Mac OS X Trojan Technique: Beware Geeks Bearing Gifts

By now, assuming you pay any attention to the Macintosh media in between your weekly doses of TidBITS, you've undoubtedly heard of the hubbub brewing around the announcement last Thursday of the first Trojan horse to target Mac OS X. The news came from Intego, the developers of a variety of security software, including the anti-virus program VirusBarrier, which Intego updated to detect hypothetical malicious software using this new technique. Should we laud Intego's integrity in alerting the Macintosh community to this possible pestilence, or should we revile the company for a self-serving PR move that has the potential to cause untold headaches for the entire Macintosh world? I'll reveal my hand here - if Intego wants to do public service announcements, they shouldn't use a press release to submit their findings, and they should stop selling a product that stands to benefit directly from both the increased paranoia they've caused and a potential plague of copycat Trojans.... Needless to say, the press release was immediately covered by a variety of news sites (I've included a selection of links below; it's amusing to compare them, and be sure to see the hilarious Joy of Tech cartoon at the end). As usual, that means a few sites confirmed the story, investigated the technical claims, and queried security experts, whereas many others merely reprinted or pointed to Intego's press release. The massive coverage instantly generated a ton of confusion and misunderstandings. Many people thought Mac OS X was immune from such malevolent code (false, and the proof-of-concept works equally well in Mac OS 9), which led to the conclusion that Intego was promulgating a hoax (equally false). Other misapprehensions that quickly resulted were that this was a virus (false, Trojans don't self-replicate) and that it was in some way related to Apple's success in the music world (inane, and at best a non-sequitur). Intego itself generated other confusions, such as the implication that what was being identified was an actual Trojan horse (false) rather than just a method by which a Trojan horse could be created. Intego is also culpable for classic FUD (Fear, Uncertainty, and Doubt) tactics by advertising that the same technique could be used with GIF and JPEG files, and QuickTime movies (true, but irrelevant)... Then there's this section: [of the press release] "Due to the use of this technique, users can no longer safely double-click MP3 files in Mac OS X. This same technique could be used with JPEG and GIF files, though no such cases of infected graphic files have yet been seen." That's classic FUD aimed at scaring less-sophisticated users into believing that they cannot so much as double-click an MP3, JPEG, or GIF file without risking untold digital horrors. Unless, that is, they're running Intego's VirusBarrier. Source: TidBITS
It amazes me how many people, Mac and Windows users, get brainwashed by Intego. They are by far the worst supplier of FUD the Mac Community has ever known. I have thought this for a while, and it is nice to see Adam Engst feels the same way. If you read through the Intego press release, you will find an all knew meaning to the term FUD. Or just read Adam's breakdown of the press release, it is far more informative. Has the proof-of-concept MP3 "trojan" become a serious threat in the wilds of the real world? Will it become a threat any time soon? I have my doubts. But now that MP3Concept is so publicized it will either be copied or no one will use the technique since it is so well known by now. See Mac OS X MP3 Trojan horse threat overhyped, says Sophos. Now Sophos is a anti-virus vendor I have come to trust and respect. Don't believe all you read folks. Oh, and the hubbub about that IE and Safari vulnerability, thats pretty lame too. That "flaw" has been around for some time now. I don't see it as a flaw either. You can read my comments on that issue on my blog if you like. Intego did the right thing, they just went about it all wrong. Another great article by Adam Angst.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Warning: include(/home/meancode/public_html/breakingwindows/footer.php): failed to open stream: Permission denied in /home/breaking/public_html/2004/05/mac_os_x_trojan_technique_bewa.php on line 188

Warning: include(): Failed opening '/home/meancode/public_html/breakingwindows/footer.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/breaking/public_html/2004/05/mac_os_x_trojan_technique_bewa.php on line 188

Blogcritics Magazine

Social Networking

Mac Headlines

Read up-to-date headlines on everything Mac.

Content provided by prMac.

ESRB Search

Creative Commons License
This weblog is licensed under a Creative Commons License.
Enhanced with Snapshots