I have seen the future.

Deliberately running malware on a Mac is just as damaging as running it on a windows PC - there's just less of it out there because nonstandard interfaces and defective functionality, running on custom hardware, with very little application support, is not and has never been a popular combination.

That's bullshit. Before OS 10, macs were rife with viruses. Now pretty much the only viruses you're going to find on a mac are macroviruses targeting microsoft office products. That's with many more macs on the market now than there were then.

Not saying that they were dumb with the ipod issue mind you.

From:

And by were dumb I mean wern't dumb.

From:

scifantasy.livejournal.com

You know, there was an .exe file on my iPod when I plugged it in, and I think it was RafMon, at that. Of course, it didn't run, and I deleted it...

From:

Notice how I didn't say "viruses", I said "deliberately run malware".

Which is what this supposed virus is: Something that can't hurt you if you don't run it. Of course, most idiots have their computers set to run everything automatically...

From:

Ah. Is this piece of malware something that would affect multiple users on the same machine, or just the user that runs it?

From:

Ok, read through the description on what this does, and you're sort of right, a program like this could exist on a mac, although it wouldn't work with the defaults for the OS, and would be stupidly easy to get rid of (just move the program into the trash).

From:

OSX is a GUI on top of a unix-alike.

It's trivially easy to hook yourself into unix clones so deeply that you can never be removed without a complete wipe, if you have root access.

The kind of person who gets this virus is the kind of person who runs things while logged in to an admin account, which, on both debian and MacOS, means that any program you run can steal root access from there.

And once it's in, you're never getting it out. When you can't trust ls any more, you're fucked. Wipe and restore from a hopefully clean backup.

From:

The kind of person who gets this virus is the kind of person who runs things while logged in to an admin account, which, on both debian and MacOS, means that any program you run can steal root access from there.

This is the step I'm sceptical about, when it comes to MacOS.

From:

In that it will be able to get root access from the admin account.

From:

Ahh. the root access is the trick. Any unix-alike worth it's salt will prompt for a root password before it can do that. And unless you're a complete tard, you'll wonder why it's asking. If you don't wonder that enough to look into it, then no ammount of virus protection can help you.

But that doesn't excuse them from sending it. I'm not sure I'm willing to believe they did it on purpose as a company, but that doesn't mean someone didn't do it on purpose.

From:

It can't do that on a debian ystem. Debian runs root access of sudo, so it will prompt you for the password. You'd have to be stupid enough to enter it without having run anything.

From:

It's a known exploit, since april 2003.

Run malware as admin. It stays resident and does nothing except set itself to start automatically if you reboot, if it can.

It watches /var/log.

When you use sudo, it shows in /var/log
It runs sudo after you, giving root access without requiring a password.

From:

From:

> Ahh. the root access is the trick. Any unix-alike worth it's salt will
> prompt for a root password before it can do that

Unless you've used sudo in the last five minutes, and given it your password so it can do what you told it to.

In which case sudo doesn't require a password.

From:

Actualy, I just remembered John's right. On OS 10.x, using sudo does not require any password.

From:

Ok, this makes me happy that I reconfigured sudo then :)

But it does prove your point.

From:

That's true. But you still need to give it root access. In the end it comes down to knowing what you install. Sure, I can write malware that loks great and con you into installing it, but that's what malware is. Which is why you should be extremely careful about what you install.

In this particular case, It's really a noissue. If you use the debian repositiries to maintain a system, as is recommended, then all the checing has been done for you (and if something happens to get through, usually the fix will be done for you as well).

Granted, by that note you're still right that this is apple's fault. But I would be mightily suspicious of any instance where i plugged in my ipod and it asked me for root.

From:

really? Wow. That's crap. I conceed the stupidity just based off that.

If a user wants to set sudo to not prompt for a password (as I have on some of our smaller servers that don't connect to the net at work) that's one thing, but if that's the default, that's really silly.

From:

Yup, or at least it is on my sisters 10.3 machine (I know she didn't change it, since she didn't even know what a command prompt was).

From:

desdenova.livejournal.com

*blink* It does on my machine, running OS 10.3.9, and has in every previous 10.x version I've used.

From:

nubule.livejournal.com

Before OS 10, macs were rife with viruses.

They existed, but ‘rife’ is definitely not the best word.

From:

nubule.livejournal.com

Reprehensible.

From:

sebkha.livejournal.com

So, if unix-alikes are trivially easy to compromise, what do you recommend for an un-administered domestic computer?

From:

sebkha.livejournal.com

From the manpage:

If the invoking user is
root or if the target user is the same as the invoking user, no pass-
word is required. Otherwise, sudo requires that users authenticate
themselves with a password by default (NOTE: in the default configura-
tion this is the user's password, not the root password). Once a user
has been authenticated, a timestamp is updated and the user may then
use sudo without a password for a short period of time (5 minutes
unless overridden in sudoers).

From:

Odd. I'm not sure how to explain that then.

Still, the timestamp thing is still an issue, as is pointed out there.

From:

For the record: they're harder to compromise than Windows running as Administrator. They're just not impossible to compromise, and if you run malware that you get from the internet, your OS is irrelevant. You'll get malware on your machine.

And what I recommend is either knowing what you're doing, or running day-to-day in a non-Admin account, switching to Administrator or sudo-capable or Root only when you specifically need to use those commands.

For the truly computer-illiterate, for whom switching accounts is complicated, I recommend having them use XP for ease of support, setting the system up to patch itself and run a good virus scanner constantly, disabling IE and Outlook/Outlook Express, and training them to never, ever run *anything* that they receive in email or from the internet.

From:

mazarinade.livejournal.com

Fixed in recent versions, I understand, and trivially easy to fix if you have an older version.

From:

eukarya.livejournal.com

Almost opposite, in fact. I'm not denying they had viruses or other problems back then (every operating system has its own set of flaws), but I think I would of had a more enjoyable computer experience if I had a Mac way back instead nine years ago.

From:

corruptedjasper.livejournal.com

So we've gone from OhMyGodzTheExploitz! to 'dangerous if you happen to be a fucktard right at the point when you happen to have used sudo within five minutes'.

The people who automatically click on that sort of thing are *not* the people who use sudo on a regular, let alone frequent, basis. You don't actually need sudo access except for a very very few things.

From: