|
|
A warning on a new destructive 'company press release'
No offense to you Rob, since I think you do a great job here, but I think the online Mac press has done somewhat of a disservice by the implication of threat and of not countering the assertion: "This Trojan horse highlights a serious weakness with Mac OS X. Since it is built on a Unix foundation, it can run powerful commands very easily. These commands can delete or damage a user's files with no warning, and AppleScript offers no protection against malicious commands." As this release is coming from a development company, where people know better, and which can stand to gain from fear, the whole issue begins to look a bit suspicious. Downloading any executable, on any platform, and then executing that file involves risk. As an AppleScript, this trick does not require Unix power (it could be done solely through AppleScript). The same trick could be done in Java (locally installed) or in OS 9 or a number of ways, as pointed out by others. Heck, even true installers can do damage if they are not properly configured. People can be fooled by the changing of an icon. But there are also many ways to fool people. At some point, the press has to distiguish between a threat, which people can reasonably run into -- such as merely clicking on an email -- and a foolish gesture -- such as dowloading "Microsoft Installers" from Gnutella. That is the real story here, not a "trojan horse", and definitely not a "serious weakness in Mac OS X," but an occasional weakness in human nature. Leave off the name of any for-profit company that stands to benefit from the reporting of supposed malware. Let threat reports come from and be credited to only those reputable agencies tasked with looking out for such things. The Mac press should band together to distill the true threats and leave behind press releases meant for marketing.
A warning on a new destructive 'company press release'
If you'll carefully re-read what I posted, you'll see that I did my very best not to spread FUD. I explained what I thought it was, how I thought it worked, and how, at its heart, it was basically an exercise in social engineering.
A warning on a new destructive 'company press release'
I do see that you made the effort to separate the issues more clearly. My comment was more directed at the Mac online press in general. I understand you had to react to the alarmist stories on other sites and all, and you did a good job of it, for which reason I hope(d) that you did not take offense to my comment. So, forgive me if I was not clear.
A warning on a new destructive 'company press release'
Very well said!
Missing the bright side of all this...
Someone on /. got to this before I did, but it bears repeating here.
Losing your home directory to some random act of bad karma/decision-making is a huge setback. It is a real loss, of course, if you don't do regular backups. As many, many have pointed out here, there is very little you can do about this 'weakness' without crippling the user's access to their file space or the system's flexibility. But keep the big picture in mind here. This particular, easily written, easily understood 'trojan' (which is a stretch) only affects a home directory. There may not be a lot of distinction for the average home user (especially those of us that migrated from OS 9) since we keep most of our 'data' there anyway, but in a corporate setting (and even in a multi-user home setting), this is a tremendous benefit. Windows (even XP I believe), OS 9, and tons of OS's before them that have less respect for user-space privileges would have rendered the computer completely useless with such a simple script. Now, there's nothing to say that a more complicated attempt wouldn't be able to leverage the Installer or something similar to ask you to grant itself amin privileges, but we haven't seen that yet. But there's nothing on any other OS that couldn't do the same. Scripts run regularly on many *nix systems as a part of installations (Rethat RPM's, Debian packages, etc.) and a single malicious line of code in such a thing can wipe your whole installation when you are installing system-wide software. I completely agree with the parent post in the assertion that the press release written by said company was absolute hyperbole and written (deliberately) completely out of context of the whole OS picture. I personally wouldn't have minded a very strong statement from Apple rejecting such claims, but then again, maybe it's not worth drawing attention to such idiotic statements.
|
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|