Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Sheep in wolf's clothing' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Sheep in wolf's clothing
Authored by: bq on May 19, '04 11:07:21AM
The trojan horse that's been getting all the attention was essentially cooked up by Intego to sell their security software. An article in Wired (http://www.wired.com/news/mac/0,2125,63000,00.html) essentially debunks it.

What you shouldn't worry about
As of this writing, no working model for self-spreading malware (i.e. virus or worm) for OS X has been identified. In fact, the trojan horse (i.e. malicious code masquerading as something else, in this case an MP3 file) exists only in theory -- no actual version of this has been seen in the wild. And, even when it does appear in the wild, it can't spread itself.

What you should worry about
First, the concept that Intego pointed out is easily created. Someone could (and probably will) create a bit of malicious code and post it somewhere for the unsuspecting to download. Of course, only a couple of people will be affected before the thing is taken down and the author immediately found, but still, it's possible. Exercise standard caution when downloading stuff and you should be fine.

Second, eventually someone will create self-spreading software for OS X. Keep your eyes and ears peeled.

Third, backups are always a good idea. No backups is always a bad idea.

[ Reply to This | # ]

Safety Net
Authored by: anjoschu on May 19, '04 12:19:26PM
I fully agree with you.

Another thing to keep in mind is that malware can only do the things the user who launched it can do (unless it exploits some security hole in Mac OS X). So, as most of us know, it is not a good idea to work with an Admin account (admittedly makes less of a difference if you're the only user). If you are particularly paranoid about downloading malware, you should be rather safe when doing the following:

- Copy the suspicious file to the /Users/Shared folder (or make something like /Users/Shared/Downloads your Download Folder)
- Create some test user (re-usable), call it canary or whatever. :)
- Fast user switch to canary and open/examine the file you downloaded from there.

[ Reply to This | # ]