Linked by Thom Holwerda on Tue 21st Feb 2006 17:59 UTC
Mac OS X "[Last week], we reported on a Trojan horse for Mac OS X that is just like the entry for Earth in the Hitchhiker's Guide to the Galaxy in that it is mostly harmless. A new vulnerability targeted at Apple's home-grown web browser, Safari, is another matter entirely. A German security firm appears to have been the first to discover the Safari flaw, which allows for shell scripts to be executed after clicking a link."
Thread beginning with comment 97965
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: This IS serious for John Doe
by ormandj on Tue 21st Feb 2006 22:39 UTC in reply to "This IS serious for John Doe "
ormandj
Member since:
2005-10-09

"Sure, in Safari with the default settings (as in "Automatically open safe files" enabled) these scripts can be triggered automatically - but downloading a zip with say Firefox and then unpacking it and clicking the files is just as dangerous. It's probably safe to assume that most people who download zip files have the intention of unpacking and using the contents sometime. "

While I completely agree about the issue at hand, and the true fix from Apple (see my above posts), again - I'd like to re-iterate, any user who is getting downloads from a source they do not trust, and just opening them up, is asking for trouble. I don't care what kind of security Apple puts in their OS, even if they fix the filetype issues, it won't help.

It's the same thing that plagues Windows. Often, it really isn't MS's fault. Yes, windows is prone to spyware/virus infections due to most people running as administrator level. Yes, there are other issues at hand. The point is, no matter what MS does in Windows, and no matter what Apple does in OSX, the true issue is users who are NOT educated enough (read: ignorant) in computer operation, and have a form of turrets syndrome known as "click on anything that says click on me or has a pretty icon".

No amount of safeguarding is going to stop this. I've seen infected Windows machines full of spyware, and upon examining the source/cause (in order to prevent the infection from happening again) I discover emails with random garbage text to bypass spam filters (they make no sense), headings that say hello to *insert random name here*, and email addresses like lksjddlfkj@ldkjfle.com. In those emails is often an attachment. Strangely enough, on the last computer I "fixed" that was full of this crap, the email I found had a file named "infectmypcnow.exe" attached. After talking to the user about it, they admitted to having now only downloaded the file, but then double clicked it to run.

Apple very well *should* fix this content type issue (read my above posts, as I describe the basis for this assertion) but at the same time, it really isn't going to stop this kind of thing. You can send a good majority of people running OSX/Windows a file in an email from a random address with non-sensical text, that contains a random name (not the actual user's) and a file called "deleteveryfileonmycomputerandmakeitblowupinsmokeandburndownmyhouse.ex e" (or marked as an application on OSX) and they are STILL going to download and run it. Take it as you may, but user education and good admins who force user backups on a schedule, are the only solution.

Sorry to be a pessamist and make out most users to be ignorant, but it's true. I don't totally blame them, I blame the lack of good sysadmins/support techs. I think we should mandate courses on basic computer operation before selling a single person a computer! (Won't happen, lol). Probably even if we did, people would still run these files. Oh well.

PS - I'm not defending Apple, this is a flaw, and they should fix it. I'm just pointing out this really won't solve the problem, by any means.

Reply Parent Score: 2