Symantec Reports on Mac OS X VirusBy Nate Mook, BetaNews
November 3, 2006, 1:33 PM
Security firm Symantec on Friday detailed a new proof-of-concept virus that has surfaced for Mac OS X. Although the malware is not in the wild and is rated a very low risk, researchers say it highlights the fact that no operating system is immune from viruses.
Dubbed OSX.Macarena, the virus infects files in the current folder on the compromised computer. Symantec has updated its definition files to remove the virus and repair the files, although it's unlikely even one Mac OS X system has been affected as of yet.
Apple has long touted the security of its operating system as a key advantage over Windows, which has seen a constant bombardment of viruses and other malware for years. Although such proof-of-concept viruses have appeared in the past, Macs have been spared from actual real world attacks.
But that doesn't mean users should let their guard down says Swa Frantzen from the SANS Internet Storm Center. "To be honest the virus is no big deal in itself. But it is yet another warning for a lot of parties involved," said Frantzen, who noted there is no "magic shield" for the Mac.
"As we said before the ability to have viruses and all sorts of other malware is inherently available in all modern operating systems, Mac, Linux, BSD, ... included," Frantzen added. "It is a warning to get antivirus protection for those Macs, even if the shopkeeper told you you do not need it, even if there are no viruses in the wild today."
The problem with spreading Malware on a Mac is how does the malware writer find a vector for it... how does it spread from one Mac to another without involving the user through psychological means.
Indeed. Subverting the system with user intervention is most likely what you'll see. I'm not a Mac guy, and don't play one on TV, so I'd like to know something about the way that OSX handles attachments and the like. On Linux, when you save a file attachment or download something, if you want it to execute you must chmod it to run. This is one of those things that makes unix systems safer than MS-Windows which executes based on file extensions. Does OSX do anything to eliminate this step? I'd kind of be suprised if they did, as it breaks a lot of security models.
You can include execute permissions inside a tar or zip file, but you still have the intermediate step of extracting bafore you'd be able to run it. Even then, this doesn't break user-level security, as you can't elevate your own permissions just because those permissions had been set in the tar. Granted, you can wipe your own stuff out if you do something stupid, but there is nothing you can really do about that, as a user generally will have write permissions on his own data pretty much no matter what.