Sandman5
Premium
join:2002-07-10
Brookline, MO
clubs:
| reply to Shamayim
Re: Security through obscurity
said by Shamayim  :
said by Sandman5 :
S
Not sure if you knew, but just recently the first worm for OSX was released.
1. It's not a worm, it's a trojan.
2. Trojans are not self-replicating like worms.
3. It wasn't a real trojan even.. Just a 'proof of concept' ("see? theoretically it can be done.").
4. It wasn't "released." Nothing damaging to OSX was 'released.'
5. Classic case of FUD (Fear Uncertainty Doubt).
Yeah, thanks. That'll "learn" me to spout information that I didn't really read up on.
Though, I've always wondered what FUD meant. |
|
Shamayim
I already have a Messiah.
Premium
join:2002-09-23
| reply to Sandman5
said by Sandman5 :
S
Not sure if you knew, but just recently the first worm for OSX was released.
1. It's not a worm, it's a trojan.
2. Trojans are not self-replicating like worms.
3. It wasn't a real trojan even.. Just a 'proof of concept' ("see? theoretically it can be done.").
4. It wasn't "released." Nothing damaging to OSX was 'released.'
5. Classic case of FUD (Fear Uncertainty Doubt).
--
"tick...tick...tick..." »www.jtf.org/ |
|
wolfox
Gentle Wolfox
join:2002-11-27
Dunnellon, FL
| reply to ThunderCorp
said by ThunderCorp :
i never believe in security by obscurity. i believe in security by inherent secure default settings (well written software + a good admin behind them).
Exactly. I run Outlook and MSIE and have never gotten an infection/system compromise via that vector. The *default* security settings are laughable at best. With a few well placed tweaks - problem solved. However, I did run one system overnight via a DMZ'd internal IP and it got whacked to shreds, it was running IIS FTP and some script kiddie tore it apart. That is another matter altogether, and a failed experiment.
--
Nothwest Arkansas' ONLY all Techno Radio Webcast, powered by SBC DSL! |
|
AthlGrond
Premium,MVM
join:2002-04-25
Aurora, CO
 ·Comcast
| reply to ThunderCorp
Re: When?
said by ThunderCorp :
When? If you run Windows a NAT Router, firewall, and a battalion of Marines can't protect you from spyware and email worms if you run IE and/or Outlook.
/uses Safari and ThunderBird
I doubt that a battalion of marines would add to my computer's internet security in any event.
/BTW I'm glad you found yourself a hobby.
--
System protected by Impregnable Ignorance (TM) |
|
JIGA
Its A Bird, Its A Plane, Its..
Premium
join:2002-02-02
Azle, TX
clubs:
·Charter Pipeline
| reply to IGGY
I use IE and OE at home as well. My machine isn't infected and I am 100% sure of it.
Just like Iggy stated, use basic security principles and your fine. I am behind a router, run firewall and up to date on my virus dat files. I know what is on my HD and if there is something that shouldn't be there, I take care of it.
--
Just read the instructions |
|
ThunderCorp
join:2002-03-11
Chula Vista, CA
| reply to Sandman5
Re: Security through obscurity
McAfee's analysis of this so-called OS X Trojan:
The only mildly non-trivial discovery associated with this malware is that its author managed to combine a valid MP3 file and a PowerPC application in one file without violating any of the two file formats. That means the trojan is playable within iTunes as MP3 sound file and it can also be launched as a program by Finder. This works under MacOS 9 and OS X.
However, dual personality of a file has little relevance to the malicious function. If a user is convinced to double click on an icon representing a file the program will run regardless of being a simple disguised application or dual-format file. Thus, the discovery of dual-format files does not really introduce any new penetration or propagation vector. It can only obfuscate a little the function of the disguised program, which will appear as a valid sound file and it can be played from iTunes.
To achieve this dual personality of the file the PowerPC application (Type 'APPL', Creator = 'vMP3') is registered in the resource fork as 'cfrg' (code fragment) within the data fork. At the same time this data fork (with an ID3 record at the beginning of the MP3 file that holds the binary code) is a valid MP3 file image. That, plus the fact that this "trojan" is easily killed just by sending it over the internet, which strips its executable code fork and renders it useless. |
|
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
1 edit | reply to ThunderCorp
Re: When?
That is interesting. I use IE and oh now hold on to your britches here - outlook express ( gasp oh gasp ) and I can tell you with a 100% certainty. This machine isn't infected, exploited or in any other way compromised. Microsoft is far from perfect. But my feeling is there product gets a lot more crap than it deserves at times. It's funny how just using basic security principles can keep you safe. And can we please shut up about how this or that other OS can't be exploited. Crap a quick look around you'll find many virus, trojan and worm for Linux have be created and released. And daily you see your favorite flavor of Linux getting patched for this or that.
On another note.
Darn good thread in the security forum. And great to see this subject on the front page.
--
Test Your Security
Team Z Member
Cable Modem Diagnostics |
|
ThunderCorp
join:2002-03-11
Chula Vista, CA
| reply to Sandman5
Re: Security through obscurity
i never believe in security by obscurity. i believe in security by inherent secure default settings (well written software + a good admin behind them).
Oh, and to let you know, the OSX trojan isn't out in the wild and even if it was, it has an huge achilles heel that makes its existence a joke. Once you send it over the 'Net over any protocol its resource fork is stripped off, thereby making it useless. I guess you should know better than to trust an antivirus company about virus announcements (they're out to make money if they're losing it).
Even if the trojan got onto an OS X system intact, it can only affect the files in the current user's directory, since it cannot elevate to sudo permissions with a password. And, as you know, OS X ships with root OFF so even the admin users can't affect system files without sudo. |
|
Sandman5
Premium
join:2002-07-10
Brookline, MO
clubs: | reply to ThunderCorp
So do you believe in security through obscurity or are those just your tools and you're pointing out that they are more secure?
Not sure if you knew, but just recently the first worm for OSX was released. |
|
ThunderCorp
join:2002-03-11
Chula Vista, CA | reply to AthlGrond
When?
When? If you run Windows a NAT Router, firewall, and a battalion of Marines can't protect you from spyware and email worms if you run IE and/or Outlook.
/uses Safari and ThunderBird |
|
