it needs access to all your files -- your Documents directory, say.

Of course, it could ask for more, but I'm working under the desired outcome, which is to access only the Documents directory. I don't see how any OS defends against this, and Neolander's proposed solution won't do it. Remember that part of the hypothesis is that we're dealing with a user dumb enough to install a virus program from a seedy web site in the first place!

So, how do non-Mac OS's defend against this? I'm still waiting for a solution, not for a defense of how a non-solution isn't that inconvenient.

Edited 2011-06-26 20:44 UTC

Reply Parent Score: 2

RE[7]: Just another article
by Neolander on Sun 26th Jun 2011 22:13 in reply to "RE[6]: Just another article"
Neolander Member since:
2010-03-08

I agree that once a user is convinced that the software he downloaded legitimately needs advanced security permissions, the efficiency of sandboxing - or any technological malware protection method, for that matter - fades away.

However, I don't think that the user would be lured into this on a shady website. Here's why.

Let's take a picture of random search results on a popular torrent website. It looks the same everywhere anyway.

http://img39.imageshack.us/i/capturepsz.png/

Here we have lots of aggressive ads, one that pretends to be legit sites control but will open a page in a new tab in the upper right corner, one about girls in light clothing that "want to date you" (even though they know nothing about you), and one which I don't fully understand because it's in Swedish but am 99% sure it's about winning a lottery.

These ads are poorly done. Our user is not so dumb that he can't find out that this place is full of scam. Maybe he'll have to get burn once first, but he'll get it.

From this point, the user will get a very defensive behaviour towards ads and strangely one-sided attractive proposals. He'll focus on getting things done, not on ad tourism.

In this context, the "your computer is infected, but we have cure for cancer" scam won't harm him, because he's already cautious enough to notice its flaws.

Now, I *can* get that someone could get a trojan through a browser + OS exploit that makes it use true system dialogs. Or when the trojan's advertising is *alone* in the place and unexpected. But in a crowded and aggressive environment like torrent websites, users focus on getting things done as quickly as possible and don't look around, I think. Even a well-done fake dialog like http://sophosnews.files.wordpress.com/2011/05/fakeav.jpg would fail in this context.

Edited 2011-06-26 22:15 UTC

Reply Parent Score: 1