03/07/2006, 12:40pm, EST
Tuesday, March 7th
Trojan flaw persists in Mac OS X
lower, operating system level, experts said. It is now still possible for hackers to construct a file that appears to be a safe file type, such as an image or movie, but is actually an application."
Apple confirmed that it was still possible to disguise files.
"It is definitely possible on the Mac and on any platform to create an application and try to pretend that it is something that its not. That's the definition of Trojans," Philip Schiller, Apple's senior vice-president of worldwide product marketing, told ZDnet in an interview. "There are Trojans in the world, I have yet to see a successful one on the Mac, but there are such things in the world as Trojans."
Experts say that Apple's patch was the first step and that it must release other updates to address the core problem. "Apple's security fix is an important first step, said Michael Lehn, doctoral candidate and research assistant at the University of Ulm in Germany. 'I think Apple did the right thing,' said Lehn, who first disclosed the Mac OS X vulnerability. 'The fact that a script gets executed automatically had to be fixed immediately. They just have to go further.'"
The warning is not enough for many users, according to readers and the 'download and install' problem has plagued Mac OS X for a few years, according to the report.
Filed under: troubleshooting
, 
, 10
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
------------ Such security issues are, of course, not exclusive to the Mac. If a user can be tricked into downloading and opening a file, that user's system can be compromised. "This is true regardless of the operating system being used. It is a universal vulnerability," Long said. ------------
Uhh, yeah, so . . . well, I guess thank you ZDNet and MacNN for this . . . ah, non-news (yet again).
So quit calling the option "open safe files after downloading". Change it to "display downloaded file in secure application" and stop using standard LaunchServices to launch the application. Provide a "WebServices" API, or an "untrusted" flag, and limit THAT list to applications that are designed to open "untrusted" files.
AND... to stop this attack... if there's any handler for DMG files, ZIP files, and other "wrapper" files in this "WebServices" database... it must NOT maintain metadata.
They lead by example and they have stepped up and done it with MacOSX and Safari.
Its the users responsibility to make sure they don't open files they don't know are safe.
Take some ownership and responsiblity for your machine folks, sheesh.
Besides, any Mac user who is stupid enough to get their Mac infected probably wouldn't let others know. That's what I call, "a user who is experiencing FUD from the Mac community itself for his/her own stupidity."
So, no, you won't hear anyone you know admit that their Mac has been truly infected with malware. And, even if they do make the admission, it's shrugged off as no big deal. Of course, all malware for the MacOS can be considered quite minor. However, the fact remains that the machine itself was infected.
They lead by example and they have stepped up and done it with MacOSX and Safari.
Its the users responsibility to make sure they don't open files they don't know are safe.
Take some ownership and responsiblity for your machine folks, sheesh.
posted by HowardG
You're right, Howard. Users need to be more responsible for the performance of their machines. To do so otherwise can be quite costly on many levels.
On the other hand, Apple has a vested interest in the overal performance of their products. They choose carefully which manufacturers have the privilege of having their parts inside a Mac, iPod, or any other Apple product. The same goes for any software that has been made compatible for the MacOS platform. There are legal implications when a 3rd-party vendor puts the Macintosh name on their own products, indicating that it is Mac-compatible. After all, the better the two products work together, the more Apple can say that their machines outperform PCs using certain software which is proven especially in multimedia apps.
I'd say that in the bigger scheme of things, BOTH Apple and the end-user are responsible for the overall performance of the Mac.
Unless you are completely isolated, you will find people who know more or less than you do about computers. Those who use a mac and know less than you will whine about every little thing and tell you right away (actually 'something') deleted my applications folder.
Sometimes people may not even know they've been compromised by anything in particular and just say 'something is broken'.
Duh..'it won't happen to me if I don't think about it or tell anyone' Sorry, heard too many complaints to buy into that.
Why LaunchServices is becoming the proverbial 'registry' on Apple's back is beyond me. In a few months you won't be able to talk about locking an application down without some ignorant fool saying 'oh, but all someone has to do is change an entry in LaunchServices to get past that'. It's about time Apple admits they need to stop bs'ing people.
If I drag an executable onto an application I can read it instead of executing it. With the exception of opening from within the Application file menu, there is no safer way. If you want to implement safety then change the method by which files are opened without user intervention. Not very difficult...unless you're saving security for 10.5