[X4U] Re: Good Reading

Mon Jul 18 15:13:04 PDT 2005

On Jul 18, 2005, at 5:53 pm, Hector Luna wrote:

> On 7/17/05, Brett Conlon <brett_conlon at sonymusic.com.au> wrote:
>> I know Mac OS has way less holes to exploit than Windows but if you 
>> get
>> devious and smart enough jokers out there they'll start finding ways.
>
> I don't know that they can. I'm not trying to say that OS X is
> invulnerable to viruses, but if I understand things correctly, and
> there is always the chance that I don't, the method by which bad seeds
> are gumming the Windows works is Active X and the Registry, neither of
> which is a concern for Mac users.
>
> So even if the bad seeds target Macs, they're going to have to come up
> w/ some new tricks to wreak their havoc upon us.
>
> Can anyone elaborate and/or dispell these notions?

Gladly!

ActiveX and the registry are just two Windows implementations - 
somewhat equivalent to Applescripts and plists.

In the case of ActiveX, Applescripts, Widgets and the like it's often 
not the implementation that's the problem but an underlying philosophy 
that things should "just" work seamlessly without the user having to do 
anything. You're right that this has been demonstrated by viruses & the 
like installed by ActiveX, but a similar 'sploit has been demonstrated 
using Widgets. Now Microsoft has introduced signing for ActiveX 
controls, and websites featuring malware often show an illustration of 
the "do you want to trust this control" window to show the user the 
"yes" button they should click.

If malware ever becomes available for the Mac your kids WILL install 
it, because they want to the Smiley Central avatars that all their 
friends are using, or the cute little weather thing next to the clock 
or Kaaza for downloading free MP3s. "In exchange for this free (sic) 
software you agree to relevant marketing from our affiliates" is a 
euphemism for "this installs shit on your computer that watches the 
websites you surf and foists annoying pop-up adverts on you" but you 
kids won't know that, because no-one ever reads the license agreement.

Aside: my theory is that Microsoft's recently downgrade of Claria's 
"threat level" in its AntiSpyware application is related to this. For 
those that don't know, it created a bit of a fuss 
<http://yro.slashdot.org/article.pl?sid=05/07/11/0644245>, but if I 
were Claria's MD I would have been keenly threatening to set a legal 
precedent at Microsoft's expense hadn't they done so.

Users AGREE to install malware, and we're just lucky there isn't any 
around for the Mac.

The registry is just "one big place to store settings and stuff", and 
has a slightly undeserved reputation. Yes, it's big and complex and 
scary-looking if you try to edit it by hand, but mostly it's not much 
worse than trying to find the plist entries that change all the icons 
for PDFs if you install Adobe, changing them back if you tell PDFs to 
always open in Preview. The registry's undeserved reputation comes from 
the fact that it's big, monolithic & binary - under Windows 98 it was 
easily hosed by a disk or o/s crash, but we rarely see that under XP; 
Apple have recently moved to binary plists, after all. Yes, it is 
harder to repair the registry than it is to delete a bunch of plist 
files, but as far as infected items are concerned tools such as "Hijack 
This" allow one to disable active viruses and malware with a single 
checkbox. How many Mac users would feel comfortable editing line 266 of 
/etc/rc to disable an unwanted application?

Yes, malware authors would have to learn a new operating system and a 
few technologies to migrate to the Mac, but they have shown themselves 
to be a pretty resourceful bunch already. Virus authors in particular 
are used to experimenting with undocumented features in order to 
discover backdoors - I would imagine that the Mac could be quite a 
playground for them.

Stroller.