Sophos identifies a trojan for OS X

The indusrty as a hole really need to get a handle on this problem.
Virus writers need to be hunted down ...and killed.

I'm not trying to be sadistic or anything but I really would like a virus to come out for Mac OS, just to see the looks on the faces of all those trendy mac fanboys who are always so smug when they point out that their operating system is more secure than windows.

There are really only 7 heuristic vectors for system infiltration, of any OS. No OS is truly immune.

Virus writers need to be hunted down ...and killed.

Yeah, because your computer is more important than someone else's life.

I'm not trying to be sadistic or anything but I really would like a virus to come out for Mac OS, just to see the looks on the faces of all those trendy mac fanboys who are always so smug when they point out that their operating system is more secure than windows.

Your hatred of Mac is misplaced because Apple DID NOT write os-x. OS-X is BSD modified. There will never be the same kind of free for all for viruses on BSD/Linux like there is for Windoze.

There are really only 7 heuristic vectors for system infiltration, of any OS. No OS is truly immune.

Correct. No OS is immune - however Windows is like a house with no locks and just signs that say "We're secure!". BSD/Linux is like a house that "can be" locked very tight.

Still skeptical? Consider this: The default file mode for ALL windows files is "executable". That stupidity is pervasive in every feature of WIndows. More importantly, MS doesn't really care - they don't have to. Afterall they STILL allow web sites to invoke active X code that can modify system files. Still. after all these years. How much do you care when you continue to allow that?

Unfortunately, the price of security is knowledge and most consumers just want a toaster - and that's what windows is - a toaster. BSD/Linux takes effort and time to learn and secure. I for one am fine with that as that will make it less of a target for the bad guys.

This article could of course just be a bit of free advertising for Sophos and nothing more.

A quick scroll to the bottom of the original article confirms this "Fortunately our products can detect and remove Trojans like this, and for home use they're free! If you would like to install Sophos Anti-Virus for Mac Home Edition, click on the banner below."

Free to download, but not free to run. All antivirus software consumes your computer's hardware resources - disk, memory, processer time - you bought these things and are now allowing them to be used to "protect" yourself from the viruses that the anti-virus companies tell you about. In the most part as long as you are knowledgeable and careful - and certainly on Mac/Linux based systems - you won't be "infected".

Most (non rich) people wouldn't use their money to pay someone else to protect their home, they'd do it themselves via education and care and common sense, but they seem OK to pay others to protect their computer.

Correct. No OS is immune - however Windows is like a house with no locks and just signs that say "We're secure!". BSD/Linux is like a house that "can be" locked very tight.

Get another 4 billion people running and configuring BSD on their own and there will be little to no difference in the number of penetration attempts and successes. LINUX is not approachable for the average person, so fewer unsecure users use it.

Still skeptical? Consider this: The default file mode for ALL windows files is "executable".

Entirely false.

That stupidity is pervasive in every feature of WIndows.

The default is read only and then only in versions produced prior to Win7 server 08 R2.

More importantly, MS doesn't really care - they don't have to.

Nonsense.

Afterall they STILL allow web sites to invoke active X code that can modify system files.

And if Linux was the dominant force, the same would be true of it.

Any individual machine running any O/S can be compromised in the end, give enought time and effort, however the key to a successful virus/trojan is its ability to automatically go on to infect other machines and hence propogate. This is where MACs and Linux have strengths compared to windows; due to their inherent variability in configuration and inbuilt (not bolted on) security its much more difficult to spread malware to these O/S.

The idea that Linux for instance does not present enough targets is not true. Most servers run Linux, and cracking servers would be much more profitable for the virus writer than a users desktop. Currently there are no known viruses infecting Linux in the wild.

I cannot comment on Windows 7 but previous versions of Windows were demonstrably wide open.

"skeptic_heretic" pathetic attempt at a counter argument. first go into explorer tools folder options and the view tab, and unhide file extensions. then take a file that is a document eg a jpg or pdf, and rename the extension to .exe then double click on it. it will execute. under linux you would have to change the file attributes to give it the permission to execute. also under linux when you download an executable file (a binary or script or even a windows exe to run through wine) you have to manually give it the permission to execute. this small inconvenience is a matter of a couple of clicks in a contempory linux desktop, but obviates the vector of quite a number of the most successful windows malware. (i'd almost call them trojans cause you have to eg. click the email extension but i think some eg. melissa? have been widely called viruses)

bug, the default attribute is determined by the file extension and the extension handling subset within the OS.

Linux doesn't use an extension handling subsystem.

You're talking about specifically manipulating the system by folling it with a file name. That is not a default "all files are executable". The term you would be looking for, on the windows side, would be modifiable.

most people are wrong about windows knowadays -- windows is actually a VERY secure OS -- but it has one HUGE issue -- you basically have ot be a sys admin to know all the functions to turn on or off to make it fully secure.

Yes yes BSD being a linux based OS is very secure, and it takes a lot more to find a hole in its security but there are plenty of viruses for Mac's most are exploits that have nothing to do with the OS ...but hey if you feel safe with a overpriced computer that locks you into not only propietary software but propritary hardware that is also overpriced because of its limited market ...have fun with it

Everyone wants to knock Windows, but their weaker security model exists because they NEED it to be compatible with thousands of software packages and millions of websites. Its what makes the world go round. Linux is waay too hard to use, every time I try to give linux a go, I find myself reading for hours on how to do something that is easy and natural to do in Windows. And in the end, I have all this knowledge of a system that is not relatable and standard, as in, I cant help Grandma with her New Windows 7 laptop becuase I have been messing around with obscure Linux Driver configurations or trying to use some obscure free software. Why learn something that no one uses? Id rather learn what everyone else uses.

I know my previous statement is going to get slammed so before you rate me a 1 read this www edibleapple.com/apple-asks-security-experts-to-examine-os-x-lion

@krundoloss

if you are having trouble with linux get a user friendly version of linux susch as Ubuntu -- it is very much like windows in style and feel and they have done a lot to (excuse the expression) dumb it down a little. Linux is made for and used by CS, math, and pysics majors. It is our perfect platform. It really is not for everyone to use, becuase its basic tool set is for text and file manipulaiton that most people have no need for in there daily lives.

Cygwin is an excellent starting point if you need linux tools on your PC -- such as the grep command.

I highly recommed Ubuntu to the average lay person to start using linux -- and you are right, it has a steep learning curve - but since i have started using it more and more i find man pages very readable and straight to the point.

join the mac-lash, its about time people learned apple, the dark side

Yes yes BSD being a linux based OS is very secure

Please have a look at the history table:
upload.wikimedia.org/wikipedia/commons/5/50/
Unix_history-simple.png .

Afterall they STILL allow web sites to invoke active X code that can modify system files.

And if Linux was the dominant force, the same would be true of it.

[1] No. Only if additionally Linux would be proprietary, closed source without armies of volunteers eager to hunt down any exploit.

[2] In the world of personal computers, pragmatism rules - not theory. Otherwise MS never would have become what is.

For those who are a bit uninformed who state that few people use linux therefore it would be stupid to infect with viruses, please understand the following.

1. the Majority of the worlds web servers and data servers are run on linux or unix based operating systems. That means the website you are viewing right now is most-probably running on a linux based OS.

2. The best way to get Credit card numbers, SSNs, and other profitable personal information is to acquire them from the servers as the data is stored there in large files. On people's personal computers there is often only 1 set of this data, where on a server it could be hundreds of millions of data sets.

The issue of security on linux has very very little to do with the raw numbers of people using the software. Every person on this site uses linux indirectly. I would also argue that data thieves would rather have the data located in PayPal's databases than the data from 10,000 individual computers.

That means the website you are viewing right now is most-probably running on a linux based OS.

The PhysOrg server is running CentOS Linux with Apache 2.2.3. See netcraft.com.

frajo you gave me a one and then your posts seems to coorelate to what i said ;-S i am very confused.

to be clear I am stating that the Apple OS is not the most secure OS. In fact it programs are not always written in a secure manner.

My support : google the pawn to own contest or google Charlie Miller

CM basically gained root access on a Mac using Safari in about 8 seconds. Every year this contest goes on and Mac has been losing...

So far as far as browsing is concerned Windows 7 with IE8 or Chrome --with no Flash installed -- is considered the safest combo for browsing the web.

You don;t have to agree go check it out for yourself

I still figure my ubuntu box with FF and Noscript running works pretty nicely.

frajo you gave me a one and then your posts seems to coorelate to what i said ;-S i am very confused.

That was just because of the incorrect "BSD being a linux based OS".
Maybe I was a bit harsh and "4" would have been more appropriate.

BSD != Linux, its more a Unix Flavor Btw.