New Trojan, for Mac OS X

To answer your question, only slightly. While OS X’s market share will increase in the future, the majority of the world will remain Windows. Code vulnerabilities are inevitable, but OS X’s code base is inherently more secure than Windows’, thus malware writers are still faced with their old problem: writing a harder exploit that targets fewer people.

I agree with Ian. I don’t think we have to worry about this yet.

In the long run, I expect lot more vulnerabilities on OS X than now – for sure. The amount will be less than for Windows (because of Windows as the better target) but OS X is also far away from the fact, that it is secure from the basic concept.

More hackers are into UNIX/Linux and more black-hat-hackers want to get famous by writing malware for OS X. And then the script kiddies appear also on OS X systems some day.

The IT-knowledge of the average OS X-user is comparable with the average Windows-user (IMHO!) and so there is a huge risk for all kind of social attacks. For example: how can a user decide, wether the current task really needs administrator proviledge and how can the average user decide, if the authentification window, that just appeared, is really from OS X or is it from any kind of malware, pretending to be _the_ authentication window?

There are many bad things hidden in the OS X security-system which are not exploited yet. I expect them to be exposed in the future and therefore the users of OS X systems will be _almost_ as unsecure in the web as the users of Windows-systems.

Do not trust any marketing slogan concerning security – even from Apple.

The only chance is to make as much as possible open source and get help from the community by making code-reading enjoyable. This is contradictionary to the kind of community-support of Apple of the last months. Sorry to say that.

Is this the same trojan exploit that was reported as a “proof of concept”, but not actually found in the wild? I think concepts merit high-profile warnings. Actual exploits will be discovered by victims soon enough without all the news.

There are undoubtedly many more undocumented exploits for Mac OS X and the OSS that control the communications protocols. The nice thing for Mac OS X system administrators is that fixed often come much more quickly from 3rd party developers than Apple or MSFT could test and deploy in a system patch.

I have a sneaking suspicion that if Mac OS “enjoys” a majority market share in the future, the security woes that Windows has suffered will not be equalled by Mac OS. They will be localized and quickly fixed. They’ll most likely be social and trojan in nature. Not automatic, and not homogeneously applicable to all installations of Mac OS X.

This “news” item is really not worth mentioning. Wake me when the “big one” hits and billions of dollars are lost from agencies all over the world as has happened with many Windows exploits.

nah, if you know what you are doing then this is no problem.

Mac OS X Trojan…

Another Mac OS X trojan has apparently surfaced. The trojan is called OSX.Exploit.Launchd and exploits a newly-found flaw in launchd, a program which is an important part of Mac OS X’s startup process.
If the trojan is successful, a malicious hac…

Just update to 10.4.7 and you’ll be fine. I just did.

2 things…
1. Mac is secure. Very secure. There is no real danger when we talk about exploits or trojans. Most of them depends of “what the user does”….
2. Even if something dangerous comes to the Mac world, Apple release an update to fix it, just like now.

@Ronald: 2 things:
1.) Mac OS X is not secure and
2.) Apple is not used to handle security issues properly (yet).

ad 1.)
There is no “secure system” and there propably never will be any. It is just a matter of “how easy” it is, to get into a system or ger priviledged account rights.
And not all of the issues are about “what the users does”.

There are many things that Apple did better than Microsoft – no doubt about it. But there also a many things left, where OS X has a problem.

First of all, there is nothing better for a cracker than closed-source software handling security issues in a target system: the cracker almost has the same methods to break into but the white-hat-hackers cannot check the source for vulnerabilities.

OS X up to Tiger-versions(!) was configured that a normal user without root account password is able to create a new user that has access to data of the admin group. Do you really think, that Apple is aware of security issues, if such a catastrophic feature is built in for lots of major versions of OS X? Note: This feature is “per default”, I know that a user can fix it but default should be the secure one!

After a security aware guy contacted Apple, they said that this can be fixed by the user and that’s it. Do you really want to say that THIS is, how a security aware company argues about severe security problems? They have to learn a lot. Hopefully not by taking the hard way.

Just like Windows Autostart, there are StartupItems in OS X, where someone can inject things that will be executed as root. Think about that! Here, the problem is also about wrong permissions where the disk repair utility does not fix it. And nothing checks the permissions from time to time automatically.

You can get all current user passwords in cleartext by using grep (as non root user). Now tell me again, that OS X is secure.

Guest accounts, that get access to file share space without limitations of any kind (denial of service by copying large files) are not good for a really secure system. Additional, you could not deactivate these guest accounts up to recent versions of Tiger.

Now for the main programming language of Apple: you can do code injection into Object-C executables at runtime. At runtime! Any injection you want! Now where is the security here now? Sounds like a cool feature for malware of any kind.

Please note that most of above things can be fixed by admins. Most but not all! And the thing is, that most of the OS X systems are running in the default configuration. So if the defaults are not secure, the system is not secure at all.

So please do not write such false information without knowing deeper facts. I am NOT a cracker, I’m not even a very good hacker. I just found a lot of security issues by using google. And now you can imagine how much possibilities a black-hat-hacker has to write malware if he really wants to target the OS X platform.

OS X is not very secure at all and with guys telling around that you dont have to worry about security on a Mac, you make the situation even worse because the readers dont worry indeed.

Karl, face it, Mac OS X is absolutely secure. Your feeble attempts at logic have failed miserably. Miserably.

Noraa, good point. You won.

I dont get this meaningless panic… Mac is the most secure system available and almost 10 times more secure than windows . However , if the users keep doing security mistakes relying on theses statistics there may be some problems of security in their systems.

why dont u try net barrier x4 and norton anti virus together …if u still arent satisfied u may even install doorstop ? have your security adjustments updated than no one can harm u with simple trojans or new viruses… I am a mac user …love it… think its getting more secure because the intel macs are coming to fore and there will be less mac os x users …less viruses…less mac hackers…and consequently elite mac users