I don't want to sound paranoid but security researchers working for anti-virus vendors have a vested interest in blowing these things out of proportion.
I don't know the details of this particular story but I have seen blatant scaremongering and misinformation in the past when it comes to Macs.
True, but Macs I think get some special attention because they already have the Windows world pretty knotted up. Mac users are still largely unconverted.
Considering users were actively trying to install software which they thought was trusted (so would have entered passwords when prompted), I don't find this surprising — is there even much you can do to prevent this kind of thing, apart from taking control away from the user?
Compartmentalization of power: require the application to ask separately for each thing it wants to be able to do (e.g. Install a driver, bind a port, save to a write-protected folder), and then "profile" the set of powers it has requested to determine what kind of app it is when explaining to the user whether he should enter his password. A screensaver shouldn't ask to rewrite the page table, and the OS can know that and help the user avoid it.
No, no: you don't ask the user separately for each thing the program wants to do; the program asks for several tokens from the keychain, and then the keychain asks for a single password entry, telling the user all the things the program wants to do with it.
And what I'm suggesting here is to simplify the keychain process by adding information. I know that sounds strange, but imagine, instead of a vague window saying "Please unlock keychain blah blah password," you get one that says "Fluffy Bunnies Screensaver is requesting your permission to do things that may harm your computer. Fluffy Bunnies Screensaver is likely to be infected with a virus. [More information dropdown arrow]
[more information dropdown] = "Fluffy Bunnies Screensaver has asked for permission open your computer to connections from other Internet users, run programs downloaded from the Internet without informing you, and install a program that loads when the computer starts. These actions together fit the pattern of behavior displayed by many viruses.
This does not necessarily mean that Fluffy Bunnies Screensaver is a virus, but if you don't understand why Fluffy Bunnies Screensaver is requesting to do these things, please try to run the program without giving it these additional permissions; the permissions Fluffy Bunnies Screensaver has requested may not be necessary for it to work properly."
Only if you click "Grant additional permissions" does the password input field appear/enable. Additionally, below the password box, a listbox also appears with (by-default-checked) checkboxes for each right that the program has requested. If you wish, before confirming your password, you may disable some of the rights, without disabling others. This may, theoretically, allow you to run an infected Installer program (that requires elevation either way) without actually being infected by a virus attached to it. (You might still be infected if the Installer installs the virus.)
Sadly, the fact remains that users don't read dialog boxes[1]. If you want to make a computing "appliance" that is not going to be subject to attack, you'll have to disallow owner-administrators and software installations altogether.
I think dialog boxes are simply mismatched to the WIMP paradigm: the user expects to be able to click, navigate, and explore a problem space, when suddenly you're confronting them with a decision that, once made, disappears and cannot be re-made a different way: the antithesis of explorability.
If, instead of indivual windows, there were some central "conversation window" where the computer would ask you questions, then leave both the question and answer available for viewing and correction, things might improve. In fact, more things could be presented to the user as "beneficial, but not necessary" decisions to make (changing preferences from their defaults, etc.) This scheme reminds me of SimCity's Advisors window, oddly enough, and also bears a similarity to Windows 7's Action Center.
The biggest difference is that every decision would now need a "safe postponement default", in case you don't "check your messages." In the elevation case, programs would have to be rewritten to not expect to be elevated as soon as they ask for it, but rather try to do whatever possible with the priveleges they have, and then queue up a list of things to do if/when they get elevated (which may never happen.) for instance, under this scheme, Installers would always install to a user-writable location, then queue a move operation for post-elevation.
The 20% that takes 80% of the work, in this case, is figuring put what to do when the user works outside of the elevation framework: what to do when you move the folder the program was waiting to move, or what to display in the conversation transcript when you change a preference in the Preferences window that you originally chose in the context of a Conversation.f
It was bound to happen, I suppose. I wonder if it will happen to Linux too, although I think it would be hard for malware writers to target Linux using conventional methods if users stick to using only open source software.
It already happened on Linux. I know I saw one in 2001, but I wouldn't be surprised to hear they go back years earlier.
They don't look much like Windows/OS X botnets; instead of this trojan horse stuff they'd just crack insecure services or guess poor passwords and escalate privileges automatically. If you have any Ubuntu servers, tail /var/log/auth.log (similar names on other distros) you'll see trying to ssh in.
On linux, you also have the trouble of many different distributions and a very small user base. The time it would take to develop it wouldn't be worth the small user base it would attract. Any Linux malware would be targeting a tiny fraction of a fraction of a market.
I wouldn't rule it out happening. However, I think the bigger risk (not necessarily more likely to happen, but the gain would be much bigger) would be someone getting a piece of malware built into the actual distro.
Most of the users I know only get their software through their distros package manager. I think it would be quite tough to get malware in there, especially since most distros accept only free software.
The alleged botnet in the article here did not come through Apple or Adobe servers, it came through thepiratebay.org, demonoid, usenet, etc.. In other words, the safety of the official channels of distribution is largely irrelevant.
The only thing preventing this from happening in Linux is a lack of interest by trojan writers (they could already do it with vmware workstation which is surely available on pirate sites and requires root privileges to install) and perhaps a lack of proprietary 3rd party software (which I'm sure a lot of people will say is a good thing, but that's another discussion).
It was bound to happen eventually. The most troubling thing is that its distributed in pirated software. Don't pirate, run your tests against checksums and keys when you download legitimate software. Of course, this won't cross the mind of many users. An interesting feature would be to combine a checksum with your downloads, which the Mac installer could then verify off of your download page. Invalid checksum = big warning and flashing lights.
It's happened before (there was a trojan in pirated copies of iWork '09).
Checksums won't help much because pirated software is often expected to be modified and Adobe (for example) doesn't have a lot of interest in providing finely grained checksums so you can make sure your pirated software is safe[1].
[1] Granted, there could be the "well, help us prevent botnets for the greater good" argument, to which Adobe would respond "well, if you stop the piracy it wouldn't be an issue, now would it?"
There is no interception and manipulation of a download going on, at least regarding the botnet the article suggests, it came from knowingly downloading and installing pirated software. The checksum idea is to get the checksum from the official source and to apply it to the pirated download, but then the pirated download is surely modified anyway, so this wouldn't work.
It would take a lot of work. I imagine that you'd implement a link to your sites checksums in the code, which the installer would reference during installation. As long as that link is protected within code, it should maintain the validity of any checksums that the installer is referencing.
LittleSnitch is an app that will inform you when an outgoing conenction is being made from your Mac. Running this after launching a craked version of PS, for instance, should let you know if you've suddenly been recruited into a botnet.
Sorry, but I've fixed a few computers that didn't have antivirus, spyware blocker or firewall. Besides BSoD's and key processes being hijacked, I can definitely say it does help keep the performance up.
It may slow down your PC initially, but it keeps the performance for life. You might have great performance after a fresh install, however it doesn't last for long.
Personally, I'd rather have a working PC than have to deal with a BSoD. I doubt I'd get many virus' and such as I don't download those kinds of files. However if you have a teenager in your family either whip them every time they try to touch a computer, but the way that's less likely to end in your incarceration is installing virus software.
The choice is prevent or protect, and I'm guessing many people here could prevent through their browsing behavior, I doubt the same could be said for any 12-16 year olds.
A seatbelt is a simple, preditable mechanism that functions without impeding the driving experience. Anti-virus software which is a complicated, unpredictable mechanism that significantly impedes the computing experience.
I find a more viable approach is to be careful with the OS install (not install untrusted stuff) and also to make it expendable. Data lives on a single-purpose unix host and is regularly backed up so I can do a predictable, quick, low-effort reinstall and be back to operation in a couple of hours.
An outcome I've wanted but not done - computer lives behind a router which is set up to make active monitoring and managing of traffic easy. Product idea - consumer-ready but geek-friendly router with powerful but easy-to-use tools that doesn't suck. Interface should be live so that you can see the traffic coming and going, and there should be controls to allow you to open up and close access to different sites. Stand-along system with a profile a bit like a sunray, plug for commodity keyboard and monitor.
The author of that page did not come to the conclusion "do not use antivirus software because it will make your computer slow" but rather ask consumers to make an educated decision about which software to purchase based on their detection rate.
Malware will also slow down your computer, and could result in your personal information being stolen. If the choice were between waiting an extra few seconds for my computer to boot or having all of my files accessible to people I neither know nor trust, I would choose the former.
"You're doing it wrong" personified right there. If you're using MacAfee or Norton, that's like wrapping a seatbelt around your neck (as those numbers show).
If you're working without at least common-sense anti-virus protection, you're going to deserve what you'll eventually get.
I just kicked Norton of my wife's Vista PC, thanks to Norton's own "Norton Removal Tool".
I'd like to know what your definition of "common-sense anti-virus protection" is, though. Apart from "don't download/install anything from untrusted places".
I don't know the details of this particular story but I have seen blatant scaremongering and misinformation in the past when it comes to Macs.